Trojaner-Board - Browser Infect (webssearches.com) und Search Protect im Systray

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Browser Infect (webssearches.com) und Search Protect im Systray (https://www.trojaner-board.de/158064-browser-infect-webssearches-com-search-protect-systray.html)

Browser Infect (webssearches.com) und Search Protect im Systray

Hallo,

ich habe mir durch zu eifriges klicken etwas eingefangen. Seit dem habe ich im Browser irgendeine startseite (hxxp://istart.webssearches.com). Im SysTry habe ich nun ein Internet-Explorer ähnliches zeichen mit der Bezeichnung "Search Protect".

Anbei zwei Scans FRST und Gmer

Code:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014

Ran by *** at 2014-08-27 21:54:54

Running from C:\Users\***\Desktop

Boot Mode: Normal

==========================================================
 
 

==================== Security Center ========================
 

(If an entry is included in the fixlist, it will be removed.)
 

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 

==================== Installed Programs ======================
 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 

 Update for Microsoft Office 2007 (KB2508958) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version:  - Microsoft)

1&1 Surf-Stick (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.2 - )

AAVUpdateManager (HKLM-x32\...\{AFA42FE1-A5C3-485F-9180-BFCF5BF1F1C3}) (Version: 18.00.0000 - Wolters Kluwer Deutschland GmbH)

Acronis*True*Image*Home 2012 (HKLM-x32\...\{054A5F46-6DCE-4D09-8BC0-170428A4ED56}Visible) (Version: 15.0.7133 - Acronis)

Acronis*True*Image*Home 2012 (x32 Version: 15.0.7133 - Acronis) Hidden

Adobe Flash Player 14 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 14.0.0.176 - Adobe Systems Incorporated)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)

Adobe Reader X (10.1.11) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)

Alan Wake (HKLM-x32\...\Steam App 108710) (Version:  - Remedy Entertainment)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Assassin’s Creed® III (HKLM-x32\...\Steam App 208480) (Version:  - Ubisoft Montreal)

Assassin's Creed Brotherhood (HKLM-x32\...\Steam App 48190) (Version:  - )

Assassin's Creed Revelations (HKLM-x32\...\Steam App 201870) (Version:  - Ubisoft)

ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.0.6 - ASUS)

ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.42 - ASUS)

ASUS SmartLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0009 - ASUS)

ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.20 - asus)

ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0008 - ASUS)

Audacity 2.0.3 (HKLM-x32\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)

avast! Free Antivirus (HKLM-x32\...\avast) (Version: 9.0.2021 - AVAST Software)

Avid Studio (HKLM-x32\...\{B35DC076-CEF2-4631-9EF7-45380E27C841}) (Version: 1.0.0.2804 - Avid)

Batman: Arkham Asylum GOTY Edition (HKLM-x32\...\Steam App 35140) (Version:  - Rocksteady Studios Ltd.)

Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)

bl (x32 Version: 1.0.0 - Your Company Name) Hidden

Black and White (HKLM-x32\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version:  - )

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Brother MFL-Pro Suite MFC-J870DW (HKLM-x32\...\{7B4C83B6-17C1-4BFD-B86D-4D7AD4498CBB}) (Version: 1.0.4.0 - Brother Industries, Ltd.)

Bulletstorm (HKLM-x32\...\GFWL_{45410935-3E72-472B-8C35-AB1000008200}) (Version: 1.0.0000.130 - EA)

Bulletstorm (x32 Version: 1.0.0000.130 - EA) Hidden

Cargo Commander (HKLM-x32\...\Steam App 220460) (Version:  - )

CCleaner (HKLM\...\CCleaner) (Version: 4.15 - Piriform)

ContentMod2.4 (HKLM-x32\...\ContentMod_2.4) (Version:  - )

Counter-Strike (HKLM-x32\...\Steam App 10) (Version:  - Valve)

Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)

Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Electronic Arts)

Curse Client (HKCU\...\090215de958f1060) (Version: 4.0.1.260 - Curse)

CyberLink PowerDVD 13 (HKLM-x32\...\InstallShield_{3CFDF154-7E60-4E98-A8DF-C693A4F8E6B6}) (Version: 13.0.2720.57 - CyberLink Corp.)

CyberLink PowerDVD 13 (x32 Version: 13.0.2720.57 - CyberLink Corp.) Hidden

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.45.1.0236 - DT Soft Ltd)

Darksiders (HKLM-x32\...\Steam App 50620) (Version:  - Vigil Games)

DarksidersInstaller (HKLM-x32\...\{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}) (Version: 1.00.1000 - Ihr Firmenname)

DC Universe Online (HKCU\...\SOE-DC Universe Online) (Version: 1.0.3.183 - Sony Online Entertainment)

DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version:  - Sony Online Entertainment)

DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live) (Version:  - Sony Online Entertainment)

Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)

Die Gilde Gold Update v. 2.06  (HKLM-x32\...\Die Gilde Gold Update v. 2.06 ) (Version:  - )

Die Gilde Gold-Edition (HKLM-x32\...\Die Gilde Gold-Edition) (Version:  - )

Dungeon Keeper 2 (HKLM-x32\...\Dungeon Keeper II) (Version:  - )

DUNGEONS Game of the Year edition (HKLM-x32\...\{B6505079-4610-4434-9558-53D7F9CBF6B3}) (Version: 1.3.3.0 - Realmforge Studios GmbH)

DVBLink for WinTV (HKLM-x32\...\{6C43B336-1143-40DC-877B-A0D116060F4B}) (Version: 3.2.0001 - DVBLogic)

DVBLink Server (HKLM-x32\...\{0F863674-33BA-4714-8A2D-2281B3F99850}) (Version: 3.2.0001 - DVBLogic)

Earth 2160 (HKLM-x32\...\Earth 2160) (Version: 1.00 - Zuxxez Entertainment AG)

Elements 11 Organizer (x32 Version: 11.0 - Ihr Firmenname) Hidden

eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden

Fahrenheit (HKLM-x32\...\{BA10AC78-E687-4523-8B93-540428FC256F}) (Version: 1.1 - Ihr Firmenname)

FileZilla Client 3.9.0.2 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.2 - Tim Kosse)

Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Fresco Logic USB3.0 Host Controller (HKLM\...\{F041F6B3-BA65-41DD-9747-AD0BD2129A0F}) (Version: 3.0.114.13 - Fresco Logic Inc.)

Giants (HKLM-x32\...\{97370293-96EC-11D4-9DEF-00104B70C5FB}) (Version:  - )

Gothic III (HKLM-x32\...\{02B244A2-7F6A-42E8-A36F-8C385D7A1625}) (Version: 1.0.0 - JoWooD Productions Software AG)

HandBrake 0.9.9 (HKLM-x32\...\HandBrake) (Version: 0.9.9 - )

Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.29304 (CD 2.4d) - Hauppauge Computer Works)

Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)

Hellgate: London (HKLM\...\{A2B4455D-1046-4732-BFBC-0821BEFC07BC}) (Version: 1.10.180.3416 - Flagship Studios)

Hex-Editor MX (HKLM-x32\...\{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1) (Version: 6.0 - NEXT-Soft)

iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)

iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)

Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)

Java 7 Update 67 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417067FF}) (Version: 7.0.670 - Oracle)

Java 8 Update 20 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218020F0}) (Version: 8.0.200 - Oracle Corporation)

Java Auto Updater (x32 Version: 2.8.20.26 - Oracle Corporation) Hidden

JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)

League of Legends (HKLM-x32\...\{918A9082-6287-4D25-9002-5E5D5E4971CB}) (Version: 1.02.0000 - Riot Games)

Logitech Gaming Software (Version: 8.20.74 - Logitech Inc.) Hidden

Logitech Gaming Software 8.51 (HKLM\...\Logitech Gaming Software) (Version: 8.51.5 - Logitech Inc.)

Mafia Game (HKLM-x32\...\Mafia Game) (Version:  - )

Mass Effect (HKLM-x32\...\{1B0FBB9A-995D-47cd-87CD-13E68B676E4F}) (Version: 1.00 - Electronic Arts, Inc.)

Mass Effect 2 (HKLM-x32\...\{75D84EF7-0D8C-4e70-B3FA-7B42A5D4E0EB}) (Version: 1.02 - Electronic Arts, Inc.)

Mass Effect™ 3 (HKLM-x32\...\{534A31BD-20F4-46b0-85CE-09778379663C}) (Version: 1.04.0.0 - Electronic Arts)

Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)

Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden

Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden

Microsoft Games for Windows - LIVE (HKLM-x32\...\{F97E3841-CA9D-4964-9D64-26066241D26F}) (Version: 3.3.24.0 - Microsoft Corporation)

Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{8FB1B528-E260-451E-9B55-E9152F94B80B}) (Version: 3.2.3.0 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)

Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office Professional 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version:  - Microsoft) Hidden

Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden

Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 26.0 - Mozilla)

MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden

MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)

MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)

Nero 8 (HKLM-x32\...\{9A5B876D-A900-4AAB-B557-DE827BE46E6C}) (Version: 8.3.500 - Nero AG)

neroxml (x32 Version: 1.0.0 - Nero AG) Hidden

NVIDIA 3D Vision Treiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 327.02 - NVIDIA Corporation)

NVIDIA Grafiktreiber 327.02 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 327.02 - NVIDIA Corporation)

NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden

NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden

NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)

NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.2702 - NVIDIA Corporation) Hidden

NVIDIA Systemsteuerung 327.02 (Version: 327.02 - NVIDIA Corporation) Hidden

NVIDIA Update 1.14.17 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.14.17 - NVIDIA Corporation)

NVIDIA Update Components (Version: 1.14.17 - NVIDIA Corporation) Hidden

OpenAL (HKLM-x32\...\OpenAL) (Version:  - )

Origin (HKLM-x32\...\Origin) (Version: 8.6.0.357 - Electronic Arts, Inc.)

Overlord 2 (HKLM-x32\...\{F4B9D4A9-BDF9-437D-8E07-A96A837BD284}_is1) (Version:  - )

Painkiller: Black Edition (HKLM-x32\...\Steam App 39530) (Version:  - People Can Fly)

PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)

ph (x32 Version: 1.0.0 - Your Company Name) Hidden

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Pinnacle Video Treiber (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)

PlayClaw 4 (HKLM-x32\...\PlayClaw 4_is1) (Version: 4 - )

PlayClaw 5 (HKLM-x32\...\PlayClaw 5_is1) (Version: 5 - )

PlayClaw 5 fast codec (HKLM-x32\...\PlayClaw 5 fast codec_is1) (Version: 5 - )

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)

Portal 2 Publishing Tool (HKLM-x32\...\Steam App 644) (Version:  - )

PRE11 STI 64Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden

PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)

Questpaket 4 Update 2 Deinstallation (HKLM-x32\...\G3QP231012008_is1) (Version: 4.2.0.0 - Humanforce)

Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6162 - Realtek Semiconductor Corp.)

Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 6.1.7600.10001 - Realtek Semiconductor Corp.)

Serious Sam 3: BFE (HKLM-x32\...\Steam App 41070) (Version:  - Croteam)

Serious Sam Double D (HKLM-x32\...\Steam App 111600) (Version:  - Mommy's Best Games)

Serious Sam: The Random Encounter (HKLM-x32\...\Steam App 201480) (Version:  - )

Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.106 - Skype Technologies S.A.)

SlimDX Runtime .NET 2.0 (January 2012) (HKLM-x32\...\{014A2868-BE56-4888-A16C-693989B8F153}) (Version: 2.0.13.43 - SlimDX Group)

Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)

StarCraft II (HKLM-x32\...\StarCraft II) (Version:  - Blizzard Entertainment)

Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)

Steam (HKLM-x32\...\{0CF89F99-308A-4E69-9251-D68167DB4DB2}) (Version: 1.0.0.0 - Alka Toys)

SteuerSparErklärung 2014 (HKLM-x32\...\{A463EB06-22A6-47F5-9593-E52B291EF13E}) (Version: 19.09.86 - Akademische Arbeitsgemeinschaft)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.1.18.0 - Synaptics Incorporated)

System Shock 2 (HKLM-x32\...\Steam App 238210) (Version:  - Irrational Games)

TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.15.1 - TeamSpeak Systems GmbH)

TEdit 3 (HKLM-x32\...\{2CB9AC0E-D125-454C-8BAC-0FCD683CE616}) (Version: 1.0.0.0 - BinaryConstruct)

Terrafirma (HKLM-x32\...\{72E80496-C446-4389-B4F2-CC46DF704A7F}) (Version: 1.9.8 - Sean Kasun)

Terraria (HKLM-x32\...\Steam App 105600) (Version:  - )

The Binding of Isaac (HKLM-x32\...\Steam App 113200) (Version:  - )

The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version:  - CD Projekt RED)

Thief Gold (HKLM-x32\...\Steam App 211600) (Version:  - )

THX TruStudio (HKLM-x32\...\{B11AB9C8-18A6-41DC-98B4-4988CC030136}) (Version: 1.03.00 - Creative Technology Limited)

Tom Clancy's EndWar (HKLM-x32\...\{7C3D8108-8D99-427F-A1C2-D8E0D25A469C}) (Version: 1.00.0000 - Ubisoft)

Tomb Raider III: Adventures of Lara Croft (HKLM-x32\...\Steam App 225320) (Version:  - Core Design)

Überwachungstool für die Intel® Turbo-Boost-Technik (HKLM\...\{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}) (Version: 1.0.400.4 - Intel)

Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)

UltraStar Deluxe (HKLM-x32\...\UltraStar Deluxe) (Version: 1.1 - USDX Team)

Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)

Unreal Tournament (HKLM-x32\...\UnrealTournament) (Version:  - )

Unreal Tournament 3 - Community Bonus Pack 3 - Volume 3 (HKLM-x32\...\UT3 CBP3 Vol 3) (Version:  - )

Unreal Tournament 3 (HKCU\...\InstallShield_{BFA90209-7AFF-4DB6-8E4B-E57305751AD7}) (Version: 1.00.0000 - Epic Games)

Unreal Tournament 3 (x32 Version: 1.00.0000 - Epic Games) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version:  - Microsoft)

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version:  - Microsoft)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2883097) 32-Bit Edition (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{B2260BC9-D561-46EE-B33D-739CF760A2A9}) (Version:  - Microsoft)

Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_PROR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version:  - Microsoft)

Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_PROR_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version:  - Microsoft)

Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_PROR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version:  - Microsoft)

Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_PROR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version:  - Microsoft)

UT3 Domination (CBP Edition) (HKLM-x32\...\{B17B1D8F-D822-42E1-A72C-7D9E84CF7B29}) (Version: 3.1.0 - Brian 'Snake' Alexander)

VCRedistSetup (x32 Version: 1.0.0 - Nero AG) Hidden

VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)

Warcraft III (HKLM-x32\...\Warcraft III) (Version:  - )

Warcraft III: All Products (HKCU\...\Warcraft III) (Version:  - )

webssearches uninstall (HKLM-x32\...\webssearches uninstall) (Version:  - webssearches) <==== ATTENTION

WIDCOMM Bluetooth Software (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.5.600 - Broadcom Corporation)

Windows Driver Package - Broadcom (BTHUSB) Bluetooth  (02/25/2010 6.2.0.9419) (HKLM\...\85CE3A3657FAE5FD305B143E90E6FC89BA53001C) (Version: 02/25/2010 6.2.0.9419 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (01/19/2010 6.2.0.1417) (HKLM\...\7341A1B43E7FE58942EB1E820A17C18305DFBCE6) (Version: 01/19/2010 6.2.0.1417 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/29/2009 6.1.7100.0) (HKLM\...\2AA10AB519DC7432D599A0E860206A7DDCC27764) (Version: 07/29/2009 6.1.7100.0 - Broadcom)

Windows Driver Package - Broadcom Bluetooth  (07/30/2009 6.2.0.9405) (HKLM\...\6B6B5E96843E55CF5CF8C7E45FB457F1FE642FF1) (Version: 07/30/2009 6.2.0.9405 - Broadcom)

Windows Driver Package - Broadcom HIDClass  (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)

Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden

Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

WindowsMangerProtect20.0.0.722 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.722 - WindowsProtect LIMITED) <==== ATTENTION

WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.31.0 - ASUS)

WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)

Wireless Console 3 (HKLM-x32\...\{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}) (Version: 3.0.19 - ASUS)

Wolfenstein (HKLM-x32\...\InstallShield_{F9B37992-968C-4264-8449-489032FC28DE}) (Version: 1.0 - Activision)

Wolfenstein (x32 Version: 1.0 - Activision) Hidden

World of Warcraft (HKLM-x32\...\World of Warcraft) (Version:  - Blizzard Entertainment)
 

==================== Custom CLSID (selected items): ==========================
 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 

CustomCLSID: HKU\S-1-5-21-461601121-2454032722-3572995621-1000_Classes\CLSID\{22a98d38-00b3-4efe-81a3-8d5ada4d9886}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
 

==================== Restore Points  =========================
 

21-08-2014 09:11:13 Geplanter Prüfpunkt

21-08-2014 13:01:24 Windows Update

22-08-2014 16:21:44 Windows Update

22-08-2014 16:45:43 Installed DUNGEONS Game of the Year edition

26-08-2014 23:18:57 Windows Update

27-08-2014 18:59:14 Windows Update
 

==================== Hosts content: ==========================
 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 

2009-07-14 04:34 - 2014-05-24 20:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts

127.0.0.1       localhost
 

==================== Scheduled Tasks (whitelisted) =============
 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 

Task: {09DFC150-D178-4D54-8E7B-8604D5229844} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-08-31] (ASUSTeK Computer Inc.)

Task: {1076A26D-190D-4A8F-AC64-1D1059ACDB04} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)

Task: {1FA310D8-FCF5-416C-B39A-17AEFE4725E9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-21] (Adobe Systems Incorporated)

Task: {26939E84-FA7F-4576-B2BE-54C0333A75FF} - System32\Tasks\avast! Emergency Update => D:\Avast\AvastEmUpdate.exe [2014-07-13] (AVAST Software)

Task: {6D202BA4-8F01-430A-B5B5-C64DCD8F8B3D} - System32\Tasks\ASUS P4G => C:\Program Files\P4G\BatteryLife.exe [2010-11-10] (ASUS)

Task: {AC745BE8-5188-4510-8FA1-9FB47C88651C} - System32\Tasks\CCleanerSkipUAC => D:\CCleaner\CCleaner.exe [2014-06-24] (Piriform Ltd)

Task: {D4B38F67-D853-46AC-A1B8-CEA8ECDF24AA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe [2009-07-31] (ASUS)

Task: {EDBFCA75-EE10-4CCF-B704-C5FF81E16A02} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe [2014-08-27] ()

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
 

==================== Loaded Modules (whitelisted) =============
 

2008-10-24 16:35 - 2008-10-24 16:35 - 00128296 _____ () C:\Program Files (x86)\AAVUpdateManager\aavus.exe

2012-11-11 00:30 - 2013-09-19 00:11 - 00075136 _____ () C:\Windows\SysWOW64\PnkBstrA.exe

2012-01-04 15:07 - 2010-12-08 11:45 - 00253264 _____ () D:\1&1 Surf-Stick\AssistantServices.exe

2011-12-26 17:00 - 2013-08-30 00:43 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll

2014-08-21 12:33 - 2014-08-27 21:42 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll

2014-05-01 21:29 - 2014-05-01 21:29 - 00098304 _____ () D:\FileZilla FTP Client\fzshellext_64.dll

2010-03-11 20:14 - 2010-03-11 20:14 - 00173344 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll

2010-07-14 17:11 - 2010-07-14 17:11 - 00031360 _____ () C:\Program Files\P4G\DevMng.dll

2010-09-23 17:53 - 2010-09-23 17:53 - 01601536 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

2014-08-27 21:41 - 2014-08-27 21:41 - 00643072 _____ () C:\Users\***\AppData\Local\Temp\smarti\smi.exe

2014-08-21 12:32 - 2014-08-27 21:42 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe

2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe

2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe

2014-07-13 15:07 - 2014-07-13 15:07 - 00301152 _____ () D:\Avast\aswProperty.dll

2014-08-27 17:48 - 2014-08-27 17:48 - 02801152 _____ () D:\Avast\defs\14082700\algo.dll

2014-08-27 21:44 - 2014-08-27 21:44 - 02801152 _____ () D:\Avast\defs\14082701\algo.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-02-06 01:52 - 2014-02-06 01:52 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-10-21 14:17 - 2010-10-21 14:17 - 00605696 _____ () D:\DVBLogic\DVBLink2\Sinks\Local Tuner\BDASink.dll

2010-10-21 14:09 - 2010-10-21 14:09 - 01445888 _____ () D:\DVBLogic\DVBLink2\Sinks\MCRecorder\MCRecorder.dll

2012-06-28 17:58 - 2012-06-28 17:58 - 00435584 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ulxmlrpcpp.dll

2011-08-31 16:33 - 2011-08-31 16:33 - 00208384 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll

2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () D:\Apple\Internet Services\zlib1.dll

2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () D:\Apple\Internet Services\libxml2.dll

2014-08-21 12:33 - 2014-08-27 21:42 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll

2012-06-28 21:46 - 2012-06-28 21:46 - 13005184 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\Common\ti_managers.dll

2014-07-13 15:07 - 2014-07-13 15:07 - 19329904 _____ () D:\Avast\libcef.dll

2014-03-22 19:42 - 2009-02-27 17:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll

2012-06-28 18:34 - 2012-06-28 18:34 - 00018816 _____ () C:\Program Files (x86)\Acronis\TrueImageHome\ti_managers_proxy_stub.dll
 

==================== Alternate Data Streams (whitelisted) =========
 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 

AlternateDataStreams: C:\ProgramData:$SS_DESCRIPTOR_LBP6VPVFLVGVVFB84LTSUTB92PFNPC7BPV4XFJDMNGTFB5V5NBJ5TBBJMT9Y0N96GMP3V0GRUEF39X8XHH0TCFUL44FTBX4MLSWPBXRTF6VEKLFEJK35PNX0WHNGT9LSVEVF1VTVVTVXVVD

AlternateDataStreams: C:\Users\***\AppData\Local:sLWUoijCUpYCxd7Cix9uUGiFKqBmu6

AlternateDataStreams: C:\Users\***\AppData\Local\Temp:vaBFuTXLS0p06srpuyJsLkaZa
 

==================== Safe Mode (whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 

==================== EXE Association (whitelisted) =============
 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 

==================== MSCONFIG/TASK MANAGER disabled items =========
 

(Currently there is no automatic fix for this section.)
 

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup

MSCONFIG\startupreg: AdobeBridge => 

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

MSCONFIG\startupreg: BingDesktop => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe /fromkey

MSCONFIG\startupreg: BrMfcWnd => C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN

MSCONFIG\startupreg: ControlCenter3 => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe /autorun

MSCONFIG\startupreg: DVBLink MediaCenter Launcher => D:\DVBLogic\DVBLink2\DVBLinkMCLauncher.exe

MSCONFIG\startupreg: emsisoft anti-malware => "C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe" /d=60

MSCONFIG\startupreg: iTunesHelper => "D:\iTunes\iTunesHelper.exe"

MSCONFIG\startupreg: PowerDVD13Agent => "D:\PowerDVD13\PowerDVD13\PowerDVD13Agent.exe"

MSCONFIG\startupreg: SwitchBoard => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

MSCONFIG\startupreg: UIExec => "D:\1&1 Surf-Stick\UIExec.exe"
 

==================== Faulty Device Manager Devices =============
 
 

==================== Event log errors: =========================
 

Application errors:

==================

Error: (08/27/2014 09:04:31 PM) (Source: WinMgmt) (EventID: 10) (User: )

Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
 

Error: (08/27/2014 08:19:00 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 

Error: (08/27/2014 08:19:00 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
 

Error: (08/27/2014 08:18:58 PM) (Source: SideBySide) (EventID: 80) (User: )

Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in

Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.

Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit

einer anderen, bereits aktiven Komponentenversion.

In Konflikt stehende Komponenten:.

Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.

Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 

Error: (08/27/2014 06:23:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: TWN BrtTWN: [2014/08/27 18:23:01.138]: [00006724]: Initialize TwdsMain Class failed!
 

Error: (08/27/2014 06:23:01 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: TWN BrtTWN: [2014/08/27 18:23:01.138]: [00006724]: ##### Fatal ERROR!! Create STI-device failed! #####
 

Error: (08/27/2014 06:22:31 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: TWN BrtTWN: [2014/08/27 18:22:31.907]: [00006724]: Initialize TwdsMain Class failed!
 

Error: (08/27/2014 06:22:31 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: TWN BrtTWN: [2014/08/27 18:22:31.907]: [00006724]: ##### Fatal ERROR!! Create STI-device failed! #####
 

Error: (08/27/2014 05:50:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: TWN BrtTWN: [2014/08/27 17:50:05.334]: [00006724]: Initialize TwdsMain Class failed!
 

Error: (08/27/2014 05:50:05 PM) (Source: Brother BrLog) (EventID: 1001) (User: )

Description: TWN BrtTWN: [2014/08/27 17:50:05.319]: [00006724]: ##### Fatal ERROR!! Create STI-device failed! #####
 
 

System errors:

=============

Error: (08/27/2014 09:03:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/27/2014 07:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%1053
 

Error: (08/27/2014 07:37:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
 

Error: (08/26/2014 10:33:18 PM) (Source: Disk) (EventID: 11) (User: )

Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR3 gefunden.
 

Error: (08/23/2014 01:57:55 PM) (Source: Tcpip) (EventID: 4199) (User: )

Description: Das System hat einen Adressenkonflikt der IP-Adresse 192.168.0.101 mit dem Computer mit der

Netzwerkhardwareadresse 98-D6-BB-0A-7C-29 ermittelt. Netzwerkvorgänge könnten daher auf diesem

System unterbrochen werden.
 

Error: (08/21/2014 05:16:22 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/21/2014 04:13:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/21/2014 03:14:28 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/21/2014 10:42:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 

Error: (08/21/2014 10:17:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: Der Dienst "lilsgt" wurde aufgrund folgenden Fehlers nicht gestartet: 

%%577
 
 

Microsoft Office Sessions:

=========================

Error: (10/21/2013 08:55:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 11 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (10/21/2013 08:55:16 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 1 seconds with 0 seconds of active time.  This session ended with a crash.
 

Error: (08/18/2013 08:55:36 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 3517 seconds with 1620 seconds of active time.  This session ended with a crash.
 

Error: (04/25/2013 09:50:29 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 913 seconds with 120 seconds of active time.  This session ended with a crash.
 

Error: (03/19/2013 08:29:41 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 4531 seconds with 60 seconds of active time.  This session ended with a crash.
 

Error: (02/25/2012 10:01:11 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )

Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6607.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 420 seconds with 0 seconds of active time.  This session ended with a crash.
 
 

CodeIntegrity Errors:

===================================

  Date: 2014-08-27 21:03:11.886

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-27 21:03:11.777

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 17:16:22.464

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 17:16:22.371

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 16:13:54.806

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 16:13:54.697

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 15:14:28.188

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 15:14:28.078

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 10:42:35.688

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 

  Date: 2014-08-21 10:42:35.532

  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\lilsgt.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
 
 

==================== Memory info =========================== 
 

Processor: Intel(R) Core(TM) i7-2630QM CPU @ 2.00GHz

Percentage of memory in use: 26%

Total physical RAM: 8169.17 MB

Available physical RAM: 5997.65 MB

Total Pagefile: 16336.52 MB

Available Pagefile: 13967.04 MB

Total Virtual: 8192 MB

Available Virtual: 8191.84 MB
 

==================== Drives ================================
 

Drive c: (Schaltzentrale) (Fixed) (Total:97.66 GB) (Free:20.35 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Drive d: (Apps) (Fixed) (Total:29.3 GB) (Free:19.83 GB) NTFS

Drive e: (Workspace) (Fixed) (Total:97.66 GB) (Free:56.09 GB) NTFS

Drive f: (Funzone) (Fixed) (Total:474.03 GB) (Free:26.9 GB) NTFS

Drive g: (Freespace) (Fixed) (Total:349.3 GB) (Free:37.74 GB) NTFS

Drive h: (Backup) (Fixed) (Total:349.33 GB) (Free:214.36 GB) NTFS

Drive i: (BG25) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: BC84E99F)

Partition 1: (Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=29.3 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=474 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (Size: 698.6 GB) (Disk ID: BBC58B91)

Partition 1: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=349.3 GB) - (Type=07 NTFS)
 

==================== End Of Log ============================

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014

Ran by *** (administrator) on BLACK-STEALTH on 27-08-2014 21:54:07

Running from C:\Users\***\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 

The only official download link for FRST:

Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ 

Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ 

Download link from any site other than Bleeping Computer is unpermitted or outdated.

See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) D:\Avast\AvastSvc.exe

() C:\Program Files (x86)\AAVUpdateManager\aavus.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

(DVBLogic) D:\DVBLogic\DVBLink2\DVBLinkServer.exe

(Hauppauge Computer Works) D:\WinTV\TVServer\HauppaugeTVServer.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Nero AG) D:\Nero 8\Nero BackItUp\NBService.exe

(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

() D:\1&1 Surf-Stick\AssistantServices.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Apple Inc.) D:\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) D:\Apple\Internet Services\ApplePhotoStreams.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(AVAST Software) D:\Avast\avastui.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Apple Inc.) D:\Apple\Internet Services\APSDaemon.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Apple Inc.) D:\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

() C:\Users\***\AppData\Local\Temp\smarti\smi.exe

(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe

(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe

() C:\Program Files (x86)\SupTab\HpUI.exe

() C:\Program Files (x86)\SupTab\Loader64.exe

() C:\Program Files (x86)\SupTab\Loader32.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)

HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [907776 2011-01-28] (Creative Technology Ltd)

HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)

HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {7885fa50-2fc3-11e1-af67-806e6f6e6963} - I:\InstAll.exe

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {8225242e-384b-11e1-b1f7-74f06dbf1989} - K:\Setup\rsrc\Autorun.exe

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {877fa340-2fe9-11e1-8ae5-806e6f6e6963} - J:\Autoplay.exe -auto

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC179616C8CD8CD01

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://istart.webssearches.com/?type=sc&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724

FF NewTab: chrome://quick_start/content/index.html

FF DefaultSearchEngine: webssearches

FF SelectedSearchEngine: webssearches

FF Homepage: hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Extension: Fast Start - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\faststartff@gmail.com [2014-08-27]

FF Extension: YouTube Unblocker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\youtubeunblocker@unblocker.yt [2014-05-20]

FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\firefox@ghostery.com.xpi [2014-06-02]

FF Extension: CookieCuller - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-06-02]

FF Extension: DownThemAll! - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-20]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast\WebRep\FF

FF Extension: avast! Online Security - D:\Avast\WebRep\FF [2011-12-26]

FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com

FF HKCU\...\Firefox\Extensions: [jid1-VZC3jSUSB1KxYw@jetpack] - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack

FF Extension: skype_addon - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack [2012-02-18]

FF StartMenuInternet: FIREFOX.EXE - D:\Mozilla Firefox\firefox.exe hxxp://istart.webssearches.com/?type=sc&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA
 

Chrome: 

=======

CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Browser Shope) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn [2014-05-18]

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm [2014-05-18]

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel [2014-05-18]

CHR Extension: (NeeXtuCouep) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec [2014-05-20]

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak [2014-05-18]

CHR HKCU\...\Chrome\Extension: [bofpgnmdjnpjpegclhggphjeladaklnf] - C:\Users\***\AppData\Roaming\Steam\bofpgnmdjnpjpegclhggphjeladaklnf.crx [2012-02-02]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 avast! Antivirus; D:\Avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-26] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-26] (Creative Labs) [File not signed]

R2 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)

R2 CyberLink PowerDVD 13 Media Server Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)

R2 DVBLinkServer2; D:\DVBLogic\DVBLink2\DVBLinkServer.exe [1991680 2010-10-21] (DVBLogic) [File not signed]

R2 HauppaugeTVServer; D:\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-08-27] (Cherished Technololgy LIMITED)

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 Nero BackItUp Scheduler 3; D:\Nero 8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)

R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-19] ()

S3 Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [833728 2014-08-14] (Valve Corporation) [File not signed]

R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()

R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [528896 2014-08-27] (Fuyu LIMITED) [File not signed]
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-13] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-13] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-13] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-13] ()

S3 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-12-22] () [File not signed]

S3 CYDTV_SRV; C:\Windows\System32\drivers\cydtv.sys [576480 2010-07-13] ( )

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)

R3 dvblinkcap; C:\Windows\System32\DRIVERS\dvblinkcap.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap2; C:\Windows\System32\DRIVERS\dvblinkcap2.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap3; C:\Windows\System32\DRIVERS\dvblinkcap3.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap4; C:\Windows\System32\DRIVERS\dvblinkcap4.sys [18608 2010-07-19] (DVBLink)

R3 dvblinktun; C:\Windows\System32\DRIVERS\dvblinktun.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun2; C:\Windows\System32\DRIVERS\dvblinktun2.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun3; C:\Windows\System32\DRIVERS\dvblinktun3.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun4; C:\Windows\System32\DRIVERS\dvblinktun4.sys [20784 2010-07-19] (DVBLink)

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)

S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)

S4 ithsgt; C:\Windows\SysWOW64\DRIVERS\ithsgt.sys [162432 2012-08-16] () [File not signed]

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

S2 lilsgt; C:\Windows\System32\DRIVERS\lilsgt.sys [21504 2012-08-16] () [File not signed]

S2 lilsgt; C:\Windows\SysWOW64\DRIVERS\lilsgt.sys [12032 2012-08-16] () [File not signed]

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)

R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [31784 2012-03-29] (Feitian Technologies Co., Ltd.)

S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [22696 2012-03-29] (Feitian Technologies Co., Ltd.)

S3 SaiH5F0D; C:\Windows\System32\DRIVERS\SaiH5F0D.sys [171144 2007-05-01] (Saitek)

S3 SaiU5F0D; C:\Windows\System32\DRIVERS\SaiU5F0D.sys [34304 2007-05-01] (Saitek)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-26] () [File not signed]

S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [737312 2008-12-16] (TechnoTrend GmbH)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-27 21:54 - 2014-08-27 21:54 - 00027352 _____ () C:\Users\***\Desktop\FRST.txt

2014-08-27 21:54 - 2014-08-27 21:54 - 00000000 ____D () C:\FRST

2014-08-27 21:51 - 2014-08-27 21:51 - 00380416 _____ () C:\Users\***\Desktop\ghjp30nj.exe

2014-08-27 21:50 - 2014-08-27 21:50 - 02103296 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2014-08-27 21:42 - 2014-08-27 21:42 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP

2014-08-27 21:42 - 2014-08-27 21:42 - 00000000 ____D () C:\Program Files (x86)\SupTab

2014-08-27 21:42 - 2014-08-27 21:42 - 00000000 ____D () C:\Program Files (x86)\GetPrivate

2014-08-27 21:41 - 2014-08-27 21:42 - 00000000 ____D () C:\Users\***\AppData\Roaming\GetPrivate

2014-08-27 20:59 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 20:59 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-27 20:59 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-26 23:33 - 2014-08-26 23:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-26 23:33 - 2014-08-26 23:33 - 00000000 ____D () C:\Program Files\Java

2014-08-24 17:37 - 2014-08-24 17:37 - 00000000 ____D () C:\Users\***\AppData\Local\Sony Online Entertainment

2014-08-22 18:57 - 2014-08-22 18:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\Kalypso Media

2014-08-22 18:54 - 2014-08-22 18:54 - 00001533 _____ () C:\Users\Public\Desktop\DUNGEONS Game of the Year edition.lnk

2014-08-22 18:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-22 18:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-22 18:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-22 18:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-22 18:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-22 18:22 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-22 18:22 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-22 18:22 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-22 18:22 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-21 15:37 - 2014-08-21 15:37 - 00002477 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-21 15:37 - 2014-08-21 15:37 - 00000000 ____D () C:\Users\***\AppData\Local\Skype

2014-08-21 15:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-21 15:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-21 15:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-21 15:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-21 15:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-21 15:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-21 15:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-21 15:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-21 15:01 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-21 15:01 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-21 15:01 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-21 15:01 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-21 15:01 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-21 15:01 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-21 15:01 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-21 15:01 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-21 15:01 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-21 15:01 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-21 15:01 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-21 15:01 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-21 15:01 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-21 15:01 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-21 15:01 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-21 15:01 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-21 15:01 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-21 15:01 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-21 15:01 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-21 15:01 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-21 15:01 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-21 15:01 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-21 15:01 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-21 15:01 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-21 15:01 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-21 15:01 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-21 15:01 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-21 15:01 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-21 15:01 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-21 15:01 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-21 15:01 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-21 15:01 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-21 15:01 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-21 15:01 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-21 15:01 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-21 15:01 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-21 15:01 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-21 15:01 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-21 15:01 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-21 15:01 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-21 15:01 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-21 15:01 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-21 15:01 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-21 15:01 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-21 15:01 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-21 15:01 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-21 15:01 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-21 15:01 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-21 15:01 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-21 15:01 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-21 15:01 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-21 15:01 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-21 15:01 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-21 15:01 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-21 15:01 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-21 15:01 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-21 15:01 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-21 15:01 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-21 15:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-21 15:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-21 15:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-21 15:00 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-21 15:00 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-21 15:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-21 15:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-21 15:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iTunes

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iPod
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-27 21:54 - 2014-08-27 21:54 - 00027352 _____ () C:\Users\***\Desktop\FRST.txt

2014-08-27 21:54 - 2014-08-27 21:54 - 00000000 ____D () C:\FRST

2014-08-27 21:53 - 2011-12-26 15:25 - 01785564 _____ () C:\Windows\WindowsUpdate.log

2014-08-27 21:51 - 2014-08-27 21:51 - 00380416 _____ () C:\Users\***\Desktop\ghjp30nj.exe

2014-08-27 21:50 - 2014-08-27 21:50 - 02103296 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2014-08-27 21:42 - 2014-08-27 21:42 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP

2014-08-27 21:42 - 2014-08-27 21:42 - 00000000 ____D () C:\Program Files (x86)\SupTab

2014-08-27 21:42 - 2014-08-27 21:42 - 00000000 ____D () C:\Program Files (x86)\GetPrivate

2014-08-27 21:42 - 2014-08-27 21:41 - 00000000 ____D () C:\Users\***\AppData\Roaming\GetPrivate

2014-08-27 21:42 - 2013-11-12 21:44 - 00001607 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-27 21:37 - 2013-10-13 02:50 - 00000000 ____D () C:\Users\***\AppData\Local\Battle.net

2014-08-27 21:25 - 2014-06-29 00:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-27 21:13 - 2011-12-26 15:38 - 00000000 ____D () C:\Users\***

2014-08-27 21:11 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-27 21:11 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-27 21:09 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-08-27 21:09 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-08-27 21:09 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-27 21:04 - 2009-07-14 06:45 - 05109560 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 21:03 - 2014-05-24 20:11 - 00006701 _____ () C:\Windows\setupact.log

2014-08-27 21:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-27 18:37 - 2013-08-18 15:49 - 00000000 ____D () C:\Users\***\AppData\Local\20924801-609E-4B66-8071-BE0F0DC8EEC4.aplzod

2014-08-27 18:20 - 2014-03-22 19:43 - 00007891 _____ () C:\Windows\BRRBCOM.INI

2014-08-27 17:47 - 2012-07-09 17:33 - 00004124 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-26 23:33 - 2014-08-26 23:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-26 23:33 - 2014-08-26 23:33 - 00000000 ____D () C:\Program Files\Java

2014-08-26 23:31 - 2014-07-17 21:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-26 23:31 - 2014-06-29 01:16 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-24 17:37 - 2014-08-24 17:37 - 00000000 ____D () C:\Users\***\AppData\Local\Sony Online Entertainment

2014-08-23 04:07 - 2014-08-27 20:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-27 20:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-27 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 19:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-22 18:58 - 2014-08-22 18:57 - 00000000 ____D () C:\Users\***\AppData\Roaming\Kalypso Media

2014-08-22 18:54 - 2014-08-22 18:54 - 00001533 _____ () C:\Users\Public\Desktop\DUNGEONS Game of the Year edition.lnk

2014-08-21 16:28 - 2014-03-22 20:22 - 00000000 ____D () C:\Users\***\AppData\Roaming\ControlCenter4

2014-08-21 16:10 - 2011-12-26 19:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype

2014-08-21 15:37 - 2014-08-21 15:37 - 00002477 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-21 15:37 - 2014-08-21 15:37 - 00000000 ____D () C:\Users\***\AppData\Local\Skype

2014-08-21 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-21 15:07 - 2013-07-10 18:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-21 15:05 - 2011-12-26 15:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iTunes

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iPod

2014-08-21 10:31 - 2014-06-29 00:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-21 10:31 - 2012-04-01 10:29 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-21 10:31 - 2011-12-26 16:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-04 19:15 - 2011-12-26 19:26 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla

2014-08-03 21:16 - 2012-05-10 22:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-03 21:16 - 2012-05-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-01 01:41 - 2014-08-21 15:01 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 01:16 - 2014-08-21 15:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 

Some content of TEMP:

====================

C:\Users\***\AppData\Local\Temp\bmp3okyi.xiv.exe

C:\Users\***\AppData\Local\Temp\idwlunkp.imp.exe

C:\Users\***\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe

C:\Users\***\AppData\Local\Temp\SIntf16.dll

C:\Users\***\AppData\Local\Temp\SIntf32.dll

C:\Users\***\AppData\Local\Temp\SIntfNT.dll

C:\Users\***\AppData\Local\Temp\SkypeSetup.exe

C:\Users\***\AppData\Local\Temp\tmpDF34.tmp.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-27 20:18
 

==================== End Of Log ============================

GMER
Als Anhang da zu groß

Ich hoffe ihr könnt mir helfen! :)

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Alles ohne Meldungen durchgelaufen

Code:

ComboFix 14-08-28.01 - *** 28.08.2014  18:04:58.2.8 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8169.5559 [GMT 2:00]

ausgeführt von:: c:\users\***\Desktop\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\IePluginServices

c:\programdata\IePluginServices\PluginService.exe

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\Gast\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\Gast\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\***\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\***\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\UpdatusUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm\5.14\yX3.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel\1\ZGvlE8D9w.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak\1.0\QwXVS_3.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkojmcpapelhajmiejhfdfpdhgnbojdn\1\oeIZ5PtlTmp.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\background.html

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\content.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\lsdb.js

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\manifest.json

c:\users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfeoefojlnmamcbhjjcagghfegcoamec\1.0\PBz3M4Td.js

c:\windows\IsUn0407.exe

H:\install.exe

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_IePluginServices

-------\Service_IePluginServices

.

.

(((((((((((((((((((((((   Dateien erstellt von 2014-07-28 bis 2014-08-28  ))))))))))))))))))))))))))))))

.

.

2014-08-28 16:13 . 2014-08-28 16:13        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2014-08-28 16:13 . 2014-08-28 16:13        --------        d-----w-        c:\users\Public\AppData\Local\temp

2014-08-28 16:13 . 2014-08-28 16:13        --------        d-----w-        c:\users\HomeGroupUser$\AppData\Local\temp

2014-08-28 16:13 . 2014-08-28 16:13        --------        d-----w-        c:\users\Gast\AppData\Local\temp

2014-08-28 16:13 . 2014-08-28 16:13        --------        d-----w-        c:\users\Default\AppData\Local\temp

2014-08-28 16:13 . 2014-08-28 16:13        --------        d-----w-        c:\users\Administrator\AppData\Local\temp

2014-08-27 19:54 . 2014-08-27 19:55        --------        d-----w-        C:\FRST

2014-08-27 19:42 . 2014-08-27 19:42        --------        d-----w-        c:\programdata\WindowsMangerProtect

2014-08-27 19:42 . 2014-08-27 19:42        --------        d-----w-        c:\program files (x86)\SupTab

2014-08-27 19:42 . 2014-08-27 19:42        --------        d-----w-        c:\users\***\AppData\Roaming\webssearches

2014-08-27 19:42 . 2014-08-27 19:42        --------        d-----w-        c:\program files (x86)\GetPrivate

2014-08-27 19:41 . 2014-08-27 19:42        --------        d-----w-        c:\users\***\AppData\Roaming\GetPrivate

2014-08-27 18:59 . 2014-08-23 02:07        404480        ----a-w-        c:\windows\system32\gdi32.dll

2014-08-27 18:59 . 2014-08-23 01:45        311808        ----a-w-        c:\windows\SysWow64\gdi32.dll

2014-08-27 18:59 . 2014-08-23 00:59        3163648        ----a-w-        c:\windows\system32\win32k.sys

2014-08-26 23:19 . 2014-08-21 03:43        11319192        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{FF8A1B71-F761-43D5-A3F1-8AF7E4FE16DE}\mpengine.dll

2014-08-26 21:33 . 2014-08-26 21:33        319912        ----a-w-        c:\windows\system32\javaws.exe

2014-08-26 21:33 . 2014-08-26 21:33        111016        ----a-w-        c:\windows\system32\WindowsAccessBridge-64.dll

2014-08-26 21:33 . 2014-08-26 21:33        189352        ----a-w-        c:\windows\system32\javaw.exe

2014-08-26 21:33 . 2014-08-26 21:33        189352        ----a-w-        c:\windows\system32\java.exe

2014-08-26 21:33 . 2014-08-26 21:33        --------        d-----w-        c:\program files\Java

2014-08-26 21:32 . 2014-08-26 21:32        --------        d-----w-        c:\program files (x86)\Common Files\Java

2014-08-24 15:37 . 2014-08-24 15:37        --------        d-----w-        c:\users\***\AppData\Local\Sony Online Entertainment

2014-08-22 16:57 . 2014-08-22 16:58        --------        d-----w-        c:\users\***\AppData\Roaming\Kalypso Media

2014-08-21 13:37 . 2014-08-21 13:37        --------        d-----w-        c:\users\***\AppData\Local\Skype

2014-08-21 13:37 . 2014-08-21 13:37        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2014-08-21 13:02 . 2014-03-09 21:48        171160        ----a-w-        c:\windows\system32\infocardapi.dll

2014-08-21 13:02 . 2014-03-09 21:48        1389208        ----a-w-        c:\windows\system32\icardagt.exe

2014-08-21 13:02 . 2014-03-09 21:47        99480        ----a-w-        c:\windows\SysWow64\infocardapi.dll

2014-08-21 13:02 . 2014-03-09 21:47        619672        ----a-w-        c:\windows\SysWow64\icardagt.exe

2014-08-21 13:02 . 2014-06-30 22:24        8856        ----a-w-        c:\windows\system32\icardres.dll

2014-08-21 13:02 . 2014-06-30 22:14        8856        ----a-w-        c:\windows\SysWow64\icardres.dll

2014-08-21 13:02 . 2014-06-06 06:16        35480        ----a-w-        c:\windows\SysWow64\TsWpfWrp.exe

2014-08-21 13:02 . 2014-06-06 06:12        35480        ----a-w-        c:\windows\system32\TsWpfWrp.exe

2014-08-21 13:00 . 2014-07-25 13:49        10747904        ----a-w-        c:\program files\Internet Explorer\F12Resources.dll

2014-08-21 13:00 . 2014-06-16 02:10        985536        ----a-w-        c:\windows\system32\drivers\dxgkrnl.sys

2014-08-21 13:00 . 2014-06-25 02:05        14175744        ----a-w-        c:\windows\system32\shell32.dll

2014-08-21 13:00 . 2014-07-14 02:02        1216000        ----a-w-        c:\windows\system32\rpcrt4.dll

2014-08-21 13:00 . 2014-07-14 01:40        664064        ----a-w-        c:\windows\SysWow64\rpcrt4.dll

2014-08-21 08:36 . 2014-08-21 08:36        --------        d-----w-        c:\program files\iPod

2014-08-21 08:36 . 2014-08-21 08:36        --------        d-----w-        c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-08-21 08:36 . 2014-08-21 08:36        --------        d-----w-        c:\program files\iTunes

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2014-08-26 21:31 . 2014-07-17 19:01        98216        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll

2014-08-21 13:05 . 2011-12-26 13:56        99218768        ----a-w-        c:\windows\system32\MRT.exe

2014-08-21 08:31 . 2012-04-01 08:29        699568        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2014-08-21 08:31 . 2011-12-26 14:55        71344        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2014-08-05 07:20 . 2010-11-21 03:27        270496        ------w-        c:\windows\system32\MpSigStub.exe

2014-07-13 13:08 . 2011-12-26 14:24        427360        ----a-w-        c:\windows\system32\drivers\aswsp.sys

2014-07-13 13:08 . 2014-05-06 22:44        29208        ----a-w-        c:\windows\system32\drivers\aswHwid.sys

2014-07-13 13:08 . 2014-01-02 17:18        92008        ----a-w-        c:\windows\system32\drivers\aswstm.sys

2014-07-13 13:08 . 2013-03-16 12:15        65776        ----a-w-        c:\windows\system32\drivers\aswRvrt.sys

2014-07-13 13:08 . 2013-03-16 12:15        224896        ----a-w-        c:\windows\system32\drivers\aswVmm.sys

2014-07-13 13:08 . 2012-02-25 11:43        93568        ----a-w-        c:\windows\system32\drivers\aswRdr2.sys

2014-07-13 13:08 . 2011-12-26 14:24        1041168        ----a-w-        c:\windows\system32\drivers\aswsnx.sys

2014-07-13 13:08 . 2011-12-26 14:24        79184        ----a-w-        c:\windows\system32\drivers\aswMonFlt.sys

2014-07-13 13:08 . 2011-12-26 14:24        307344        ----a-w-        c:\windows\system32\aswBoot.exe

2014-07-13 13:07 . 2014-07-13 13:07        43152        ----a-w-        c:\windows\avastSS.scr

2014-06-23 22:01 . 2014-06-23 21:57        21840        ----atw-        c:\windows\SysWow64\SIntfNT.dll

2014-06-23 22:01 . 2014-06-23 21:57        17212        ----atw-        c:\windows\SysWow64\SIntf32.dll

2014-06-23 22:01 . 2014-06-23 21:57        12067        ----atw-        c:\windows\SysWow64\SIntf16.dll

2014-06-18 02:18 . 2014-07-08 23:00        692736        ----a-w-        c:\windows\system32\osk.exe

2014-06-18 01:51 . 2014-07-08 23:00        646144        ----a-w-        c:\windows\SysWow64\osk.exe

2014-06-06 10:10 . 2014-07-08 23:00        624128        ----a-w-        c:\windows\system32\qedit.dll

2014-06-06 09:44 . 2014-07-08 23:00        509440        ----a-w-        c:\windows\SysWow64\qedit.dll

2014-06-05 23:42 . 2014-06-05 23:42        227328        ----a-w-        c:\windows\system32\BRCOI13A.DLL

2014-06-05 14:45 . 2014-07-08 23:00        1460736        ----a-w-        c:\windows\system32\lsasrv.dll

2014-06-05 14:26 . 2014-07-08 23:00        22016        ----a-w-        c:\windows\SysWow64\secur32.dll

2014-06-05 14:25 . 2014-07-08 23:00        96768        ----a-w-        c:\windows\SysWow64\sspicli.dll

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]

2014-08-27 19:42        515464        ----a-w-        c:\program files (x86)\SupTab\SupTab.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]

"iCloudServices"="d:\apple\Internet Services\iCloudServices.exe" [2013-11-20 59720]

"ApplePhotoStreams"="d:\apple\Internet Services\ApplePhotoStreams.exe" [2013-11-20 59720]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-01-21 40448]

"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]

"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]

"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]

"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-01-28 907776]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2012-06-28 5993216]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]

"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2012-06-28 1173712]

"AvastUI.exe"="d:\avast\AvastUI.exe" [2014-07-31 4085896]

"ControlCenter4"="c:\program files (x86)\ControlCenter4\BrCcBoot.exe" [2014-06-16 139776]

"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2014-05-22 4513792]

"BrHelp"="c:\program files (x86)\Brother\Brother Help\BrotherHelp.exe" [2013-01-18 2009088]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]

"iTunesHelper"="d:\itunes\iTunesHelper.exe" [2014-08-01 152392]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-3-11 1083680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"EnableLinkedConnections"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]

R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]

R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]

R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]

R3 CYDTV_SRV;cydtv Driver;c:\windows\system32\drivers\cydtv.sys;c:\windows\SYSNATIVE\drivers\cydtv.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]

R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys;c:\windows\SYSNATIVE\drivers\hcw17bda.sys [x]

R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]

R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 Rockey_USB;Feitian ROCKEY4 USB Service;c:\windows\system32\DRIVERS\Rockey4USB.sys;c:\windows\SYSNATIVE\DRIVERS\Rockey4USB.sys [x]

R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

R3 SaiH5F0D;SaiH5F0D;c:\windows\system32\DRIVERS\SaiH5F0D.sys;c:\windows\SYSNATIVE\DRIVERS\SaiH5F0D.sys [x]

R3 SaiU5F0D;SaiU5F0D;c:\windows\system32\DRIVERS\SaiU5F0D.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU5F0D.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 TTUSB2BDA_NTAMD64;TTUSB2BDA USB 2.0 Driver AMD64;c:\windows\system32\DRIVERS\ttusb2bda_amd64.sys;c:\windows\SYSNATIVE\DRIVERS\ttusb2bda_amd64.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

S0 aswRvrt;avast! Revert; [x]

S0 aswVmm;avast! VM Monitor; [x]

S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys;c:\windows\SYSNATIVE\DRIVERS\fltsrv.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S0 vididr;Acronis Virtual Disk;c:\windows\system32\DRIVERS\vididr.sys;c:\windows\SYSNATIVE\DRIVERS\vididr.sys [x]

S0 vidsflt67;Acronis Disk Storage Filter (67);c:\windows\system32\DRIVERS\vsflt67.sys;c:\windows\SYSNATIVE\DRIVERS\vsflt67.sys [x]

S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 {09F57980-3432-4AFC-957D-27AC45FAE1F5};Power Control [2013/12/15 16:40];d:\powerdvd13\PowerDVD13\Common\NavFilter\000.fcl;d:\powerdvd13\PowerDVD13\Common\NavFilter\000.fcl [x]

S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\AAVUpdateManager\aavus.exe;c:\program files (x86)\AAVUpdateManager\aavus.exe [x]

S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]

S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]

S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

S2 CyberLink PowerDVD 13 Media Server Monitor Service;CyberLink PowerDVD 13 Media Server Monitor Service;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [x]

S2 CyberLink PowerDVD 13 Media Server Service;CyberLink PowerDVD 13 Media Server Service;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe;d:\powerdvd13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [x]

S2 DVBLinkServer2;DVBLink Server;d:\dvblogic\DVBLink2\DVBLinkServer.exe;d:\dvblogic\DVBLink2\DVBLinkServer.exe [x]

S2 HauppaugeTVServer;HauppaugeTVServer;d:\wintv\TVServer\HauppaugeTVServer.exe;d:\wintv\TVServer\HauppaugeTVServer.exe [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S2 syncagentsrv;Acronis Sync Agent Service;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe;c:\program files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [x]

S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]

S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]

S2 UI Assistant Service;UI Assistant Service;d:\1&1 surf-stick\AssistantServices.exe;d:\1&1 surf-stick\AssistantServices.exe [x]

S2 WindowsMangerProtect;WindowsMangerProtect Service;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe;c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe [x]

S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]

S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys;c:\windows\SYSNATIVE\drivers\btusbflt.sys [x]

S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

S3 dvblinkcap;DVBLink Capture #1;c:\windows\system32\DRIVERS\dvblinkcap.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap.sys [x]

S3 dvblinkcap2;DVBLink Capture #2;c:\windows\system32\DRIVERS\dvblinkcap2.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap2.sys [x]

S3 dvblinkcap3;DVBLink Capture #3;c:\windows\system32\DRIVERS\dvblinkcap3.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap3.sys [x]

S3 dvblinkcap4;DVBLink Capture #4;c:\windows\system32\DRIVERS\dvblinkcap4.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinkcap4.sys [x]

S3 dvblinktun;DVBLink Tuner #1;c:\windows\system32\DRIVERS\dvblinktun.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun.sys [x]

S3 dvblinktun2;DVBLink Tuner #2;c:\windows\system32\DRIVERS\dvblinktun2.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun2.sys [x]

S3 dvblinktun3;DVBLink Tuner #3;c:\windows\system32\DRIVERS\dvblinktun3.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun3.sys [x]

S3 dvblinktun4;DVBLink Tuner #4;c:\windows\system32\DRIVERS\dvblinktun4.sys;c:\windows\SYSNATIVE\DRIVERS\dvblinktun4.sys [x]

S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIc.sys [x]

S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys;c:\windows\SYSNATIVE\DRIVERS\FLxHCIh.sys [x]

S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]

S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;c:\windows\system32\DRIVERS\LGSHidFilt.Sys;c:\windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

Inhalt des "geplante Tasks" Ordners

.

2014-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 08:31]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2014-07-13 13:08        634872        ----a-w-        d:\avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]

"IntelTBRunOnce"="wscript.exe" [2013-10-12 168960]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]

"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]

"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2013-11-14 8292120]

"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2012-06-28 403688]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-22 11075176]

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

mDefault_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

mStart Page = hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

mLocal Page = c:\windows\SysWOW64\blank.htm

mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}

uInternet Settings,ProxyOverride = *.local

IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Nach Microsoft E&xel exportieren - d:\micros~1\Office12\EXCEL.EXE/3000

Trusted Zone: clonewarsadventures.com

Trusted Zone: freerealms.com

Trusted Zone: soe.com

Trusted Zone: sony.com

TCP: DhcpNameServer = 192.168.0.1

FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\

FF - prefs.js: browser.startup.homepage - hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA

.

- - - - Entfernte verwaiste Registrierungseinträge - - - -

.

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

ShellIconOverlayIdentifiers- - (no file)

AddRemove-Dungeon Keeper II - c:\windows\IsUn0407.exe

AddRemove-Mafia Game - c:\windows\system32\MafiaSetup.exe

AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{09F57980-3432-4AFC-957D-27AC45FAE1F5}]

"ImagePath"="\??\d:\powerdvd13\PowerDVD13\Common\NavFilter\000.fcl"

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_USERS\S-1-5-21-461601121-2454032722-3572995621-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:3a,cf,53,18,0e,9a,85,7c,62,c9,16,cf,aa,68,73,5a,de,ff,42,dc,10,30,70,

   ba,18,f9,e1,91,2f,ff,1e,1d,f8,54,60,1f,67,3d,5f,e3,3a,32,a8,f4,07,9b,fb,55,\

"??"=hex:46,e3,4d,3a,22,cc,5a,fb,6a,9a,3d,ab,8f,cb,0e,51

.

[HKEY_USERS\S-1-5-21-461601121-2454032722-3572995621-1000\Software\SecuROM\License information*]

"datasecu"=hex:8c,22,38,27,cb,66,01,8a,6f,75,a2,b7,ac,37,ae,04,c0,bf,b7,04,77,

   1d,50,6f,4d,5d,b0,0a,b5,9d,6a,19,ec,b9,4c,cc,7b,be,6a,d3,95,19,40,ad,5f,b5,\

"rkeysecu"=hex:95,d4,32,79,72,4b,dd,84,6d,49,5d,d4,4a,8c,49,36

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_176_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_176_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.14"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_176.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe

c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

d:\avast\AvastSvc.exe

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

d:\nero 8\Nero BackItUp\NBService.exe

c:\windows\SysWOW64\IoctlSvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe

d:\avast\AvastEmUpdate.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2014-08-28  19:19:30 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2014-08-28 17:19

ComboFix2.txt  2014-05-24 18:37

.

Vor Suchlauf: 14 Verzeichnis(se), 21.969.104.896 Bytes frei

Nach Suchlauf: 16 Verzeichnis(se), 20.358.598.656 Bytes frei

.

- - End Of File - - 813AC38CDDA5BCA0FA4756D1DBB503CE

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Hier sämtliche Scans:

Malwarebytes Anti-Malware:

Code:

Malwarebytes Anti-Malware

www.malwarebytes.org
 

Suchlauf Datum: 29.08.2014

Suchlauf-Zeit: 21:25:15

Logdatei: mbam.txt

Administrator: Ja
 

Version: 2.00.2.1012

Malware Datenbank: v2014.08.29.05

Rootkit Datenbank: v2014.08.21.01

Lizenz: Kostenlos

Malware Schutz: Deaktiviert

Bösartiger Webseiten Schutz: Deaktiviert

Self-protection: Deaktiviert
 

Betriebssystem: Windows 7 Service Pack 1

CPU: x64

Dateisystem: NTFS

Benutzer: ***
 

Suchlauf-Art: Bedrohungs-Suchlauf

Ergebnis: Abgeschlossen

Durchsuchte Objekte: 404429

Verstrichene Zeit: 8 Min, 45 Sek
 

Speicher: Aktiviert

Autostart: Aktiviert

Dateisystem: Aktiviert

Archive: Aktiviert

Rootkits: Deaktiviert

Heuristics: Aktiviert

PUP: Aktiviert

PUM: Aktiviert
 

Prozesse: 1

PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1896, Löschen bei Neustart, [4118f7d51566fe38a5779d1288796a96]
 

Module: 0

(No malicious items detected)
 

Registrierungsschlüssel: 16

PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, In Quarantäne, [4118f7d51566fe38a5779d1288796a96], 

PUP.Optional.WindowsProtectManger.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WindowsMangerProtect, In Quarantäne, [4118f7d51566fe38a5779d1288796a96], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2039d5f7abd090a66530fe7cca38956b], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2039d5f7abd090a66530fe7cca38956b], 

PUP.Optional.SupTab.A, HKU\S-1-5-21-461601121-2454032722-3572995621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2039d5f7abd090a66530fe7cca38956b], 

PUP.Optional.SupTab.A, HKU\S-1-5-21-461601121-2454032722-3572995621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [2039d5f7abd090a66530fe7cca38956b], 

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [0752626ab2c93bfbfef4c578f70d6898], 

PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [045525a73744b28498d4fe540103ce32], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [4514745890ebbe7835d78f5dc63c2cd4], 

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [1f3a5c706e0de65088f441ceaa595ea2], 

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [8acf5f6dd1aac3730ce6a499679dce32], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [aeabb319e9921422983fba3137cb24dc], 

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [2237309cafccbb7b75967c70c240ae52], 

PUP.Optional.WebSearches.A, HKU\S-1-5-21-461601121-2454032722-3572995621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [d089ae1e611a1224c1082fbe857df907], 

PUP.Optional.Qone8, HKU\S-1-5-21-461601121-2454032722-3572995621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bb9eac20601bd95d4fa2d26ba06444bc], 

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\webssearches uninstall, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 
 

Registrierungswerte: 4

PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com, In Quarantäne, [99c085477dfe5dd98103b39e838116ea]

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [aeabb319e9921422983fba3137cb24dc]

PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, irs, In Quarantäne, [2237309cafccbb7b75967c70c240ae52]

PUP.Optional.FastStart.A, HKU\S-1-5-21-461601121-2454032722-3572995621-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [3b1e408c85f6b383c0cc43b4659d20e0]
 

Registrierungsdaten: 8

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "D:\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA, Gut: (firefox.exe), Schlecht: ("D:\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA),Ersetzt,[5ffa18b4710af0462b7aeeecc53fa858]

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA),Ersetzt,[fb5e7a52215ab185f6a9c6142ada50b0]

PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[62f7f4d8dba044f2dcf07d675ea6b34d]

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "D:\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA, Gut: (firefox.exe), Schlecht: ("D:\Mozilla Firefox\firefox.exe" hxxp://istart.webssearches.com/?type=sc&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA),Ersetzt,[c099e9e32457ed49d7ce8e4cfd0735cb]

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA&q={searchTerms}),Ersetzt,[c990fdcf0576c274633a00da13f1c33d]

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA),Ersetzt,[6ced369642393ef8a3f87c5e8e76e61a]

PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/?type=hp&ts=1409168539&from=irs&uid=ST9750420AS_5WS2DTNAXXXX5WS2DTNA),Ersetzt,[75e4ece03a4176c0cdd2ba20a85c26da]

PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a2b7c507afcce84e5f6d8e563ec6837d]
 

Ordner: 65

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\defaults, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Löschen bei Neustart, [085156767605b68017ffb5260af8c13f], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [085156767605b68017ffb5260af8c13f], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [085156767605b68017ffb5260af8c13f], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 
 

Dateien: 155

PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Löschen bei Neustart, [4118f7d51566fe38a5779d1288796a96], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [2039d5f7abd090a66530fe7cca38956b], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\242.json, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\MessageBox.xml, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\un.ini, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\uninstallDlg2.xml, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\UninstallManager.exe, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\bg.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\bg1.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\bk_shadow.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\button.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\button1.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\checkbox.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\checkbox_select.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\checked.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\close.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\loading_bg.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\loading_light.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\min.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\scrollbar.bmp, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\Thumbs.db, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\unchecked.png, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\code1.jpg, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\code2.jpg, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\code3.jpg, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\code4.jpg, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\code5.jpg, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\code6.jpg, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.WebsSearches.A, C:\Users\***\AppData\Roaming\webssearches\images\code\Thumbs.db, In Quarantäne, [1742cc00e7943afc3850b6138f73bb45], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.FastStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [ea6f87452d4ec86ebe17fbdebc467a86], 

PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-08-27[21-42-45-683].log, In Quarantäne, [085156767605b68017ffb5260af8c13f], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [85d403c93d3ecd695ada23bed52df20e], 

PUP.Optional.QuickStart.A, C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");), Ersetzt,[6aefc9039ae1f04652f7987d10f5af51]
 

Physische Sektoren: 0

(No malicious items detected)
 
 

(end)

AdwCleaner:

Code:

# AdwCleaner v3.308 - Bericht erstellt am 29/08/2014 um 21:47:44

# Aktualisiert 20/08/2014 von Xplode

# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)

# Benutzername : *** - BLACK-STEALTH

# Gestartet von : C:\Users\***\Desktop\adwcleaner_3.308.exe

# Option : Löschen
 

***** [ Dienste ] *****
 
 

***** [ Dateien / Ordner ] *****
 

Ordner Gelöscht : C:\ProgramData\NeeXtuCouep

Ordner Gelöscht : C:\Program Files (x86)\GetPrivate

Ordner Gelöscht : C:\Program Files (x86)\NeeXtuCouep

Ordner Gelöscht : C:\Users\***\AppData\Roaming\GetPrivate

Ordner Gelöscht : C:\Users\***\AppData\Roaming\pdfforge

Ordner Gelöscht : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel

Ordner Gelöscht : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\cknebhggccemgcnbidipinkifmmegdel
 

***** [ Tasks ] *****
 
 

***** [ Verknüpfungen ] *****
 

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programme\Internet Explorer (64-bit).lnk

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programme\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programme\Mozilla Firefox.lnk

Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programme\Internet Explorer.lnk

Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Verknüpfung Desinfiziert : C:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk
 

***** [ Registrierungsdatenbank ] *****
 

Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices

Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}

Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
 

***** [ Browser ] *****
 

-\\ Internet Explorer v11.0.9600.17239
 

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
 

-\\ Mozilla Firefox v31.0 (x86 de)
 

[ Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\prefs.js ]
 

Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);

Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
 

-\\ Google Chrome v
 

*************************
 

AdwCleaner[R0].txt - [5359 octets] - [26/05/2014 19:45:30]

AdwCleaner[R1].txt - [4391 octets] - [29/08/2014 21:44:57]

AdwCleaner[S0].txt - [5262 octets] - [26/05/2014 19:46:47]

AdwCleaner[S1].txt - [3391 octets] - [29/08/2014 21:47:44]
 

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [3451 octets] ##########

JRT:

Code:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.3 (03.23.2014:1)

OS: Windows 7 Professional x64

Ran by Sven on 29.08.2014 at 22:02:13,95

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 

~~~ Services
 
 
 

~~~ Registry Values
 
 
 

~~~ Registry Keys
 
 
 

~~~ Files
 
 
 

~~~ Folders
 
 
 

~~~ Event Viewer Logs were cleared
 
 
 
 
 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 29.08.2014 at 22:05:14,90

Computer was rebooted

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014

Ran by *** (administrator) on BLACK-STEALTH on 29-08-2014 22:12:42

Running from C:\Users\***\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) D:\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files (x86)\AAVUpdateManager\aavus.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

(DVBLogic) D:\DVBLogic\DVBLink2\DVBLinkServer.exe

(Hauppauge Computer Works) D:\WinTV\TVServer\HauppaugeTVServer.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Microsoft Corporation) C:\Windows\System32\msiexec.exe

(Nero AG) D:\Nero 8\Nero BackItUp\NBService.exe

(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

() D:\1&1 Surf-Stick\AssistantServices.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Apple Inc.) D:\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) D:\Apple\Internet Services\ApplePhotoStreams.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(AVAST Software) D:\Avast\avastui.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Apple Inc.) D:\iTunes\iTunesHelper.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Apple Inc.) D:\Apple\Internet Services\APSDaemon.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)

HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [907776 2011-01-28] (Creative Technology Ltd)

HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)

HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {7885fa50-2fc3-11e1-af67-806e6f6e6963} - I:\InstAll.exe

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {8225242e-384b-11e1-b1f7-74f06dbf1989} - K:\Setup\rsrc\Autorun.exe

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {877fa340-2fe9-11e1-8ae5-806e6f6e6963} - J:\Autoplay.exe -auto

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tt-lan.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC179616C8CD8CD01

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724

FF Homepage: hxxp://flyspray.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Extension: YouTube Unblocker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\youtubeunblocker@unblocker.yt [2014-05-20]

FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\firefox@ghostery.com.xpi [2014-06-02]

FF Extension: CookieCuller - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-06-02]

FF Extension: DownThemAll! - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-20]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast\WebRep\FF

FF Extension: avast! Online Security - D:\Avast\WebRep\FF [2011-12-26]

FF HKCU\...\Firefox\Extensions: [jid1-VZC3jSUSB1KxYw@jetpack] - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack

FF Extension: skype_addon - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack [2012-02-18]

FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 

Chrome: 

=======

CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm [2014-05-18]

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak [2014-05-18]

CHR HKCU\...\Chrome\Extension: [bofpgnmdjnpjpegclhggphjeladaklnf] - C:\Users\***\AppData\Roaming\Steam\bofpgnmdjnpjpegclhggphjeladaklnf.crx [2012-02-02]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 avast! Antivirus; D:\Avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-26] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-26] (Creative Labs) [File not signed]

R2 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)

R2 CyberLink PowerDVD 13 Media Server Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)

R2 DVBLinkServer2; D:\DVBLogic\DVBLink2\DVBLinkServer.exe [1991680 2010-10-21] (DVBLogic) [File not signed]

R2 HauppaugeTVServer; D:\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 Nero BackItUp Scheduler 3; D:\Nero 8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)

R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-19] ()

R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-13] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-13] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-13] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-13] ()

S3 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-12-22] () [File not signed]

S3 CYDTV_SRV; C:\Windows\System32\drivers\cydtv.sys [576480 2010-07-13] ( )

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)

R3 dvblinkcap; C:\Windows\System32\DRIVERS\dvblinkcap.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap2; C:\Windows\System32\DRIVERS\dvblinkcap2.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap3; C:\Windows\System32\DRIVERS\dvblinkcap3.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap4; C:\Windows\System32\DRIVERS\dvblinkcap4.sys [18608 2010-07-19] (DVBLink)

R3 dvblinktun; C:\Windows\System32\DRIVERS\dvblinktun.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun2; C:\Windows\System32\DRIVERS\dvblinktun2.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun3; C:\Windows\System32\DRIVERS\dvblinktun3.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun4; C:\Windows\System32\DRIVERS\dvblinktun4.sys [20784 2010-07-19] (DVBLink)

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)

S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)

S4 ithsgt; C:\Windows\SysWOW64\DRIVERS\ithsgt.sys [162432 2012-08-16] () [File not signed]

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

S2 lilsgt; C:\Windows\System32\DRIVERS\lilsgt.sys [21504 2012-08-16] () [File not signed]

S2 lilsgt; C:\Windows\SysWOW64\DRIVERS\lilsgt.sys [12032 2012-08-16] () [File not signed]

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-29] (Malwarebytes Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)

R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [31784 2012-03-29] (Feitian Technologies Co., Ltd.)

S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [22696 2012-03-29] (Feitian Technologies Co., Ltd.)

S3 SaiH5F0D; C:\Windows\System32\DRIVERS\SaiH5F0D.sys [171144 2007-05-01] (Saitek)

S3 SaiU5F0D; C:\Windows\System32\DRIVERS\SaiU5F0D.sys [34304 2007-05-01] (Saitek)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-26] () [File not signed]

S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [737312 2008-12-16] (TechnoTrend GmbH)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-29 22:12 - 2014-08-29 22:12 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion

2014-08-29 22:05 - 2014-08-29 22:05 - 00000647 _____ () C:\Users\***\Desktop\JRT.txt

2014-08-29 21:53 - 2014-08-29 21:53 - 00003528 _____ () C:\Users\***\Desktop\AdwCleaner[S1].txt

2014-08-29 21:42 - 2014-08-29 21:44 - 00045457 _____ () C:\Users\***\Desktop\mbam.txt

2014-08-29 21:23 - 2014-08-29 21:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-29 21:23 - 2014-08-29 21:23 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-29 21:23 - 2014-08-29 21:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-29 21:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-29 21:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-29 21:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-29 21:20 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe

2014-08-29 21:19 - 2014-08-29 21:19 - 01364531 _____ () C:\Users\***\Desktop\adwcleaner_3.308.exe

2014-08-28 21:42 - 2014-08-29 21:42 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-08-28 19:24 - 2014-08-28 19:24 - 00075409 _____ () C:\Users\***\Desktop\ComboFix.txt

2014-08-28 19:19 - 2014-08-28 19:19 - 00075489 _____ () C:\ComboFix.txt

2014-08-28 18:02 - 2014-08-28 19:19 - 00000000 ____D () C:\ComboFix

2014-08-28 18:00 - 2014-08-28 06:15 - 05574834 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe

2014-08-27 22:28 - 2014-08-27 22:28 - 00003185 _____ () C:\Users\***\Desktop\Gmer.rar

2014-08-27 22:16 - 2014-08-27 22:16 - 00028975 _____ () C:\Users\***\Desktop\Gmer.txt

2014-08-27 21:54 - 2014-08-29 22:12 - 00022885 _____ () C:\Users\***\Desktop\FRST.txt

2014-08-27 21:54 - 2014-08-29 22:12 - 00000000 ____D () C:\FRST

2014-08-27 21:54 - 2014-08-27 22:04 - 00049612 _____ () C:\Users\***\Desktop\Addition.txt

2014-08-27 21:51 - 2014-08-27 21:51 - 00380416 _____ () C:\Users\***\Desktop\ghjp30nj.exe

2014-08-27 21:50 - 2014-08-29 22:12 - 02103808 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2014-08-27 21:42 - 2014-08-27 21:42 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP

2014-08-27 20:59 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 20:59 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-27 20:59 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-26 23:33 - 2014-08-26 23:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-26 23:33 - 2014-08-26 23:33 - 00000000 ____D () C:\Program Files\Java

2014-08-24 17:37 - 2014-08-24 17:37 - 00000000 ____D () C:\Users\***\AppData\Local\Sony Online Entertainment

2014-08-22 18:57 - 2014-08-22 18:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\Kalypso Media

2014-08-22 18:54 - 2014-08-22 18:54 - 00001533 _____ () C:\Users\Public\Desktop\DUNGEONS Game of the Year edition.lnk

2014-08-22 18:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-22 18:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-22 18:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-22 18:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-22 18:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-22 18:22 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-22 18:22 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-22 18:22 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-22 18:22 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-21 15:37 - 2014-08-21 15:37 - 00002477 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-21 15:37 - 2014-08-21 15:37 - 00000000 ____D () C:\Users\***\AppData\Local\Skype

2014-08-21 15:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-21 15:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-21 15:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-21 15:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-21 15:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-21 15:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-21 15:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-21 15:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-21 15:01 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-21 15:01 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-21 15:01 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-21 15:01 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-21 15:01 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-21 15:01 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-21 15:01 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-21 15:01 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-21 15:01 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-21 15:01 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-21 15:01 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-21 15:01 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-21 15:01 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-21 15:01 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-21 15:01 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-21 15:01 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-21 15:01 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-21 15:01 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-21 15:01 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-21 15:01 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-21 15:01 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-21 15:01 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-21 15:01 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-21 15:01 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-21 15:01 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-21 15:01 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-21 15:01 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-21 15:01 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-21 15:01 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-21 15:01 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-21 15:01 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-21 15:01 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-21 15:01 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-21 15:01 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-21 15:01 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-21 15:01 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-21 15:01 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-21 15:01 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-21 15:01 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-21 15:01 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-21 15:01 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-21 15:01 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-21 15:01 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-21 15:01 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-21 15:01 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-21 15:01 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-21 15:01 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-21 15:01 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-21 15:01 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-21 15:01 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-21 15:01 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-21 15:01 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-21 15:01 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-21 15:01 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-21 15:01 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-21 15:01 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-21 15:01 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-21 15:01 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-21 15:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-21 15:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-21 15:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-21 15:00 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-21 15:00 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-21 15:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-21 15:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-21 15:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iTunes

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iPod
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-29 22:13 - 2014-08-27 21:54 - 00022885 _____ () C:\Users\***\Desktop\FRST.txt

2014-08-29 22:12 - 2014-08-29 22:12 - 00000000 ____D () C:\Users\***\Desktop\FRST-OlderVersion

2014-08-29 22:12 - 2014-08-27 21:54 - 00000000 ____D () C:\FRST

2014-08-29 22:12 - 2014-08-27 21:50 - 02103808 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2014-08-29 22:07 - 2014-05-24 20:11 - 00007205 _____ () C:\Windows\setupact.log

2014-08-29 22:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-29 22:06 - 2011-12-26 15:25 - 01857003 _____ () C:\Windows\WindowsUpdate.log

2014-08-29 22:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-29 22:06 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-29 22:05 - 2014-08-29 22:05 - 00000647 _____ () C:\Users\***\Desktop\JRT.txt

2014-08-29 21:53 - 2014-08-29 21:53 - 00003528 _____ () C:\Users\***\Desktop\AdwCleaner[S1].txt

2014-08-29 21:52 - 2012-07-09 17:33 - 00004124 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-29 21:49 - 2014-05-24 20:57 - 00115574 _____ () C:\Windows\PFRO.log

2014-08-29 21:47 - 2014-05-26 19:45 - 00000000 ____D () C:\AdwCleaner

2014-08-29 21:47 - 2013-11-12 21:44 - 00000967 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-29 21:47 - 2012-05-05 17:43 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programme

2014-08-29 21:44 - 2014-08-29 21:42 - 00045457 _____ () C:\Users\***\Desktop\mbam.txt

2014-08-29 21:42 - 2014-08-28 21:42 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-08-29 21:41 - 2014-08-29 21:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-29 21:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding

2014-08-29 21:25 - 2014-06-29 00:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-29 21:23 - 2014-08-29 21:23 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-29 21:23 - 2014-08-29 21:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-29 21:19 - 2014-08-29 21:19 - 01364531 _____ () C:\Users\***\Desktop\adwcleaner_3.308.exe

2014-08-28 19:24 - 2014-08-28 19:24 - 00075409 _____ () C:\Users\***\Desktop\ComboFix.txt

2014-08-28 19:24 - 2011-12-26 15:38 - 00000000 ____D () C:\Users\***

2014-08-28 19:19 - 2014-08-28 19:19 - 00075489 _____ () C:\ComboFix.txt

2014-08-28 19:19 - 2014-08-28 18:02 - 00000000 ____D () C:\ComboFix

2014-08-28 19:19 - 2014-05-24 20:26 - 00000000 ____D () C:\Qoobox

2014-08-28 19:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-08-28 18:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-28 18:14 - 2009-07-14 04:34 - 86245376 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 26476544 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-08-28 18:13 - 2014-05-24 20:26 - 00000000 ____D () C:\Windows\erdnt

2014-08-28 18:01 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-08-28 18:01 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-08-28 18:01 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-28 06:15 - 2014-08-28 18:00 - 05574834 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe

2014-08-27 22:28 - 2014-08-27 22:28 - 00003185 _____ () C:\Users\***\Desktop\Gmer.rar

2014-08-27 22:16 - 2014-08-27 22:16 - 00028975 _____ () C:\Users\***\Desktop\Gmer.txt

2014-08-27 22:04 - 2014-08-27 21:54 - 00049612 _____ () C:\Users\***\Desktop\Addition.txt

2014-08-27 21:51 - 2014-08-27 21:51 - 00380416 _____ () C:\Users\***\Desktop\ghjp30nj.exe

2014-08-27 21:42 - 2014-08-27 21:42 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP

2014-08-27 21:37 - 2013-10-13 02:50 - 00000000 ____D () C:\Users\***\AppData\Local\Battle.net

2014-08-27 21:04 - 2009-07-14 06:45 - 05109560 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 18:37 - 2013-08-18 15:49 - 00000000 ____D () C:\Users\***\AppData\Local\20924801-609E-4B66-8071-BE0F0DC8EEC4.aplzod

2014-08-27 18:20 - 2014-03-22 19:43 - 00007891 _____ () C:\Windows\BRRBCOM.INI

2014-08-26 23:33 - 2014-08-26 23:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-26 23:33 - 2014-08-26 23:33 - 00000000 ____D () C:\Program Files\Java

2014-08-26 23:31 - 2014-07-17 21:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-26 23:31 - 2014-06-29 01:16 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-24 17:37 - 2014-08-24 17:37 - 00000000 ____D () C:\Users\***\AppData\Local\Sony Online Entertainment

2014-08-23 04:07 - 2014-08-27 20:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-27 20:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-27 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 18:58 - 2014-08-22 18:57 - 00000000 ____D () C:\Users\***\AppData\Roaming\Kalypso Media

2014-08-22 18:54 - 2014-08-22 18:54 - 00001533 _____ () C:\Users\Public\Desktop\DUNGEONS Game of the Year edition.lnk

2014-08-21 16:28 - 2014-03-22 20:22 - 00000000 ____D () C:\Users\***\AppData\Roaming\ControlCenter4

2014-08-21 16:10 - 2011-12-26 19:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype

2014-08-21 15:37 - 2014-08-21 15:37 - 00002477 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-21 15:37 - 2014-08-21 15:37 - 00000000 ____D () C:\Users\***\AppData\Local\Skype

2014-08-21 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-21 15:07 - 2013-07-10 18:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-21 15:05 - 2011-12-26 15:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iTunes

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iPod

2014-08-21 10:31 - 2014-06-29 00:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-21 10:31 - 2012-04-01 10:29 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-21 10:31 - 2011-12-26 16:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-04 19:15 - 2011-12-26 19:26 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla

2014-08-03 21:16 - 2012-05-10 22:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-03 21:16 - 2012-05-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-01 01:41 - 2014-08-21 15:01 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 01:16 - 2014-08-21 15:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 

Some content of TEMP:

====================

C:\Users\***\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-27 20:18
 

==================== End Of Log ============================

--- --- ---

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

ESET Online Scanner:

Code:

ESETSmartInstaller@High as downloader log:

all ok

# product=EOS

# version=8

# OnlineScannerApp.exe=1.0.0.1

# OnlineScanner.ocx=1.0.0.7623

# api_version=3.0.2

# EOSSerial=4a74434f1ad9644f8d4f0eac493bba5f

# engine=19921

# end=finished

# remove_checked=false

# archives_checked=true

# unwanted_checked=true

# unsafe_checked=false

# antistealth_checked=true

# utc_time=2014-08-31 05:27:28

# local_time=2014-08-31 07:27:28 (+0100, Mitteleuropäische Sommerzeit)

# country="Germany"

# lang=1031

# osver=6.1.7601 NT Service Pack 1

# compatibility_mode_1='avast! Antivirus'

# compatibility_mode=783 16777213 100 97 852409 173883338 0 0

# compatibility_mode_1=''

# compatibility_mode=5893 16776573 100 94 119166 161092698 0 0

# scanned=389628

# found=2

# cleaned=0

# scan_time=12007

sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"

sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"

SecurityCheck:

Code:

 Results of screen317's Security Check version 0.99.87  

 Windows 7 Service Pack 1 x64 (UAC is enabled)  

 Internet Explorer 11  
 ``````````````Antivirus/Firewall Check:`````````````` 

avast! Antivirus   

 Antivirus out of date!  
 `````````Anti-malware/Other Utilities Check:````````` 

 Java 7 Update 60  

 Java 8 Update 20  

 Java version out of Date! 

 Adobe Flash Player 14.0.0.179  

 Adobe Reader 10.1.11 Adobe Reader out of Date!  

 Mozilla Firefox (31.0) 
 ````````Process Check: objlist.exe by Laurent````````  

 AvastSvc.exe    

 avastui.exe    
 `````````````````System Health check````````````````` 

 Total Fragmentation on Drive C:  
 ````````````````````End of Log``````````````````````

FRST:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-08-2014

Ran by *** (administrator) on BLACK-STEALTH on 31-08-2014 11:23:46

Running from C:\Users\***\Desktop

Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)

Internet Explorer Version 11

Boot Mode: Normal
 
 
 

==================== Processes (Whitelisted) =================
 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe

(AVAST Software) D:\Avast\AvastSvc.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe

() C:\Program Files (x86)\AAVUpdateManager\aavus.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe

(CyberLink) D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe

(DVBLogic) D:\DVBLogic\DVBLink2\DVBLinkServer.exe

(Hauppauge Computer Works) D:\WinTV\TVServer\HauppaugeTVServer.exe

(ASUS) C:\Program Files\P4G\BatteryLife.exe

(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe

(ASUS) C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe

(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe

(Nero AG) D:\Nero 8\Nero BackItUp\NBService.exe

(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe

() C:\Windows\SysWOW64\PnkBstrA.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe

(Intel(R) Corporation) C:\Program Files\Intel\TurboBoost\TurboBoost.exe

() D:\1&1 Surf-Stick\AssistantServices.exe

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe

(Acronis) C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe

(Apple Inc.) D:\Apple\Internet Services\iCloudServices.exe

(Apple Inc.) D:\Apple\Internet Services\ApplePhotoStreams.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

(Windows (R) Win 7 DDK provider) C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe

(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe

() C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe

(Acronis) C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe

(AVAST Software) D:\Avast\avastui.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe

(Apple Inc.) D:\iTunes\iTunesHelper.exe

(Brother Industries, Ltd.) C:\Program Files (x86)\Browny02\BrYNSvc.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe

(Apple Inc.) D:\Apple\Internet Services\APSDaemon.exe

(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Apple Inc.) D:\Apple\Internet Services\ApplePhotoStreamsDownloader.exe
 
 

==================== Registry (Whitelisted) ==================
 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2392360 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"

HKLM\...\Run: [THXCfg64] => C:\Windows\system32\RunDLL32.exe C:\Windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64

HKLM\...\Run: [SynAsusAcpi] => C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [92968 2010-10-08] (Synaptics Incorporated)

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [8292120 2013-11-14] (Logitech Inc.)

HKLM\...\Run: [Acronis Scheduler2 Service] => C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [403688 2012-06-28] (Acronis)

HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11075176 2010-07-22] (Realtek Semiconductor)

HKLM-x32\...\Run: [FLxHCIm] => C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe [40448 2011-01-21] (Windows (R) Win 7 DDK provider)

HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-17] (ASUS)

HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)

HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)

HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [1601536 2010-09-23] ()

HKLM-x32\...\Run: [THX TruStudio NB Settings] => C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe [907776 2011-01-28] (Creative Technology Ltd)

HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)

HKLM-x32\...\Run: [TrueImageMonitor.exe] => C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [5993216 2012-06-28] (Acronis)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [AcronisTimounterMonitor] => C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe [1173712 2012-06-28] (Acronis)

HKLM-x32\...\Run: [AvastUI.exe] => D:\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)

HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [139776 2014-06-16] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [4513792 2014-05-22] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [BrHelp] => C:\Program Files (x86)\Brother\Brother Help\BrotherHelp.exe [2009088 2013-01-18] (Brother Industries, Ltd.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [iTunesHelper] => D:\iTunes\iTunesHelper.exe [152392 2014-08-01] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1000\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [AdobeBridge] => [X]

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [iCloudServices] => D:\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\Run: [ApplePhotoStreams] => D:\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {7885fa50-2fc3-11e1-af67-806e6f6e6963} - I:\InstAll.exe

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {8225242e-384b-11e1-b1f7-74f06dbf1989} - K:\Setup\rsrc\Autorun.exe

HKU\S-1-5-21-461601121-2454032722-3572995621-1005\...\MountPoints2: {877fa340-2fe9-11e1-8ae5-806e6f6e6963} - J:\Autoplay.exe -auto

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => D:\Avast\ashShA64.dll (AVAST Software)
 

==================== Internet (Whitelisted) ====================
 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.tt-lan.de/

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC179616C8CD8CD01

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com

StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe

BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE64.dll (AVAST Software)

BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)

BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\ssv.dll (Oracle Corporation)

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> D:\Avast\aswWebRepIE.dll (AVAST Software)

BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)

BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\jp2ssv.dll (Oracle Corporation)

Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File

Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File

Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File

DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 

FireFox:

========

FF ProfilePath: C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724

FF Homepage: hxxp://flyspray.de/

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()

FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @java.com/DTPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.20.2 -> C:\Program Files (x86)\Java\jre1.8.0_20\bin\plugin2\npjp2.dll (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File

FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> D:\VideoLAN\VLC\npvlc.dll (VideoLAN)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Plugin HKCU: ubisoft.com/uplaypc -> C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()

FF Extension: YouTube Unblocker - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\youtubeunblocker@unblocker.yt [2014-05-20]

FF Extension: Ghostery - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\firefox@ghostery.com.xpi [2014-06-02]

FF Extension: CookieCuller - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{99B98C2C-7274-45a3-A640-D9DF1A1C8460}.xpi [2014-06-02]

FF Extension: DownThemAll! - C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\8k2w2jkw.default-1400622986724\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-20]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - D:\Avast\WebRep\FF

FF Extension: avast! Online Security - D:\Avast\WebRep\FF [2011-12-26]

FF HKCU\...\Firefox\Extensions: [jid1-VZC3jSUSB1KxYw@jetpack] - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack

FF Extension: skype_addon - C:\Users\***\AppData\Roaming\Steam\jid1-VZC3jSUSB1KxYw@jetpack [2012-02-18]

FF StartMenuInternet: FIREFOX.EXE - firefox.exe
 

Chrome: 

=======

CHR Profile: C:\Users\***\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\caghfdecfohghebhagkkijpkomohkmfm [2014-05-18]

CHR Extension: (No Name) - C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\llhdpmoidjebhjmdgeobfkeipaegeaak [2014-05-18]

CHR HKCU\...\Chrome\Extension: [bofpgnmdjnpjpegclhggphjeladaklnf] - C:\Users\***\AppData\Roaming\Steam\bofpgnmdjnpjpegclhggphjeladaklnf.crx [2012-02-02]

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - D:\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-13]
 

==================== Services (Whitelisted) =================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 AAV UpdateService; C:\Program Files (x86)\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()

R2 avast! Antivirus; D:\Avast\AvastSvc.exe [50344 2014-07-13] (AVAST Software)

R3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2013-09-25] (Brother Industries, Ltd.) [File not signed]

S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2011-12-26] (Creative Labs) [File not signed]

S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2011-12-26] (Creative Labs) [File not signed]

R2 CyberLink PowerDVD 13 Media Server Monitor Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSMonitorServicePDVD13.exe [77576 2013-03-20] (CyberLink)

R2 CyberLink PowerDVD 13 Media Server Service; D:\PowerDVD13\PowerDVD13\Kernel\DMS\CLMSServerPDVD13.exe [323336 2013-03-20] (CyberLink)

R2 DVBLinkServer2; D:\DVBLogic\DVBLink2\DVBLinkServer.exe [1991680 2010-10-21] (DVBLogic) [File not signed]

R2 HauppaugeTVServer; D:\WinTV\TVServer\HauppaugeTVServer.exe [570368 2011-10-27] (Hauppauge Computer Works) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]

R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]

R2 Nero BackItUp Scheduler 3; D:\Nero 8\Nero BackItUp\NBService.exe [877864 2008-12-02] (Nero AG)

S3 NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [537896 2008-12-12] (Nero AG)

R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [81920 2006-12-19] (Prolific Technology Inc.) [File not signed]

R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75136 2013-09-19] ()

R2 UI Assistant Service; D:\1&1 Surf-Stick\AssistantServices.exe [253264 2010-12-08] ()
 

==================== Drivers (Whitelisted) ====================
 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-13] ()

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-13] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-13] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-13] ()

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-07-13] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-13] (AVAST Software)

S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-13] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-13] ()

S3 CdaC15BA; C:\Windows\SysWOW64\drivers\CDAC15BA.SYS [8864 2012-12-22] () [File not signed]

S3 CYDTV_SRV; C:\Windows\System32\drivers\cydtv.sys [576480 2010-07-13] ( )

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [279616 2012-01-06] (DT Soft Ltd)

R3 dvblinkcap; C:\Windows\System32\DRIVERS\dvblinkcap.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap2; C:\Windows\System32\DRIVERS\dvblinkcap2.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap3; C:\Windows\System32\DRIVERS\dvblinkcap3.sys [18608 2010-07-19] (DVBLink)

R3 dvblinkcap4; C:\Windows\System32\DRIVERS\dvblinkcap4.sys [18608 2010-07-19] (DVBLink)

R3 dvblinktun; C:\Windows\System32\DRIVERS\dvblinktun.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun2; C:\Windows\System32\DRIVERS\dvblinktun2.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun3; C:\Windows\System32\DRIVERS\dvblinktun3.sys [20784 2010-07-19] (DVBLink)

R3 dvblinktun4; C:\Windows\System32\DRIVERS\dvblinktun4.sys [20784 2010-07-19] (DVBLink)

R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [50176 2011-01-21] (Fresco Logic)

S3 hcw17bda; C:\Windows\System32\drivers\hcw17bda.sys [67456 2010-01-27] (Hauppauge Computer Works, Inc.)

S4 ithsgt; C:\Windows\SysWOW64\DRIVERS\ithsgt.sys [162432 2012-08-16] () [File not signed]

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )

R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)

S2 lilsgt; C:\Windows\System32\DRIVERS\lilsgt.sys [21504 2012-08-16] () [File not signed]

S2 lilsgt; C:\Windows\SysWOW64\DRIVERS\lilsgt.sys [12032 2012-08-16] () [File not signed]

S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-08-29] (Malwarebytes Corporation)

R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)

R3 ROCKEYNT; C:\Windows\System32\DRIVERS\Rockey4.sys [31784 2012-03-29] (Feitian Technologies Co., Ltd.)

S3 Rockey_USB; C:\Windows\System32\DRIVERS\Rockey4USB.sys [22696 2012-03-29] (Feitian Technologies Co., Ltd.)

S3 SaiH5F0D; C:\Windows\System32\DRIVERS\SaiH5F0D.sys [171144 2007-05-01] (Saitek)

S3 SaiU5F0D; C:\Windows\System32\DRIVERS\SaiU5F0D.sys [34304 2007-05-01] (Saitek)

R0 sptd; C:\Windows\System32\Drivers\sptd.sys [530488 2011-12-26] () [File not signed]

S3 TTUSB2BDA_NTAMD64; C:\Windows\System32\DRIVERS\ttusb2bda_amd64.sys [737312 2008-12-16] (TechnoTrend GmbH)

R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13832 2010-04-16] ()

R2 {09F57980-3432-4AFC-957D-27AC45FAE1F5}; D:\PowerDVD13\PowerDVD13\Common\NavFilter\000.fcl [130320 2013-03-19] (CyberLink Corp.)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 cleanhlp; \??\C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [X]
 

==================== NetSvcs (Whitelisted) ===================
 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 

==================== One Month Created Files and Folders ========
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-31 11:21 - 2014-08-31 11:21 - 00000864 _____ () C:\Users\***\Desktop\checkup.txt

2014-08-31 11:13 - 2014-08-31 07:27 - 00001256 _____ () C:\Users\***\Desktop\ESET.txt

2014-08-30 15:57 - 2014-08-30 15:57 - 00854417 _____ () C:\Users\***\Desktop\SecurityCheck.exe

2014-08-29 22:05 - 2014-08-29 22:05 - 00000647 _____ () C:\Users\***\Desktop\JRT.txt

2014-08-29 21:53 - 2014-08-29 21:53 - 00003528 _____ () C:\Users\***\Desktop\AdwCleaner[S1].txt

2014-08-29 21:42 - 2014-08-29 21:44 - 00045457 _____ () C:\Users\***\Desktop\mbam.txt

2014-08-29 21:23 - 2014-08-29 21:41 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-29 21:23 - 2014-08-29 21:23 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-29 21:23 - 2014-08-29 21:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-29 21:23 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-08-29 21:23 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-08-29 21:23 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-08-29 21:20 - 2014-04-06 08:36 - 01016261 _____ (Thisisu) C:\Users\***\Desktop\JRT.exe

2014-08-29 21:19 - 2014-08-29 21:19 - 01364531 _____ () C:\Users\***\Desktop\adwcleaner_3.308.exe

2014-08-28 21:42 - 2014-08-29 21:42 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-08-28 19:24 - 2014-08-28 19:24 - 00075409 _____ () C:\Users\***\Desktop\ComboFix.txt

2014-08-28 19:19 - 2014-08-28 19:19 - 00075489 _____ () C:\ComboFix.txt

2014-08-28 18:02 - 2014-08-28 19:19 - 00000000 ____D () C:\ComboFix

2014-08-28 18:00 - 2014-08-28 06:15 - 05574834 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe

2014-08-27 22:28 - 2014-08-27 22:28 - 00003185 _____ () C:\Users\***\Desktop\Gmer.rar

2014-08-27 22:16 - 2014-08-27 22:16 - 00028975 _____ () C:\Users\***\Desktop\Gmer.txt

2014-08-27 21:54 - 2014-08-31 11:23 - 00022844 _____ () C:\Users\***\Desktop\FRST.txt

2014-08-27 21:54 - 2014-08-31 11:23 - 00000000 ____D () C:\FRST

2014-08-27 21:54 - 2014-08-27 22:04 - 00049612 _____ () C:\Users\***\Desktop\Addition.txt

2014-08-27 21:51 - 2014-08-27 21:51 - 00380416 _____ () C:\Users\***\Desktop\ghjp30nj.exe

2014-08-27 21:50 - 2014-08-29 22:12 - 02103808 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2014-08-27 21:42 - 2014-08-27 21:42 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP

2014-08-27 20:59 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-27 20:59 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-27 20:59 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-26 23:33 - 2014-08-26 23:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-26 23:33 - 2014-08-26 23:33 - 00000000 ____D () C:\Program Files\Java

2014-08-24 17:37 - 2014-08-24 17:37 - 00000000 ____D () C:\Users\***\AppData\Local\Sony Online Entertainment

2014-08-22 18:57 - 2014-08-22 18:58 - 00000000 ____D () C:\Users\***\AppData\Roaming\Kalypso Media

2014-08-22 18:54 - 2014-08-22 18:54 - 00001533 _____ () C:\Users\Public\Desktop\DUNGEONS Game of the Year edition.lnk

2014-08-22 18:22 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-08-22 18:22 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-08-22 18:22 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-08-22 18:22 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-08-22 18:22 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-08-22 18:22 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-08-22 18:22 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-08-22 18:22 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-08-22 18:22 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-08-22 18:22 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-08-21 15:37 - 2014-08-21 15:37 - 00002477 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-21 15:37 - 2014-08-21 15:37 - 00000000 ____D () C:\Users\***\AppData\Local\Skype

2014-08-21 15:02 - 2014-07-01 00:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll

2014-08-21 15:02 - 2014-07-01 00:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll

2014-08-21 15:02 - 2014-06-06 08:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe

2014-08-21 15:02 - 2014-06-06 08:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe

2014-08-21 15:02 - 2014-03-09 23:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe

2014-08-21 15:02 - 2014-03-09 23:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll

2014-08-21 15:02 - 2014-03-09 23:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe

2014-08-21 15:02 - 2014-03-09 23:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

2014-08-21 15:01 - 2014-08-01 01:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-21 15:01 - 2014-08-01 01:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-08-21 15:01 - 2014-07-25 16:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-08-21 15:01 - 2014-07-25 16:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb

2014-08-21 15:01 - 2014-07-25 16:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll

2014-08-21 15:01 - 2014-07-25 15:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-08-21 15:01 - 2014-07-25 15:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-08-21 15:01 - 2014-07-25 15:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-08-21 15:01 - 2014-07-25 15:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-08-21 15:01 - 2014-07-25 15:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-08-21 15:01 - 2014-07-25 15:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-08-21 15:01 - 2014-07-25 15:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-08-21 15:01 - 2014-07-25 15:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-08-21 15:01 - 2014-07-25 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb

2014-08-21 15:01 - 2014-07-25 15:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-08-21 15:01 - 2014-07-25 15:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-08-21 15:01 - 2014-07-25 15:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-08-21 15:01 - 2014-07-25 14:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-08-21 15:01 - 2014-07-25 14:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe

2014-08-21 15:01 - 2014-07-25 14:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-08-21 15:01 - 2014-07-25 14:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-08-21 15:01 - 2014-07-25 14:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-08-21 15:01 - 2014-07-25 14:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-08-21 15:01 - 2014-07-25 14:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-08-21 15:01 - 2014-07-25 14:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-08-21 15:01 - 2014-07-25 14:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-08-21 15:01 - 2014-07-25 14:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-08-21 15:01 - 2014-07-25 14:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-08-21 15:01 - 2014-07-25 14:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-08-21 15:01 - 2014-07-25 14:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-08-21 15:01 - 2014-07-25 14:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-08-21 15:01 - 2014-07-25 14:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-08-21 15:01 - 2014-07-25 14:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-08-21 15:01 - 2014-07-25 14:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-08-21 15:01 - 2014-07-25 14:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-08-21 15:01 - 2014-07-25 14:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-08-21 15:01 - 2014-07-25 13:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-08-21 15:01 - 2014-07-25 13:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-08-21 15:01 - 2014-07-25 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-08-21 15:01 - 2014-07-25 13:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-08-21 15:01 - 2014-07-25 13:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-08-21 15:01 - 2014-07-25 13:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll

2014-08-21 15:01 - 2014-07-25 13:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-08-21 15:01 - 2014-07-25 13:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-08-21 15:01 - 2014-07-25 13:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-08-21 15:01 - 2014-07-25 13:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-08-21 15:01 - 2014-07-25 13:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-08-21 15:01 - 2014-07-25 13:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-08-21 15:01 - 2014-07-25 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll

2014-08-21 15:01 - 2014-07-25 13:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-08-21 15:01 - 2014-07-25 12:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-08-21 15:01 - 2014-07-25 12:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-08-21 15:01 - 2014-07-25 12:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-08-21 15:01 - 2014-07-25 12:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-08-21 15:01 - 2014-07-25 12:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-08-21 15:01 - 2014-07-25 12:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-08-21 15:01 - 2014-07-16 05:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll

2014-08-21 15:01 - 2014-07-16 04:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-08-21 15:01 - 2014-06-03 12:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-08-21 15:01 - 2014-06-03 11:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-08-21 15:01 - 2014-06-03 11:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-08-21 15:01 - 2014-06-03 11:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-08-21 15:00 - 2014-07-14 04:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll

2014-08-21 15:00 - 2014-07-14 03:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll

2014-08-21 15:00 - 2014-06-25 04:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-08-21 15:00 - 2014-06-25 03:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-08-21 15:00 - 2014-06-16 04:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iTunes

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iPod
 

==================== One Month Modified Files and Folders =======
 

(If an entry is included in the fixlist, the file\folder will be moved.)
 

2014-08-31 11:24 - 2014-08-27 21:54 - 00022844 _____ () C:\Users\***\Desktop\FRST.txt

2014-08-31 11:23 - 2014-08-27 21:54 - 00000000 ____D () C:\FRST

2014-08-31 11:21 - 2014-08-31 11:21 - 00000864 _____ () C:\Users\***\Desktop\checkup.txt

2014-08-31 10:25 - 2014-06-29 00:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-08-31 10:21 - 2011-12-26 15:25 - 01889176 _____ () C:\Windows\WindowsUpdate.log

2014-08-31 07:27 - 2014-08-31 11:13 - 00001256 _____ () C:\Users\***\Desktop\ESET.txt

2014-08-31 00:59 - 2011-12-26 20:31 - 00000000 ____D () C:\Users\***\AppData\Roaming\vlc

2014-08-31 00:19 - 2011-04-12 09:43 - 00699682 _____ () C:\Windows\system32\perfh007.dat

2014-08-31 00:19 - 2011-04-12 09:43 - 00149790 _____ () C:\Windows\system32\perfc007.dat

2014-08-31 00:19 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-08-30 15:57 - 2014-08-30 15:57 - 00854417 _____ () C:\Users\***\Desktop\SecurityCheck.exe

2014-08-30 15:31 - 2012-07-09 17:33 - 00004124 _____ () C:\Windows\System32\Tasks\avast! Emergency Update

2014-08-30 03:25 - 2011-12-29 12:46 - 00000000 ____D () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games

2014-08-29 22:16 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2014-08-29 22:16 - 2009-07-14 06:45 - 00021872 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2014-08-29 22:12 - 2014-08-27 21:50 - 02103808 _____ (Farbar) C:\Users\***\Desktop\FRST64.exe

2014-08-29 22:07 - 2014-05-24 20:11 - 00007205 _____ () C:\Windows\setupact.log

2014-08-29 22:07 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-08-29 22:05 - 2014-08-29 22:05 - 00000647 _____ () C:\Users\***\Desktop\JRT.txt

2014-08-29 21:53 - 2014-08-29 21:53 - 00003528 _____ () C:\Users\***\Desktop\AdwCleaner[S1].txt

2014-08-29 21:49 - 2014-05-24 20:57 - 00115574 _____ () C:\Windows\PFRO.log

2014-08-29 21:47 - 2014-05-26 19:45 - 00000000 ____D () C:\AdwCleaner

2014-08-29 21:47 - 2013-11-12 21:44 - 00000967 _____ () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

2014-08-29 21:47 - 2012-05-05 17:43 - 00000000 ___RD () C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programme

2014-08-29 21:44 - 2014-08-29 21:42 - 00045457 _____ () C:\Users\***\Desktop\mbam.txt

2014-08-29 21:42 - 2014-08-28 21:42 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll

2014-08-29 21:41 - 2014-08-29 21:23 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-08-29 21:37 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding

2014-08-29 21:23 - 2014-08-29 21:23 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-08-29 21:23 - 2014-08-29 21:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-08-29 21:19 - 2014-08-29 21:19 - 01364531 _____ () C:\Users\***\Desktop\adwcleaner_3.308.exe

2014-08-28 19:24 - 2014-08-28 19:24 - 00075409 _____ () C:\Users\***\Desktop\ComboFix.txt

2014-08-28 19:24 - 2011-12-26 15:38 - 00000000 ____D () C:\Users\***

2014-08-28 19:19 - 2014-08-28 19:19 - 00075489 _____ () C:\ComboFix.txt

2014-08-28 19:19 - 2014-08-28 18:02 - 00000000 ____D () C:\ComboFix

2014-08-28 19:19 - 2014-05-24 20:26 - 00000000 ____D () C:\Qoobox

2014-08-28 19:17 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini

2014-08-28 18:52 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache

2014-08-28 18:14 - 2009-07-14 04:34 - 86245376 _____ () C:\Windows\system32\config\SOFTWARE.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 26476544 _____ () C:\Windows\system32\config\SYSTEM.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak

2014-08-28 18:14 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak

2014-08-28 18:13 - 2014-05-24 20:26 - 00000000 ____D () C:\Windows\erdnt

2014-08-28 06:15 - 2014-08-28 18:00 - 05574834 ____R (Swearware) C:\Users\***\Desktop\ComboFix.exe

2014-08-27 22:28 - 2014-08-27 22:28 - 00003185 _____ () C:\Users\***\Desktop\Gmer.rar

2014-08-27 22:16 - 2014-08-27 22:16 - 00028975 _____ () C:\Users\***\Desktop\Gmer.txt

2014-08-27 22:04 - 2014-08-27 21:54 - 00049612 _____ () C:\Users\***\Desktop\Addition.txt

2014-08-27 21:51 - 2014-08-27 21:51 - 00380416 _____ () C:\Users\***\Desktop\ghjp30nj.exe

2014-08-27 21:42 - 2014-08-27 21:42 - 00003264 _____ () C:\Windows\System32\Tasks\GPUP

2014-08-27 21:37 - 2013-10-13 02:50 - 00000000 ____D () C:\Users\***\AppData\Local\Battle.net

2014-08-27 21:04 - 2009-07-14 06:45 - 05109560 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-08-27 18:37 - 2013-08-18 15:49 - 00000000 ____D () C:\Users\***\AppData\Local\20924801-609E-4B66-8071-BE0F0DC8EEC4.aplzod

2014-08-27 18:20 - 2014-03-22 19:43 - 00007891 _____ () C:\Windows\BRRBCOM.INI

2014-08-26 23:33 - 2014-08-26 23:33 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe

2014-08-26 23:33 - 2014-08-26 23:33 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll

2014-08-26 23:33 - 2014-08-26 23:33 - 00000000 ____D () C:\Program Files\Java

2014-08-26 23:31 - 2014-07-17 21:01 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll

2014-08-26 23:31 - 2014-06-29 01:16 - 00000000 ____D () C:\Program Files (x86)\Java

2014-08-24 17:37 - 2014-08-24 17:37 - 00000000 ____D () C:\Users\***\AppData\Local\Sony Online Entertainment

2014-08-23 04:07 - 2014-08-27 20:59 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll

2014-08-23 03:45 - 2014-08-27 20:59 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll

2014-08-23 02:59 - 2014-08-27 20:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-08-22 18:58 - 2014-08-22 18:57 - 00000000 ____D () C:\Users\***\AppData\Roaming\Kalypso Media

2014-08-22 18:54 - 2014-08-22 18:54 - 00001533 _____ () C:\Users\Public\Desktop\DUNGEONS Game of the Year edition.lnk

2014-08-21 16:28 - 2014-03-22 20:22 - 00000000 ____D () C:\Users\***\AppData\Roaming\ControlCenter4

2014-08-21 16:10 - 2011-12-26 19:20 - 00000000 ____D () C:\Users\***\AppData\Roaming\Skype

2014-08-21 15:37 - 2014-08-21 15:37 - 00002477 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-08-21 15:37 - 2014-08-21 15:37 - 00000000 ____D () C:\Users\***\AppData\Local\Skype

2014-08-21 15:12 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions

2014-08-21 15:07 - 2013-07-10 18:04 - 00000000 ____D () C:\Windows\system32\MRT

2014-08-21 15:05 - 2011-12-26 15:56 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iTunes

2014-08-21 10:36 - 2014-08-21 10:36 - 00000000 ____D () C:\Program Files\iPod

2014-08-21 10:31 - 2014-06-29 00:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-08-21 10:31 - 2012-04-01 10:29 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-08-21 10:31 - 2011-12-26 16:55 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-05 09:20 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-08-04 19:15 - 2011-12-26 19:26 - 00000000 ____D () C:\Users\***\AppData\Roaming\FileZilla

2014-08-03 21:16 - 2012-05-10 22:57 - 00000000 ____D () C:\Program Files\Microsoft Silverlight

2014-08-03 21:16 - 2012-05-10 22:57 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight

2014-08-01 01:41 - 2014-08-21 15:01 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-08-01 01:16 - 2014-08-21 15:01 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
 

Some content of TEMP:

====================

C:\Users\***\AppData\Local\Temp\Quarantine.exe
 
 

==================== Bamital & volsnap Check =================
 

(There is no automatic fix for files that do not pass verification.)
 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\SysWOW64\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 

LastRegBack: 2014-08-27 20:18
 

==================== End Of Log ============================

--- --- ---

Derzeit keine Probleme zu bemerken!

Java und Adobe updaten.

Fertig :)

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun :)

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Besten Dank für alles! Alles soweit klar!

Beste Grüße

Latviel