Windows 7: Firefox versucht Datei zuladen die verseucht ist
Grüß Gott allerseits,
als viel-leser nutze ich gerne JDownloader um meine ebooks bequem auf einmal von den Buchhändlern downzuladen. Gestern erinnerte mich das Programm daran, dass es eine neue Version gibt. Dem Link des Pop-Ups folgte ich und lud dort das neue Programm runter.
Scheinbar bin ich aber gelinkt worden und habe neben dem Programm noch etwas mist dazu bekommen.
In Firefox waren 2 Add-Ons Installiert und Aktiviert, die Suchmaschine war verstellt und FF versucht bei jedem Start eine Datei namens "ebdnhru.rar" zuladen. Der DL wird glücklicherweise blockiert mit dem Hinweis dass die Datei eventuell einen Virus oder Spyware enthalte.
Mein Virenscanner (Avast Free AntiVirus, Version 150317-0) meldet keinen Fund.
Malwarebits jedoch findet gleich jede Menge. Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 17.03.2015
Suchlauf-Zeit: 12:01:40
Logdatei: malwarebytes.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.03.17.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Claudi
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 456290
Verstrichene Zeit: 10 Min, 40 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 2
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, 2020, , [d6c1fd494a40ae8880a6f41b11f18c74]
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1724, , [b8dfb09689018ea89ce5794349ba7a86]
Module: 2
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [296e252123678bab1fada21642c1d030],
Registrierungsschlüssel: 34
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [d6c1fd494a40ae8880a6f41b11f18c74],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{917CAAE9-DD47-4025-936E-1414F07DF5B8}, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.SupTab.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}\INPROCSERVER32, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\CLSID\{fb1b354f-6305-4364-bf9c-4bfef634a9db}, , [f0a73b0bb2d8a2942e5786ae26dcb947],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{2af2d67b-8ef2-4261-8535-27e847cff708}, , [f0a73b0bb2d8a2942e5786ae26dcb947],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F5EE107-E7C9-4A3A-8784-18D085938686}, , [f0a73b0bb2d8a2942e5786ae26dcb947],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{FB1B354F-6305-4364-BF9C-4BFEF634A9DB}, , [f0a73b0bb2d8a2942e5786ae26dcb947],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\CLASSES\CLSID\{FB1B354F-6305-4364-BF9C-4BFEF634A9DB}\INPROCSERVER32, , [f0a73b0bb2d8a2942e5786ae26dcb947],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [bed974d2f1992f07c97084d756ad33cd],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, , [574097af088274c29dc2d9828e75d828],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, , [e8aff551f2988aacc29e3f1cea19f40c],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\mystartsearch uninstall, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\Between Lines, , [fb9cdb6b1674c96d3e8b1c8e4fb4ce32],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, , [5641e46213779d9928a3eeca30d331cf],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, , [cdca2224fa9057dfd63df30b2cd7817f],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, , [82151e2891f99f97dfbf5f61ea1954ac],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [197ecd790882e452395178a647be40c0],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB, , [296e58ee07837db91377e0eeab58cc34],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [b8dfb09689018ea89ce5794349ba7a86],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [47502620a0eaa78f24a1e2e1c340bb45],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [0c8b99ade9a1c07624d36baefd08e020],
PUP.Optional.BetweenLines.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Between Lines, , [890e6dd9c0ca16204c7c7436669d9a66],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, , [8e0982c4b5d5290dc64e52ac9a6950b0],
PUP.Optional.Conduit.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ConduitSearchScopes, , [71264501f99176c0520adae6c53ecb35],
PUP.Optional.Conduit.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\CONDUIT\FF, , [7b1c093d45459a9c313a50c81bea9e62],
PUP.Optional.Qone8, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [d8bf8fb792f8ed49c3c673abed1814ec],
PUP.Optional.IStart.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, , [92051f2726641c1a9c70327ce2216a96],
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, , [f7a06adc5d2d55e160af36c70cf71ee2],
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, , [2d6a4cfab0da96a00aedf4256e9755ab],
PUP.Optional.BetweenLines.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Between Lines, , [2671341297f3cd6992bb5d4df40f0000],
Registrierungswerte: 7
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\searchengine@gmail.com, , [0f883511008ad95d1347d16efd0802fe]
PUP.Optional.IStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\istart_ffnt@gmail.com, , [ddbaed59c9c10f27a69d9b12a26109f7]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\SUPTAB|ptid, cor, , [296e58ee07837db91377e0eeab58cc34]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, , [0c8b99ade9a1c07624d36baefd08e020]
PUP.Optional.IStart.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, istart_ffnt@gmail.com, , [92051f2726641c1a9c70327ce2216a96]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapDoForPartners, , [f7a06adc5d2d55e160af36c70cf71ee2]
PUP.Optional.InstallBrain.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, SIM, , [2d6a4cfab0da96a00aedf4256e9755ab]
Registrierungsdaten: 10
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[deb9c185fb8f40f6e0267867e223fd03]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[d2c524228406b5810006dc034cb9fd03]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[1483f84e93f7290d2867d912a065c040]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[2c6b69dd2466fd395fa021be57aee41c]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[e8af1036a1e90b2b10f7459a45c0c739]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[bcdb1b2b800ab68014ea726dbb4a669a]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792, Gut: (www.google.com), Schlecht: (hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792),,[2c6b81c55634ea4c986f5e8139cc8a76]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[afe89da9b1d9989e54ad8c54848101ff]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[484fd0764c3ef83e0bf770704db804fc]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-4207056575-3370044151-3894322460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}),,[623551f56624fc3a6e8f439c768fb749]
Ordner: 40
PUP.Optional.XTab.A, C:\Program Files\XTab, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, , [296e252123678bab1fada21642c1d030],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide, , [7f18c77ff397a294c878ef2fdc295da3],
PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers, , [7f18c77ff397a294c878ef2fdc295da3],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, , [6e29ec5ae2a82214def3511e7192f50b],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3317892, , [6e29ec5ae2a82214def3511e7192f50b],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [593e53f306841d19caa39beb1de67987],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [593e53f306841d19caa39beb1de67987],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [2d6a7ec83456e0567192069df90a6e92],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [2d6a7ec83456e0567192069df90a6e92],
PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines, , [2671341297f3cd6992bb5d4df40f0000],
PUP.Optional.BetweenLines.A, C:\Users\Claudi\AppData\Local\Temp\Between Lines, , [5443b88e1971b185a2acd3d7be4524dc],
Dateien: 114
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, , [d6c1fd494a40ae8880a6f41b11f18c74],
PUP.Optional.SupTab.A, C:\Program Files\XTab\SupTab.dll, , [4354da6cd5b532041cb6da5b649cd729],
PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines\BetweenLinesBHO.dll, , [f0a73b0bb2d8a2942e5786ae26dcb947],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Local\Temp\is1901864539\15BC6354_stp\Mar9_3072_cor_mystartsearch.exe, , [c8cf3610e1a9ae88342454d0e71f5fa1],
PUP.Optional.Iminent.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\IminentSetup.exe, , [583f4501d7b3ae88322caaaf9c655ba5],
PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\mconduitinstaller.exe, , [73243b0be1a948ee8ae544dba65ae61a],
PUP.Optional.Wajam.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\wajam_download.exe, , [c7d0d472c8c2db5bdf9286c1d52b08f8],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\install.data, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\searchProvider.xml, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, , [296e252123678bab1fada21642c1d030],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\MessageBox.xml, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\481.json, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\un.ini, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\uninstallDlg2.xml, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\UninstallManager.exe, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\bg.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\bg1.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\bk_shadow.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\button.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\button1.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\checkbox.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\checkbox_select.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\checked.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\close.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\loading_bg.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\loading_light.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\min.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\scrollbar.bmp, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\Thumbs.db, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\unchecked.png, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code1.jpg, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code2.jpg, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code3.jpg, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code4.jpg, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code5.jpg, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\code6.jpg, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Roaming\mystartsearch\images\code\Thumbs.db, , [e9aec2845931c07661a80ab440c337c9],
PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\amazon.ico, , [7f18c77ff397a294c878ef2fdc295da3],
PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\tz-easybuch_start_installation.exe, , [7f18c77ff397a294c878ef2fdc295da3],
PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\vis-freeware.exe, , [7f18c77ff397a294c878ef2fdc295da3],
PUP.Optional.DownloadGuide.A, C:\Users\Claudi\AppData\Local\DownloadGuide\Offers\WebBOptimizer.exe, [7f18c77ff397a294c878ef2fdc295da3], , %5
PUP.Optional.WindowsMangerProtect.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [b8dfb09689018ea89ce5794349ba7a86],
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE\CT3317892\UninstallerUI.exe, , [6e29ec5ae2a82214def3511e7192f50b],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [593e53f306841d19caa39beb1de67987],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, , [2d6a7ec83456e0567192069df90a6e92],
PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines\BetweenLines.ico, , [2671341297f3cd6992bb5d4df40f0000],
PUP.Optional.BetweenLines.A, C:\Program Files\Between Lines\BetweenLinesUninstall.exe, , [2671341297f3cd6992bb5d4df40f0000],
PUP.Optional.MyStartSearch.A, C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792",), ,[425544024149f83e51dff135e62021df]
PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN21792360229163249&UM=2&sspv=TB_CNI&q=");), ,[d6c12a1ce7a32016386d4cdd7294be42]
PUP.Optional.Conduit.A, C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI");), ,[61361b2b533744f2754171b84bbb4eb2]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Weitere Logs: Defogger: Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:42 on 17/03/2015 (Claudi)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Addition: Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Claudi at 2015-03-17 12:44:26
Running from C:\Users\Claudi\Desktop\Checks
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Age of Empires III (HKLM\...\InstallShield_{A8CF5C37-8EC5-4C33-BB4A-87F468B77D45}) (Version: 1.00.0000 - Microsoft Game Studios)
Age of Empires III (Version: 1.00.0000 - Microsoft Game Studios) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.2.2214 - AVAST Software)
Battle.net (HKLM\...\Battle.net) (Version: - Blizzard Entertainment)
Benutzerhandbuch anzeigen (HKLM\...\View User Guide) (Version: 3.60.02.0 - )
Between Lines (HKLM\...\Between Lines) (Version: 2015.03.02.185236 - Between Lines) <==== ATTENTION
calibre (HKLM\...\{8854EE3C-5031-499F-B5EB-51A82F1B28EF}) (Version: 2.21.0 - Kovid Goyal)
CoreAAC Audio Decoder (remove only) (HKLM\...\CoreAAC Audio Decoder) (Version: - )
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DDBAC (HKLM\...\{E3B6D3FB-A593-41BA-9AB1-FFE46F608565}) (Version: 5.3.21 - DataDesign)
Destinations (Version: 130.0.0.0 - Hewlett-Packard) Hidden
Diablo II (HKLM\...\Diablo II) (Version: - Blizzard Entertainment)
Diablo III (HKLM\...\Diablo III) (Version: - Blizzard Entertainment)
Diablo III Public Test (HKLM\...\Diablo III Public Test) (Version: - Blizzard Entertainment)
Die Siedler - Aufbruch der Kulturen (HKLM\...\SADK) (Version: - )
DIE SIEDLER - Aufstieg eines Königreichs (HKLM\...\{D3F80A98-05AB-4D8C-9272-766CCFA6A48D}) (Version: 1.00.0000 - Ubisoft)
Die Siedler 7 (HKLM\...\{9C916142-C18C-429D-BFED-40094A7E0BEB}) (Version: 1.12.1396 - Ubisoft)
DocProc (Version: 13.0.0.0 - Hewlett-Packard) Hidden
Dropbox (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
Fotogalerie (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Chrome (HKLM\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.26.9 - Google Inc.) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version: - Blizzard Entertainment)
Heroes of the Storm (HKLM\...\Heroes of the Storm) (Version: - Blizzard Entertainment)
IBANKonverterQuickVerein (HKLM\...\{1F1FC068-123F-4302-9555-8FF3CAEB0506}) (Version: 1.00.0000 - Ihr Firmenname)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JDownloader 2 (HKLM\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
JDownloader 2 (HKLM\...\jdownloader2-1) (Version: 2.0 - AppWork GmbH)
LG United Mobile Drivers (HKLM\...\{5DB849D6-9392-4FB7-9ABB-87ED433152E5}) (Version: 3.8.1 - LG Electronics)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Access database engine 2007 (German) (HKLM\...\{90120000-00D1-0407-0000-0000000FF1CE}) (Version: 12.0.4518.1049 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM\...\{4AF2248C-B3DF-46FB-9596-87F5DB193689}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{539A0EAA-E1BB-4163-9C1E-6C8BF4A17FA2}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{D074DC76-F6C9-440E-A1D0-1DE958417FDB}) (Version: 10.3.5500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Movie Maker (Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MSI to redistribute MS VS2005 CRT libraries (HKLM\...\{A8D93648-9F7F-407D-915C-62044644C3DA}) (Version: 8.0.50727.42 - The Firebird Project)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
mystartsearch uninstall (HKLM\...\mystartsearch uninstall) (Version: - mystartsearch) <==== ATTENTION
Nero 7 Essentials (HKLM\...\{97F32DF8-D66E-446A-A425-C1D7B45C1031}) (Version: 7.02.6782 - Nero AG)
Nero Video 2014 (HKLM\...\{F9BC3E29-E14A-417F-AAC7-289137234C8E}) (Version: 15.0.03000 - Nero AG)
Nettalk 6.7 (HKLM\...\Nettalk_is1) (Version: - Nicolas Kruse)
NVIDIA 3D Vision Controller-Treiber 340.50 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 340.50 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.1.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.1.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX (Legacy) (HKLM\...\{FAAC26AD-73BA-40CE-86AA-C9213F9E064A}) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OCR Software by I.R.I.S. 13.0 (HKLM\...\HPOCR) (Version: 13.0 - HP)
ON_OFF Charge B11.1102.1 (HKLM\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Opera 12.16 (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Opera 12.16.1860) (Version: 12.16.1860 - Opera Software ASA)
Oracle VM VirtualBox 4.3.20 (HKLM\...\{3ACD85F2-BD6D-44FE-8CAE-5C1C3757ED7E}) (Version: 4.3.20 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF24 Creator 6.7.0 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.311.0 - Tracker Software Products Ltd)
Prerequisite installer (Version: 15.0.0005 - Nero AG) Hidden
QIP 2012 7221 Jeak-Edition (HKLM\...\QIP 2012 7221 Jeak-Edition 4.0.7221) (Version: 4.0.7221 - jeak.de)
QIP 2012 7221 Jeak-Edition (Version: 4.0.7221 - jeak.de) Hidden
QuickVerein 2014 V11 (HKLM\...\{3E3397FD-9FF6-4EF0-B7AC-1FB668DFF774}) (Version: 11.0.0 - Lexware)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6482 - Realtek Semiconductor Corp.)
Samsung CLP-360 Series (HKLM\...\Samsung CLP-360 Series) (Version: 1.12 (05.12.2013) - Samsung Electronics Co., Ltd.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_9 - Samsung Electronics Co., Ltd.) Hidden
Samsung Printer Live Update (HKLM\...\Samsung Printer Live Update) (Version: 1.01.00:04(2013-04-22) - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
SDFormatter (HKLM\...\{15EB20D6-5F13-41D0-BEF9-C9C44D6AC620}) (Version: 3.0.0 - SD Association)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 32-Bit Edition (HKLM\...\{90150000-0011-0000-0000-0000000FF1CE}_Office15.PROPLUS_{7F6C4883-A18C-459A-82C1-A2F9403F2DA6}) (Version: - Microsoft)
Service Pack 3 für SQL Server 2008 (KB2546951) (HKLM\...\KB2546951) (Version: 10.3.5500.0 - Microsoft Corporation)
SHIELD Streaming (Version: 3.1.100 - NVIDIA Corporation) Hidden
Skype™ 7.2 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.3.5500.0 - Microsoft Corporation) Hidden
StarMoney (Version: 3.0.0.124 - StarFinanz) Hidden
StarMoney (Version: 4.0.4.16 - StarFinanz) Hidden
Stronghold (HKLM\...\{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}) (Version: 1.20.0000 - Firefly Studios)
TeamSpeak 3 Client (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\TeamSpeak 3 Client) (Version: 3.0.15 - TeamSpeak Systems GmbH)
TomTom HOME (HKLM\...\{7A2BB1C8-903D-4585-9F3B-CADD67D07D37}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Ubisoft Game Launcher (HKLM\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
Unterstützungsdateien für Microsoft SQL Server 2008-Setup (HKLM\...\{2A231800-A7CF-4223-B8A3-1FD9057BAE96}) (Version: 10.3.5500.0 - Microsoft Corporation)
Uplay (HKLM\...\Uplay) (Version: 4.6 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.63 - Nullsoft, Inc)
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Hewlett-Packard Image (04/27/2007 9.0.0.0) (HKLM\...\A6BCA7876CD547CFB5821019998F044515D81B74) (Version: 04/27/2007 9.0.0.0 - Hewlett-Packard)
Z-Cron (HKLM\...\{FD57FF4D-7225-4DAC-B15D-9BAE3E8A0E2B}) (Version: 4.9.0.53 - IMU Andreas Baumann)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8A8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D2-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{0713E8D8-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F0-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{373FF7F4-EB8B-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8A-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D8F-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D93-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{58DA8D96-9D6A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB955-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB956-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB957-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{5ACBB958-5C57-11CF-8993-00AA00688B10}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6027C2D4-FB28-11CD-8820-08002B2F4F5A}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8624-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{612A8628-0FB3-11CE-8747-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{62823C20-41A3-11CE-9E8B-0020AF039CA3}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E638F-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E6393-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{6B7E63A3-850A-101B-AFC0-4210102A8DA7}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94440-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{9ED94444-E5E8-101B-B9B5-444553540000}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{B66834C6-2E60-11CE-8748-524153480004}\InprocServer32 -> C:\Windows\system32\comctl32.ocx (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Restore Points =========================
26-02-2015 17:29:08 Geplanter Prüfpunkt
06-03-2015 19:00:13 Geplanter Prüfpunkt
12-03-2015 20:15:24 Installed calibre
13-03-2015 23:12:09 Installed calibre
17-03-2015 11:58:34 avast! antivirus system restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {191C7B13-A2E5-416A-8428-85C9F4483AC4} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {1A7CA7EA-8A8F-4282-9644-B5160692C2E1} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {2E992470-35AD-43DB-AC10-A9CE1376D928} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {618DEE84-9E27-4E67-B8D7-2265C4D0E11A} - System32\Tasks\{094D1E08-30AE-4C6D-9378-E126CBB3CDF2} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {6F7AAFB6-FD59-43E6-9A20-21F8C2D89805} - System32\Tasks\{F6E4E344-AFA4-45EC-B680-316642C7B274} => pcalua.exe -a D:\Downloads\the_settlers_7_1.09full.exe -d D:\Downloads
Task: {7256C442-D3AA-4728-A4E4-2FE8B724DAC4} - System32\Tasks\{C6450D5E-BEC1-46C0-B9D9-3BEDA450F984} => pcalua.exe -a "E:\DAEMON Tools Lite\InstallGadget.exe" -d "E:\DAEMON Tools Lite"
Task: {8BC55973-9258-4920-BE86-0D24D5D685D6} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {AED41E5D-F890-4EE5-9E9E-B55AF601D486} - System32\Tasks\{0D53B32E-FCF5-4EC2-BFEE-66BCB2581099} => pcalua.exe -a D:\Downloads\the_settlers_7_1.10full.exe -d D:\Downloads
Task: {B434EE57-04A4-4306-821D-5768C3D504BA} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {B4D7077F-250B-4863-B751-A388DE4858E3} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {B9A0C4A2-9AE8-4820-BE0C-E731F41CBBD4} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-03-17] (Avast Software s.r.o.)
Task: {BE33C3A2-D018-439E-B12F-CEE12418FCC1} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe
Task: {C830ED48-B5C0-419F-9AEB-D46C0515296F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mainwurf-Claudi Mainwurf => E:\Office 2013\Office15\MsoSync.exe [2014-01-23] (Microsoft Corporation)
Task: {CC31F910-894E-4A2A-9DE8-3E33FC0B8BA3} - System32\Tasks\{6C3D7013-6959-4F74-A829-2331FD571855} => E:\PowerLine Utility\PowerLine Utility.exe
Task: {D3472535-CD02-424C-B62D-340234199A36} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {DA5BE7E9-C870-4B8A-8E20-07482868AE86} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {DD8019B9-09FA-4131-9F2E-A98C024120DA} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {E1306F84-6F52-4D0A-9BC4-ED5A8BF091F1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2014-04-25] (Google Inc.)
Task: {E31A6401-5975-4FA3-87FA-081775700DB5} - System32\Tasks\{1C94C6D1-C589-46BF-9E1E-73D7032ED5AF} => pcalua.exe -a C:\Users\Claudi\Desktop\setup_basic_G2710_3.exe -d C:\Users\Claudi\Desktop
Task: {E835B712-93FC-469A-AF7F-47AAEB695393} - System32\Tasks\QIPdater 2012 => E:\QIP\qipdater.exe [2012-03-27] (Caphyon LTD)
Task: {F2C691D9-F45F-4E7C-83F4-109DCCA4C4BA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {F822BF3F-22DD-433E-95B7-93D64CA69A76} - System32\Tasks\Games\UpdateCheck_S-1-5-21-4207056575-3370044151-3894322460-1004
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\QIPdater 2012.job => E:\QIP\qipdater.exe
==================== Loaded Modules (whitelisted) ==============
2015-03-17 11:57 - 2015-03-17 11:57 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031700\algo.dll
2013-04-10 09:15 - 2008-01-10 13:17 - 00022723 _____ () C:\Windows\System32\ssp2ml3.dll
2014-07-09 19:16 - 2013-05-15 07:32 - 00024064 _____ () C:\Windows\System32\sst6clm.dll
2013-04-08 18:56 - 2014-07-02 20:42 - 00107992 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-03-13 20:24 - 2015-03-13 20:24 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-17 11:57 - 2015-03-17 11:57 - 00043008 _____ () c:\users\claudi\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj659we.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Claudi\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: FsUsbExService => 2
MSCONFIG\Services: NAUpdate => 2
MSCONFIG\Services: OverwolfUpdaterService => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TomTomHOMEService => 2
MSCONFIG\startupreg: DAEMON Tools Lite => "E:\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: KiesAirMessage => E:\Kies\KiesAirMessage.exe -startup
MSCONFIG\startupreg: KiesPDLR => E:\Kies\External\FirmwareUpdate\KiesPDLR.exe
MSCONFIG\startupreg: KiesPreload => E:\Kies\Kies.exe /preload
MSCONFIG\startupreg: KiesTrayAgent => E:\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: PDFPrint => E:\PDF24\pdf24.exe
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: VirtualCloneDrive => "E:\VirtualCloneDrive\VCDDaemon.exe" /s
MSCONFIG\startupreg: WinampAgent => E:\Winamp\winampa.exe
==================== Accounts: =============================
Administrator (S-1-5-21-4207056575-3370044151-3894322460-500 - Administrator - Disabled)
Claudi (S-1-5-21-4207056575-3370044151-3894322460-1000 - Administrator - Enabled) => C:\Users\Claudi
Gast (S-1-5-21-4207056575-3370044151-3894322460-501 - Limited - Enabled)
Laura (S-1-5-21-4207056575-3370044151-3894322460-1005 - Limited - Enabled) => C:\Users\Laura
Lisa (S-1-5-21-4207056575-3370044151-3894322460-1004 - Limited - Enabled) => C:\Users\Lisa
==================== Faulty Device Manager Devices =============
Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (03/17/2015 11:58:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {224ef49b-8819-4e0c-8228-3b3d73373e76}
Error: (03/17/2015 11:56:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 05:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x1190
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x1080
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0xf7c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x132c
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x1558
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0x15dc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: xul.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f85115
Ausnahmecode: 0xc0000005
Fehleroffset: 0x011afb85
ID des fehlerhaften Prozesses: 0xfe8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (03/16/2015 05:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 36.0.1.5542, Zeitstempel: 0x54f851c0
Name des fehlerhaften Moduls: mozalloc.dll, Version: 36.0.1.5542, Zeitstempel: 0x54f8437e
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001e02
ID des fehlerhaften Prozesses: 0x1394
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
System errors:
=============
Error: (03/17/2015 11:56:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/16/2015 01:24:56 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/15/2015 05:58:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/14/2015 10:58:17 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/14/2015 10:50:10 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/13/2015 01:31:59 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/12/2015 06:37:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/11/2015 06:32:12 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/10/2015 06:59:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Error: (03/09/2015 04:20:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20
Microsoft Office Sessions:
=========================
Error: (03/17/2015 11:58:31 AM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {224ef49b-8819-4e0c-8228-3b3d73373e76}
Error: (03/17/2015 11:56:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/16/2015 05:46:09 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85119001d06008b3f18154E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllf1be7596-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:07 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85108001d06008b3015170E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllf0c8040b-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85f7c01d06008b26dc1d6E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllf0355ed5-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85132c01d06008b19c8c16E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllef6317a1-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:46:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85155801d06008b063e072E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllee2a1ddb-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:45:43 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb8515dc01d06008a4c7727cE:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dlle2948dcf-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:45:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0xul.dll36.0.1.554254f85115c0000005011afb85fe801d060089ccfb02eE:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\xul.dllda97e96f-cbfb-11e4-93e7-902b3496e0e2
Error: (03/16/2015 05:43:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe36.0.1.554254f851c0mozalloc.dll36.0.1.554254f8437e8000000300001e02139401d06007188c5253E:\Mozilla Firefox\plugin-container.exeE:\Mozilla Firefox\mozalloc.dll91077b10-cbfb-11e4-93e7-902b3496e0e2
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 945 Processor
Percentage of memory in use: 39%
Total physical RAM: 3069.55 MB
Available physical RAM: 1867.26 MB
Total Pagefile: 6137.39 MB
Available Pagefile: 4486.54 MB
Total Virtual: 2047.88 MB
Available Virtual: 1872.63 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:150.1 GB) (Free:100.29 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Eigene Dateien) (Fixed) (Total:74.53 GB) (Free:24.74 GB) NTFS
Drive e: (Programme Neu) (Fixed) (Total:200 GB) (Free:127.92 GB) NTFS
Drive f: (Diverser Krempel) (Fixed) (Total:250 GB) (Free:80.27 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 44E3C1CF)
Partition 1: (Active) - (Size=150.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=250 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=481.4 GB) - (Type=OF Extended)
========================================================
Disk: 1 (MBR Code: Windows 7 or Vista) (Size: 74.5 GB) (Disk ID: 43520020)
Partition 1: (Not Active) - (Size=74.5 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Claudi (administrator) on MAINWURF on 17-03-2015 12:43:55
Running from C:\Users\Claudi\Desktop\Checks
Loaded Profiles: Claudi (Available profiles: Claudi & Lisa & Laura)
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(XTab system) C:\Program Files\XTab\ProtectService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TomTom) E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Geek Software GmbH) E:\PDF24\pdf24.exe
(Hewlett-Packard) E:\HP\HP Software Update\hpwuschd2.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Dropbox, Inc.) C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Mozilla Corporation) E:\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [11430504 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2403288 2014-08-09] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [NeroFilterCheck] => C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [161328 2007-03-26] (Nero AG)
HKLM\...\Run: [PDFPrint] => E:\PDF24\pdf24.exe [191528 2014-07-04] (Geek Software GmbH)
HKLM\...\Run: [HP Software Update] => E:\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\Run: [EEDSpeedLauncher] => rundll32.exe C:\Windows\system32\eed_ec.dll,SpeedLauncher
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: J - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {04c07d38-75a9-11e4-91b5-902b3496e0e2} - H:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {467a7233-e01a-11e3-b11d-902b3496e0e2} - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {4d7b3308-c527-11e2-8d67-902b3496e0e2} - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {712d930f-b0b7-11e2-bfc7-902b3496e0e2} - I:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {74cf9383-7dfd-11e4-9a54-902b3496e0e2} - H:\LGAutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {78d4d1d9-5c47-11e4-8097-902b3496e0e2} - H:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {8ac65345-b56d-11e2-b811-902b3496e0e2} - J:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {a3a704e4-071e-11e3-b9d4-902b3496e0e2} - I:\AutoRun.exe
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\...\MountPoints2: {d5fd5f87-e933-11e2-8f49-902b3496e0e2} - I:\AutoRun.exe
Startup: C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Claudi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Claudi\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=05203580-871c-be69-0e91-b86f299b8ad7&searchtype=ds&q={searchTerms}&installDate={installDate}
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/film/
HKU\S-1-5-21-4207056575-3370044151-3894322460-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> DefaultScope {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {0AC146A7-E2EA-4554-A12E-26D55074CE2E} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
SearchScopes: HKU\S-1-5-21-4207056575-3370044151-3894322460-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL = hxxp://www.mystartsearch.com/web/?utm_source=b&utm_medium=cor&utm_campaign=install_ie&utm_content=ds&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&ts=1426524256&type=default&q={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> E:\Office 2013\Office15\OCHelper.dll [2014-01-23] (Microsoft Corporation)
BHO: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files\XTab\SupTab.dll [2015-01-16] (Thinknice Co. Limited)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> E:\Office 2013\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-27] (Oracle Corporation)
BHO: Between Lines 1.0.0.7 -> {fb1b354f-6305-4364-bf9c-4bfef634a9db} -> C:\Program Files\Between Lines\BetweenLinesbho.dll [2015-03-02] (Between Lines)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - E:\Office 2013\Office15\MSOSB.DLL [2014-03-12] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default
FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&CUI=UN21792360229163249&UM=2&SearchSource=3&q={searchTerms}&sspv=TB_CNI
FF SelectedSearchEngine: mystartsearch
FF Homepage: about:home
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3317892&SearchSource=2&CUI=UN21792360229163249&UM=2&sspv=TB_CNI&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> E:\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-27] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> E:\Office 2013\Office15\NPSPWRAP.DLL No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll No File
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL No File
FF Plugin: @nvidia.com/3DVision -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming -> C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-07-02] (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> E:\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin HKU\S-1-5-21-4207056575-3370044151-3894322460-1000: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> E:\PDF Viewer\PDF Viewer\npPDFXCviewNPPlugin.dll [2014-10-28] (Tracker Software Products (Canada) Ltd.)
FF Extension: Xmarks - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\foxmarks@kei.com [2014-11-23]
FF Extension: FireFTP - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f} [2015-01-16]
FF Extension: Bookmark Backup - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{3474c305-9dad-11d8-9207-00055d74c2e4}.xpi [2013-04-08]
FF Extension: Adblock Plus - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-04-08]
FF Extension: DownThemAll! - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-04-08]
FF Extension: Between Lines 1.0.1 - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\firefox@betweenlinesnow.com.xpi [2015-03-02]
FF Extension: No Name - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\scriptish@erikvold.com.xpi [2013-04-08]
FF Extension: User Agent Switcher - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\t1i2rmcl.lori\Extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2013-04-08]
FF HKLM\...\Firefox\Extensions: [searchengine@gmail.com] - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\searchengine@gmail.com
FF HKLM\...\Firefox\Extensions: [istart_ffnt@gmail.com] - C:\Users\Claudi\AppData\Roaming\Mozilla\Firefox\Profiles\abqeew4h.default\extensions\istart_ffnt@gmail.com
StartMenuInternet: FIREFOX.EXE - E:\Mozilla Firefox\firefox.exe
Chrome:
=======
CHR HomePage: Default -> hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792
CHR StartupUrls: Default -> "hxxp://www.mystartsearch.com/?type=hp&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792"
CHR DefaultSearchKeyword: Default -> mystartsearch
CHR DefaultSearchURL: Default -> hxxp://www.mystartsearch.com/web/?type=ds&ts=1426524205&from=cor&uid=ST1000DM003-1CH162_S1D96792XXXXS1D96792&q={searchTerms}
CHR Profile: C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-25]
CHR Extension: (Google Drive) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-25]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-10-02]
CHR Extension: (YouTube) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-25]
CHR Extension: (Google Search) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-25]
CHR Extension: (Google Wallet) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-25]
CHR Extension: (Gmail) - C:\Users\Claudi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-25]
Opera:
=======
StartMenuInternet: (HKU\S-1-5-21-4207056575-3370044151-3894322460-1000) Opera - "E:\Opera\Opera.exe"
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-18] (AVAST Software)
S4 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-10-30] (Teruten) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 IHProtect Service; C:\Program Files\XTab\ProtectService.exe [158896 2015-01-16] (XTab system)
R2 MSSQL$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\sqlservr.exe [43028328 2011-09-22] (Microsoft Corporation)
S4 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [762192 2013-07-18] (Nero AG)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1720792 2014-08-09] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [17550808 2014-08-09] (NVIDIA Corporation)
S4 SQLAgent$SERVEREXP2008; C:\Program Files\Microsoft SQL Server\MSSQL10.SERVEREXP2008\MSSQL\Binn\SQLAGENT.EXE [370024 2011-09-22] (Microsoft Corporation)
R2 TomTomHOMEService; E:\TT Home\TomTom HOME 2\TomTomHOMEService.exe [93040 2014-06-05] (TomTom)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [493712 2015-03-16] (SysTool PasSame LIMITED)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag.sys [23040 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem.sys [27776 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis.sys [73728 2012-07-04] (LG Electronics Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [19056 2011-11-02] ()
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24144 2015-03-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [73440 2015-03-17] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81728 2015-03-17] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49904 2015-03-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [788272 2015-03-17] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427480 2015-03-17] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206976 2015-03-17] ()
S2 DgiVecp; C:\Windows\system32\Drivers\DgiVecp.sys [41984 2008-01-10] (Samsung Electronics Co., Ltd.) [File not signed]
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-10-30] () [File not signed]
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19416 2014-08-09] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2014-03-31] (NVIDIA Corporation)
S4 RsFx0105; C:\Windows\System32\DRIVERS\RsFx0105.sys [238696 2011-09-22] (Microsoft Corporation)
S3 RTL8192cu; C:\Windows\System32\DRIVERS\RTL8192cu.sys [629760 2010-08-10] (Realtek Semiconductor Corporation )
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2013-11-26] (Samsung Electronics) [File not signed]
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
S3 tap0901; C:\Windows\System32\DRIVERS\tap0901.sys [35288 2013-08-22] (The OpenVPN Project)
S3 dgderdrv; System32\drivers\dgderdrv.sys [X]
S3 gdrv; \??\C:\Windows\gdrv.sys [X]
S3 MSICDSetup; \??\G:\CDriver.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 12:43 - 2015-03-17 12:43 - 00000000 ____D () C:\FRST
2015-03-17 12:42 - 2015-03-17 12:42 - 00000000 _____ () C:\Users\Claudi\defogger_reenable
2015-03-17 12:10 - 2015-03-17 12:43 - 00000000 ____D () C:\Users\Claudi\Desktop\Checks
2015-03-17 12:01 - 2015-03-17 12:01 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-17 12:00 - 2015-03-17 12:00 - 00000626 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-17 12:00 - 2015-03-17 12:00 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-17 12:00 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 12:00 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-17 11:59 - 2015-03-17 11:59 - 00291312 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-03-17 11:59 - 2015-03-17 11:59 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-03-17 11:59 - 2014-11-22 14:21 - 00787800 _____ (AVAST Software) C:\Windows\system32\Drivers\aswEC5D.tmp
2015-03-17 11:59 - 2014-11-20 20:23 - 00423784 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF9CA.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00206248 _____ () C:\Windows\system32\Drivers\aswFC4A.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF1BA.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00070384 _____ (AVAST Software) C:\Windows\system32\Drivers\aswF600.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00049944 _____ () C:\Windows\system32\Drivers\aswF7F5.tmp
2015-03-17 11:59 - 2014-11-18 20:23 - 00024184 _____ () C:\Windows\system32\Drivers\aswF322.tmp
2015-03-17 11:58 - 2015-03-17 11:58 - 01054912 _____ (Adobe) C:\Users\Claudi\Desktop\install_flashplayer17x32au_mssd_aaa_aih.exe
2015-03-16 17:44 - 2015-03-16 17:44 - 00002037 _____ () C:\Users\Claudi\Desktop\JDownloader 2.lnk
2015-03-16 17:44 - 2015-03-16 17:44 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-03-16 17:44 - 2015-03-16 17:44 - 00000000 ____D () C:\ProgramData\IHProtectUpDate
2015-03-16 17:44 - 2015-03-16 17:44 - 00000000 ____D () C:\Program Files\XTab
2015-03-16 17:43 - 2015-03-16 18:21 - 00000000 ____D () C:\Users\Claudi\AppData\Local\JDownloader v2.0
2015-03-16 17:43 - 2015-03-16 17:43 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\mystartsearch
2015-03-16 17:43 - 2015-03-16 17:43 - 00000000 ____D () C:\Program Files\Between Lines
2015-03-16 17:40 - 2015-03-16 17:44 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\JDownloader
2015-03-16 15:10 - 2015-03-16 15:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Heroes of the Storm
2015-03-16 14:15 - 2015-03-16 14:41 - 00000000 ____D () C:\Users\Claudi\Desktop\kur
2015-03-14 12:05 - 2015-03-14 12:05 - 00000000 ____D () C:\Users\Claudi\Tracing
2015-03-12 20:17 - 2015-03-14 11:54 - 00000000 ____D () C:\Users\Claudi\AppData\Local\calibre-cache
2015-03-12 20:16 - 2015-03-14 11:53 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\calibre
2015-03-12 20:16 - 2015-03-13 23:12 - 00000890 _____ () C:\Users\Public\Desktop\calibre - E-book management.lnk
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
2015-03-12 20:15 - 2015-03-13 23:12 - 00000000 ____D () C:\Program Files\Calibre2
2015-02-20 15:15 - 2015-02-20 15:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III Public Test
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-17 12:42 - 2013-04-08 18:45 - 00000000 ____D () C:\Users\Claudi
2015-03-17 12:31 - 2014-04-25 14:50 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-17 12:12 - 2014-04-30 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-17 12:04 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-17 12:04 - 2009-07-14 05:34 - 00026352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-17 12:03 - 2010-11-20 22:01 - 01807830 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-17 12:00 - 2013-04-08 18:47 - 01497802 _____ () C:\Windows\WindowsUpdate.log
2015-03-17 11:59 - 2014-04-24 18:44 - 00024144 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00788272 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00427480 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00206976 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00081728 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00073440 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-03-17 11:59 - 2013-04-08 19:14 - 00049904 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-03-17 11:57 - 2013-04-08 20:40 - 00000228 _____ () C:\Windows\Tasks\QIPdater 2012.job
2015-03-17 11:57 - 2013-04-08 19:17 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Dropbox
2015-03-17 11:56 - 2014-04-25 14:50 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-17 11:56 - 2013-04-08 18:56 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-03-17 11:56 - 2010-11-20 22:48 - 00307152 _____ () C:\Windows\PFRO.log
2015-03-17 11:56 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-17 11:56 - 2009-07-14 05:39 - 00192588 _____ () C:\Windows\setupact.log
2015-03-16 22:41 - 2014-03-10 20:48 - 00000000 ____D () C:\Users\Claudi\AppData\Local\Battle.net
2015-03-16 21:05 - 2013-05-03 20:19 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Skype
2015-03-15 20:36 - 2014-06-25 19:13 - 00000000 ____D () C:\Users\Claudi\Desktop\beraeuner2007
2015-03-14 23:19 - 2013-04-08 18:08 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Nettalk
2015-03-14 12:04 - 2014-03-23 14:55 - 00000000 ___RD () C:\Program Files\Skype
2015-03-14 12:04 - 2013-05-03 20:19 - 00000000 ____D () C:\ProgramData\Skype
2015-03-10 19:02 - 2013-04-08 19:18 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-08 12:51 - 2013-04-08 19:15 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-01 22:47 - 2014-12-14 12:46 - 00000000 ____D () C:\Users\Claudi\AppData\Roaming\vlc
2015-02-28 22:24 - 2014-03-10 20:48 - 00000000 ____D () C:\Program Files\Battle.net
2015-02-20 15:15 - 2013-04-08 19:07 - 00000000 ____D () C:\Program Files\Common Files\Blizzard Entertainment
2015-02-19 19:55 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
==================== Files in the root of some directories =======
2013-12-17 20:24 - 2014-11-29 17:36 - 0006656 _____ () C:\Users\Claudi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-12-24 14:56 - 2014-12-24 14:56 - 0000846 _____ () C:\Users\Claudi\AppData\Local\recently-used.xbel
2014-04-21 15:26 - 2014-11-28 21:18 - 0007620 _____ () C:\Users\Claudi\AppData\Local\Resmon.ResmonCfg
2014-10-30 19:33 - 2014-11-15 16:08 - 0015220 _____ () C:\ProgramData\hpzinstall.log
2013-06-24 13:24 - 2013-06-24 13:24 - 0000099 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
Some content of TEMP:
====================
C:\Users\Claudi\AppData\Local\Temp\130709977849463590.exe
C:\Users\Claudi\AppData\Local\Temp\13070997786856361715.exe
C:\Users\Claudi\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj659we.dll
C:\Users\Claudi\AppData\Local\Temp\proxy_vole2115328007879522814.dll
C:\Users\Claudi\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-03-15 18:29
==================== End Of Log ============================
GMER: Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-17 13:18:24
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST1000DM003-1CH162 rev.CC46 931,51GB
Running: 5j3ehlwv.exe; Driver: C:\Users\Claudi\AppData\Local\Temp\kfdcypog.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x90E1DACC]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x90EDA31C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x90E1E5AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x90E2A6A0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x90E2A6EC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x90E2A886]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x90E2A60E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x90EDA6F6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x90E2A656]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x90EDA986]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x90EDAA70]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x90E2A840]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x90E1F398]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x90E1DB32]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwDuplicateObject [0x90EDAB74]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwFreeVirtualMemory [0x90EDA3F4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwLoadDriver [0x90ED778E]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x90EDA7D6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x90E1DB98]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90E22FE0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x90E1FEDC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x90E2A6CA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x90E2A70E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x90E2A8AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x90E2A634]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x90E224E2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x90E2A7BE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x90E2A67E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x90E228CE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x90E2A864]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x90EDA574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x90E1FCF4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x90E1FA02]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x90E1DBFE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x90E1DC64]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x90EDA8D2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x90E1D7B8]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x90E1D98A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x90E1D918]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x90E1F562]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x90E1F6C4]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x90E1DA12]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x90EDA642]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x90E1F1F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwUnloadDriver [0x90ED77BE]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x90E1DCCA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x90EDA4A6]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 8347AA15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 834B4212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 834BB460 4 Bytes [CC, DA, E1, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 834BB488 4 Bytes [1C, A3, ED, 90] {SBB AL, 0xa3; IN EAX, DX; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 834BB4E8 4 Bytes [AA, E5, E1, 90] {STOSB ; IN EAX, 0xe1; NOP }
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 834BB53C 8 Bytes [A0, A6, E2, 90, EC, A6, E2, ...] {MOV AL, [0xec90e2a6]; CMPSB ; LOOP 0xffffff98}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 834BB548 4 Bytes [86, A8, E2, 90]
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 836764EF 4 Bytes CALL 90E205C3 \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 83690357 4 Bytes CALL 90E205D9 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1552] kernel32.dll!SetUnhandledExceptionFilter 75F6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[2736] kernel32.dll!SetUnhandledExceptionFilter 75F6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!RegisterClipboardFormatA 7632C091 5 Bytes JMP 56DEA960 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!RegisterClipboardFormatW 7632DF8D 5 Bytes JMP 56DE5C7E C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!BeginPaint 76335D14 5 Bytes JMP 56DF8A2D C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] USER32.dll!ValidateRect 7634F089 5 Bytes JMP 56F60569 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] ole32.dll!OleLoadFromStream 77466143 5 Bytes JMP 578C6EAF C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text E:\Office 2013\Office15\MsoSync.exe[5340] SHELL32.dll!SHParseDisplayName 766A7EDB 5 Bytes JMP 56FF0A45 C:\Program Files\Common Files\Microsoft Shared\Office15\mso.dll
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[5500] kernel32.dll!SetUnhandledExceptionFilter 75F6F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\rdyboost\Parameters@LastBootPlanUserTime ?Di?, ?Mrz ?17 ?15, 01:02:44??????????????? ???????????????????
---- EOF - GMER 2.1 ----
Nun erhoffe ich mir von Euch Hilfe, wo sich die Plagegeister verstecken und wie ich sie loswerde.
Herzlichen Dank!
Claudi |
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
