Code:
# AdwCleaner v4.111 - Bericht erstellt 07/03/2015 um 19:02:03
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : David - DAVID-PC
# Gestarted von : C:\Users\David\Downloads\AdwCleaner_4.111.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : {a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64
Dienst Gelöscht : {a3f28269-ad17-41a8-b032-3e0313ef8979}w64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\ClicKForSaulE
Ordner Gelöscht : C:\ProgramData\deAlster
Ordner Gelöscht : C:\ProgramData\LuckyShoppper
Ordner Gelöscht : C:\ProgramData\SaLesCheacker
Ordner Gelöscht : C:\ProgramData\SHoippperMaSter
Ordner Gelöscht : C:\ProgramData\514985447576225994UL
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\Optimizer Pro
Ordner Gelöscht : C:\Program Files (x86)\CCliCkFoRSale
Ordner Gelöscht : C:\Users\David\AppData\Local\Temp\Greener Web
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\David\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\{ecaa9181-d92a-47b9-8e14-bef9680f204b}
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\1@Ee.org
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\54@H.net
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\dlom@jyzouy.net
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\Er@VvQx.net
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\NTMx@V.edu
Ordner Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\Extensions\tnSC@E.edu
Ordner Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Ordner Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkabdnhecelcbeidfihloddggndlgmbd
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}Gw64.sys
Datei Gelöscht : C:\Windows\System32\drivers\{a3f28269-ad17-41a8-b032-3e0313ef8979}w64.sys
Datei Gelöscht : C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\David\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\David\Desktop\Optimizer Pro.lnk
Datei Gelöscht : C:\Users\David\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\searchplugins\WSE Rocket.xml
Datei Gelöscht : C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default\user.js
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
Datei Gelöscht : C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
Datei Gelöscht : C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\David\AppData\Roaming\Opera Software\Opera Stable\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShhopperMasteer.ShhopperMasteer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ShhopperMasteer.ShhopperMasteer.1.7
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4fe1c49b-02d4-455b-8cee-059dbc0ec4e5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6F177392-DFE9-E85C-5ADA-1F18896DA070}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{865894ac-a04e-4647-8c02-57efecaaad23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9ccb5432-e8bb-4ade-8491-2a71f5cac0b1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{f267f529-bbba-47fe-bcfb-81f35e46b261}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{41F978F3-431A-4464-A789-5C0692D562FB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4fe1c49b-02d4-455b-8cee-059dbc0ec4e5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F177392-DFE9-E85C-5ADA-1F18896DA070}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{865894ac-a04e-4647-8c02-57efecaaad23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9ccb5432-e8bb-4ade-8491-2a71f5cac0b1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{f267f529-bbba-47fe-bcfb-81f35e46b261}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4fe1c49b-02d4-455b-8cee-059dbc0ec4e5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{6F177392-DFE9-E85C-5ADA-1F18896DA070}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{865894ac-a04e-4647-8c02-57efecaaad23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{9ccb5432-e8bb-4ade-8491-2a71f5cac0b1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{f267f529-bbba-47fe-bcfb-81f35e46b261}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Greener Web
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\nuevos-programas.com
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\WSE Rocket
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Greener Web
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Greener Web
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\optimi~1\optpro~1.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\OPTIMI~1\OPTPRO~2.DLL
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17631
-\\ Mozilla Firefox v31.0 (x86 de)
[i6kdgvoc.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.Su49b1b4FZvb.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\"sum[...]
-\\ Google Chrome v35.0.1916.153
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : fkabdnhecelcbeidfihloddggndlgmbd
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://rocket-find.com/?f=1&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Startup_URLs] : hxxp://rocket-find.com/?f=7&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://rocket-find.com/?f=1&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Startup_URLs] : hxxp://rocket-find.com/?f=7&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
-\\ Opera v27.0.1689.76
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
[C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_dsites02_14_25_ch&cd=2XzuyEtN2Y1L1Qzu0BzzyByCtA0F0FyEyE0C0B0AyEzzyC0DtN0D0Tzu0SzytDyEtN1L2XzutBtFtBtCtFyBtFtDtN1L1Czu0R1F1R1J1P2ZtN1L1G1B1V1N2Y1L1Qzu2SyD0E0DzytDyByE0DtG0EtD0E0AtGtBzz0AyDtG0CtD0AyDtGtD0CtDyByE0A0FyE0FyE0D0C2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyEyE0C0D0Ezyzz0CtGyBtC0ByEtG0AtByB0DtGyE0AzzyEtGtAyD0FyE0E0Dzz0AtAzytAzz2Q&cr=1627060770&ir=
*************************
AdwCleaner[R0].txt - [15039 Bytes] - [07/03/2015 19:00:28]
AdwCleaner[S0].txt - [14610 Bytes] - [07/03/2015 19:02:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14670 Bytes] ##########
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 07.03.2015 19:07:03, SYSTEM, DAVID-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1,
Update, 07.03.2015 19:07:03, SYSTEM, DAVID-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.25.1,
Update, 07.03.2015 19:07:09, SYSTEM, DAVID-PC, Manual, Malware Database, 2014.11.20.6, 2015.3.7.4,
Scan, 07.03.2015 19:08:09, SYSTEM, DAVID-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 0 Sekunden, Bedrohungs-Suchlauf, Abgebrochen, 0 Malwareerkennung, 0-Malwareerkennung,
Scan, 07.03.2015 19:50:49, SYSTEM, DAVID-PC, Manual, Start: % 1 "% 2", Dauer: % 1 min 18 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, 17-Malwareerkennung,
(end)
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-03-2015 01
Ran by David (administrator) on DAVID-PC on 07-03-2015 19:57:42
Running from C:\Users\David\Downloads
Loaded Profiles: David (Available profiles: David)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\btvstack.exe [1022592 2012-04-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\athbttray.exe [801920 2012-04-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2885944 2014-06-09] (Synaptics Incorporated)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-03-04] (AVAST Software)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-15] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
AutoConfigURL: [S-1-5-21-3665797831-3151914646-4035353805-1000] => file://C:\Program Files (x86)\Greener Web\bin\Pac9064.js
HKU\S-1-5-21-3665797831-3151914646-4035353805-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: CCliCkFoRSale -> {f9391677-360c-42aa-a16d-d9d89581b87a} -> C:\Program Files (x86)\CCliCkFoRSale\OGlA11z9qd9W6k.x64.dll No File
Tcpip\Parameters: [DhcpNameServer] 192.168.192.1
FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\i6kdgvoc.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-03-07] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-03-07] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll [2014-06-29] (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-09]
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\David\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-09]
CHR Extension: (Google Drive) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-09]
CHR Extension: (YouTube) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-09]
CHR Extension: (Skype Invisible Status Detector) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpaiidihgcehbmalapchgbeikblhgoba [2014-10-23]
CHR Extension: (Google Search) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-09]
CHR Extension: (QR Code Maker and Decoder) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekkkpjnnhmokcnfdllcgldppopnneooi [2014-10-22]
CHR Extension: (Save Image to Downloads) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\enjefpkmlibebgbbgidmhpmjhcdffhfm [2014-10-22]
CHR Extension: (Parental Control App) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbkcmiiikbnoldnlanjaoakakibelich [2014-08-05]
CHR Extension: (Trustwave SecureBrowsing) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcghfieafojgpngcjbkbbjfecjbahhif [2014-10-22]
CHR Extension: (Google Wallet) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-09]
CHR Extension: (Better Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\obhfdckfkimahlnggnnjajpmdofakcni [2014-09-13]
CHR Extension: (Gmail) - C:\Users\David\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-09]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]
StartMenuInternet: Google Chrome - chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [119424 2012-04-28] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3645432 2014-07-18] (devolo AG)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [163456 2012-04-28] (Atheros) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-15] ()
R3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [422144 2012-04-28] (Atheros)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-07] (Malwarebytes Corporation)
R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [34048 2014-07-18] (CACE Technologies)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 19:55 - 2015-03-07 19:55 - 00000721 _____ () C:\Users\David\Downloads\malware anit malware.txt
2015-03-07 19:52 - 2015-03-07 19:52 - 00000000 ___RD () C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-03-07 19:07 - 2015-03-07 19:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-07 19:06 - 2015-03-07 19:06 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\David\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-07 19:06 - 2015-03-07 19:06 - 00014823 _____ () C:\Users\David\Desktop\AdwCleaner[S0].txt
2015-03-07 19:06 - 2015-03-07 19:06 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-07 19:06 - 2015-03-07 19:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-07 19:06 - 2015-03-07 19:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-07 19:06 - 2015-03-07 19:06 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-07 19:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-07 19:06 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-07 19:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-07 19:00 - 2015-03-07 19:02 - 00000000 ____D () C:\AdwCleaner
2015-03-07 19:00 - 2015-03-07 19:00 - 02126848 _____ () C:\Users\David\Downloads\AdwCleaner_4.111.exe
2015-03-07 18:27 - 2015-03-07 18:28 - 00000000 ____D () C:\Users\David\Downloads\RevoUninstallerPortable
2015-03-07 18:27 - 2015-03-07 18:27 - 02785665 _____ (PortableApps.com) C:\Users\David\Downloads\RevoUninstallerPortable_1.95_Rev_2.paf.exe
2015-03-07 16:24 - 2015-03-07 16:24 - 00082204 _____ () C:\Users\David\Downloads\GMER 3.txt
2015-03-07 16:24 - 2015-03-07 16:24 - 00070870 _____ () C:\Users\David\Downloads\GMER 2.txt
2015-03-07 16:23 - 2015-03-07 16:23 - 00088270 _____ () C:\Users\David\Downloads\Gmer ende.txt
2015-03-07 16:15 - 2015-03-07 16:24 - 00093990 _____ () C:\Users\David\Downloads\GMER.txt
2015-03-07 16:00 - 2015-03-07 16:00 - 00380416 _____ () C:\Users\David\Downloads\Gmer-19357.exe
2015-03-07 15:57 - 2015-03-07 16:00 - 00022890 _____ () C:\Users\David\Downloads\Addition.txt
2015-03-07 15:55 - 2015-03-07 19:58 - 00010027 _____ () C:\Users\David\Downloads\FRST.txt
2015-03-07 15:54 - 2015-03-07 19:57 - 00000000 ____D () C:\FRST
2015-03-07 15:53 - 2015-03-07 15:53 - 02094592 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2015-03-05 20:37 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-05 20:37 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-04 21:23 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 21:23 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 21:23 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 21:23 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-03-04 21:22 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-04 21:22 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-04 21:22 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-04 21:22 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-04 21:22 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-04 21:22 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-04 21:22 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-04 21:22 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-04 21:22 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-04 21:22 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-04 21:22 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-04 21:22 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-04 21:22 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 21:22 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-04 21:22 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-04 21:22 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-04 21:22 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-04 21:22 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 21:22 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 21:22 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 21:22 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 21:22 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 21:22 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 21:22 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 21:22 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 21:22 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 21:22 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 21:22 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-04 21:22 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-04 21:22 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-04 21:22 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 21:22 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-04 21:22 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-04 21:22 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 21:22 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-04 21:22 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-04 21:22 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-04 21:22 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 21:22 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-04 21:22 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-04 21:22 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-04 21:22 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-04 21:22 - 2015-01-12 02:55 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-04 21:22 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-04 21:22 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 21:22 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 21:22 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 21:22 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 21:22 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-04 21:22 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 21:22 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-04 21:22 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-04 21:22 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-04 21:22 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-04 21:22 - 2015-01-12 02:29 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-04 21:22 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-04 21:22 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-04 21:22 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-04 21:22 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-04 21:22 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 21:22 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 21:22 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-04 21:22 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-04 21:22 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-04 21:22 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-04 21:22 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-04 21:21 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-04 21:21 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-04 21:21 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 21:21 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 21:21 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 21:21 - 2015-01-12 03:33 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-04 21:21 - 2015-01-12 03:32 - 06041088 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-04 21:21 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 21:21 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 21:20 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-04 21:20 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-04 21:20 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-04 21:20 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-04 21:20 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-04 21:20 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-04 21:20 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-04 21:20 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-04 21:20 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-04 21:20 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-04 21:20 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-04 21:20 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-04 21:20 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-04 21:20 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-04 21:20 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-04 21:20 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-04 21:20 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-04 21:20 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-04 21:20 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-04 21:20 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-04 21:20 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-04 21:20 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-03-04 21:20 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-03-04 21:19 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-04 21:19 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-04 21:18 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-07 19:55 - 2014-06-09 10:19 - 01879542 _____ () C:\Windows\WindowsUpdate.log
2015-03-07 19:52 - 2014-08-08 09:58 - 00000435 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2015-03-07 19:51 - 2014-06-11 11:24 - 00116790 _____ () C:\Windows\PFRO.log
2015-03-07 19:51 - 2014-06-09 16:40 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-07 19:51 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-07 19:51 - 2009-07-14 05:51 - 00031547 _____ () C:\Windows\setupact.log
2015-03-07 19:23 - 2014-08-05 13:52 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-07 19:17 - 2009-07-14 05:45 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-07 19:17 - 2009-07-14 05:45 - 00023840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-07 19:10 - 2009-07-14 18:58 - 00699342 _____ () C:\Windows\system32\perfh007.dat
2015-03-07 19:10 - 2009-07-14 18:58 - 00149450 _____ () C:\Windows\system32\perfc007.dat
2015-03-07 19:10 - 2009-07-14 06:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-07 18:59 - 2014-06-09 16:40 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-07 16:23 - 2014-08-05 13:52 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-07 16:23 - 2014-08-05 13:52 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-07 16:23 - 2014-08-05 13:52 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-07 15:43 - 2014-12-23 13:43 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-07 15:43 - 2014-06-27 19:22 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-07 15:42 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-05 20:26 - 2009-07-14 05:45 - 00294640 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-04 21:51 - 2014-06-09 13:35 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-04 21:51 - 2014-06-09 13:34 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-04 16:54 - 2014-07-31 17:16 - 00003852 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1406823406
2015-03-04 16:54 - 2014-07-31 17:16 - 00000000 ____D () C:\Program Files (x86)\Opera
2015-03-04 16:50 - 2014-06-09 16:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-02-24 03:17 - 2014-06-09 10:36 - 00295552 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2014-08-05 14:45 - 2014-11-16 17:45 - 0000108 _____ () C:\Users\David\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\David\AppData\Local\Temp\Quarantine.exe
C:\Users\David\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-08 12:23
==================== End Of Log ============================
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-03-2015 01
Ran by David at 2015-03-07 19:58:41
Running from C:\Users\David\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EBF1529E-D2D5-47CF-97EC-7D90CEF0FE04}) (Version: 3.0.859.0 - Advanced Micro Devices, Inc.)
Atheros Bluetooth Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.135 - Atheros)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
devolo Cockpit (HKLM-x32\...\dlancockpit) (Version: 4.2.3.0 - devolo AG)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 31.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Opera Stable 25.0.1614.71 (HKLM-x32\...\Opera 25.0.1614.71) (Version: 25.0.1614.71 - Opera Software ASA)
Opera Stable 27.0.1689.76 (HKLM-x32\...\Opera 27.0.1689.76) (Version: 27.0.1689.76 - Opera Software ASA)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{E727B31A-8B24-4C1C-934A-69634E0D2C0B}) (Version: 3.0 - Qualcomm Atheros)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.0.1.6 - Synaptics Incorporated)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 5.2.5.01220 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3665797831-3151914646-4035353805-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
==================== Restore Points =========================
15-12-2014 19:50:33 Windows Update
15-12-2014 20:53:21 Windows Update
15-01-2015 15:03:45 avast! antivirus system restore point
15-01-2015 15:07:23 Windows Update
15-01-2015 17:04:52 Windows Update
18-02-2015 15:58:49 Windows Update
04-03-2015 21:13:31 Windows Update
04-03-2015 21:45:35 Windows Update
05-03-2015 20:34:50 Windows Update
07-03-2015 18:28:57 Revo Uninstaller's restore point - Advanced System Protector
07-03-2015 18:31:04 Revo Uninstaller's restore point - CCliCkFoRSale
07-03-2015 18:53:00 Revo Uninstaller's restore point - deAlster
07-03-2015 18:54:29 Revo Uninstaller's restore point - LuckyShoppper
07-03-2015 18:55:18 Revo Uninstaller's restore point - Open Office Packages
07-03-2015 18:55:51 Revo Uninstaller's restore point - Optimizer Pro v3.2
07-03-2015 18:56:40 Revo Uninstaller's restore point - PennyBee
07-03-2015 18:57:07 Revo Uninstaller's restore point - RegClean-Pro
07-03-2015 18:57:47 Revo Uninstaller's restore point - SaLesCheacker
07-03-2015 18:58:30 Revo Uninstaller's restore point - SHoippperMaSter
07-03-2015 18:59:02 Revo Uninstaller's restore point - WorldWideWebCoupon
07-03-2015 18:59:25 Revo Uninstaller's restore point - WSE Rocket
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0D4F7822-7034-494B-ACEE-610452530A39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-07] (Adobe Systems Incorporated)
Task: {0EA9C9C8-7FB7-4E18-9FCD-DE2965C21270} - System32\Tasks\Opera scheduled Autoupdate 1406823406 => C:\Program Files (x86)\Opera\launcher.exe [2015-02-23] (Opera Software)
Task: {1A2216C2-B508-4A45-8A6E-1639623F082F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software)
Task: {73D4E1C0-403B-4F94-86AA-0D5E52CEC615} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-11-23] (Sony Corporation)
Task: {A859620D-60E5-46FA-8454-D1F7B1C71A68} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-09] (Google Inc.)
Task: {B4DCB686-66D0-49BB-8DE1-582AA5CDCF33} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-06-09] (Google Inc.)
Task: {C7653708-AE8A-4411-8CCE-EDE9DD4B2061} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2012-11-23] (Sony Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-07 15:49 - 2015-03-07 15:49 - 02919424 _____ () C:\Program Files\AVAST Software\Avast\defs\15030700\algo.dll
2014-06-09 11:22 - 2012-11-23 21:48 - 00021128 _____ () C:\Program Files (x86)\Sony\VAIO Control Center\VESBasePS.dll
2015-01-15 15:07 - 2015-01-15 15:07 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-06-09 10:33 - 2014-08-13 15:24 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-27 19:28 - 2014-10-27 19:28 - 00172032 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92a1650dbe9fad5f46633b835420e1a8\IsdiInterop.ni.dll
2014-06-09 11:19 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3665797831-3151914646-4035353805-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\David\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.192.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-3665797831-3151914646-4035353805-500 - Administrator - Disabled)
David (S-1-5-21-3665797831-3151914646-4035353805-1000 - Administrator - Enabled) => C:\Users\David
Gast (S-1-5-21-3665797831-3151914646-4035353805-501 - Limited - Disabled)
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Realtek PCIe GBE Family Controller
Description: Realtek PCIe GBE Family Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Realtek
Service: RTL8167
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Bluetooth-Gerät (PAN)
Description: Bluetooth-Gerät (PAN)
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: BthPan
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/13/2014 06:24:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm opera.exe, Version 23.0.1522.77 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: c78
Startzeit: 01cfcf70c0442dd7
Endzeit: 5
Anwendungspfad: C:\Program Files (x86)\Opera\23.0.1522.77\opera.exe
Berichts-ID: c7dd3448-3b6a-11e4-8b5a-5453ed3ad4d6
Error: (08/30/2014 03:52:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service PennyBee service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/18/2014 07:18:15 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2868) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (06/18/2014 07:18:06 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail (2960) WindowsMail0: Die Sicherung wurde abgebrochen, weil sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen wurde.
Error: (06/15/2014 05:51:49 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription
Error: (06/12/2014 07:07:46 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription
Error: (06/09/2014 04:46:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary ibauzhfj.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/09/2014 04:46:26 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription
Error: (06/09/2014 04:39:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary ibauzhfj.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (06/09/2014 02:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: VESMgrSub.exe, Version: 5.2.0.14160, Zeitstempel: 0x4f3cb233
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x72076a64
ID des fehlerhaften Prozesses: 0x40c
Startzeit der fehlerhaften Anwendung: 0xVESMgrSub.exe0
Pfad der fehlerhaften Anwendung: VESMgrSub.exe1
Pfad des fehlerhaften Moduls: VESMgrSub.exe2
Berichtskennung: VESMgrSub.exe3
System errors:
=============
Error: (03/07/2015 07:02:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
Error: (03/07/2015 07:02:32 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
Error: (03/07/2015 07:02:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT-AUTORITÄT)
Description: Das WLAN-Erweiterungsmodul wurde unerwartet beendet.
Modulpfad: C:\Program Files (x86)\Qualcomm Atheros WiFi Driver Installation\AthIhvWlanExt.dll
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Volumeschattenkopie" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Presentation Foundation-Schriftartcache 3.0.0.0" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Gatewaydienst auf Anwendungsebene" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (03/07/2015 07:02:22 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ZAtheros Bt&Wlan Coex Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (09/13/2014 06:24:25 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: opera.exe23.0.1522.77c7801cfcf70c0442dd75C:\Program Files (x86)\Opera\23.0.1522.77\opera.exec7dd3448-3b6a-11e4-8b5a-5453ed3ad4d6
Error: (08/30/2014 03:52:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service PennyBee service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/18/2014 07:18:15 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail2868WindowsMail0:
Error: (06/18/2014 07:18:06 AM) (Source: ESENT) (EventID: 215) (User: )
Description: WinMail2960WindowsMail0:
Error: (06/15/2014 05:51:49 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription
Error: (06/12/2014 07:07:46 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription
Error: (06/09/2014 04:46:30 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary ibauzhfj.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/09/2014 04:46:26 PM) (Source: EventSystem) (EventID: 4621) (User: )
Description: 80070005EventSystem.EventSubscription{F55E4282-CE4F-4785-B5C8-29D60709F8AF}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}SENS Logon Subscription
Error: (06/09/2014 04:39:28 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary ibauzhfj.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (06/09/2014 02:36:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: VESMgrSub.exe5.2.0.141604f3cb233unknown0.0.0.000000000c000000572076a6440c01cf83e7cf9b5becC:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exeunknown0e894091-efdb-11e3-970a-b8763ff44cba
==================== Memory info ===========================
Processor: Intel(R) Pentium(R) CPU 2020M @ 2.40GHz
Percentage of memory in use: 53%
Total physical RAM: 3978.36 MB
Available physical RAM: 1839.66 MB
Total Pagefile: 7954.9 MB
Available Pagefile: 5875.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:103.7 GB) NTFS
Drive d: (Daten) (Fixed) (Total:146.48 GB) (Free:136.2 GB) NTFS
Drive e: (Musik) (Fixed) (Total:172.79 GB) (Free:172.4 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5F667E0E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=172.8 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
Hinweis:
AdwCleaner auf deinen Desktop.
