| Googlefisch | 13.04.2015 13:20 |
So, hat ein bisschen gedauert, aber ich hab's endlich geschafft (zeitlich, technische Probleme gab's eigentlich keine):
MBAM Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 13.04.2015
Suchlauf-Zeit: 10:10:55
Logdatei: MBAM-scan.txt
Administrator: Ja
Version: 2.01.4.1018
Malware Datenbank: v2015.04.13.03
Rootkit Datenbank: v2015.03.31.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Konfigurator
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 531614
Verstrichene Zeit: 17 Min, 4 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 20
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E155F23C-9931-47c6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\GutscheinCodes.GutscheinCodesBHO, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\GutscheinCodes.GutscheinCodesBHO.1, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GutscheinCodes.GutscheinCodesBHO, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\GutscheinCodes.GutscheinCodesBHO.1, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\GutscheinCodes.GutscheinCodesBHO, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\GutscheinCodes.GutscheinCodesBHO.1, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1007\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.WebCheck.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E155F23C-9931-47C6-A619-20E6FCA86D75}, In Quarantäne, [1bfc95d74a40fc3a788254e6bc4758a8],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1005\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{a25e7121-3dd8-41b3-855b-756c5bc45449}, In Quarantäne, [60b74a22b9d142f4b31176025ca71fe1],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A25E7121-3DD8-41B3-855B-756C5BC45449}, In Quarantäne, [60b74a22b9d142f4b31176025ca71fe1],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A25E7121-3DD8-41B3-855B-756C5BC45449}, In Quarantäne, [60b74a22b9d142f4b31176025ca71fe1],
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Web Check, In Quarantäne, [d93e125a19714ee807c1d4089b68d52b],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1008\SOFTWARE\APPDATALOW\SOFTWARE\SIMPLYTECH\HomeTab, In Quarantäne, [31e67bf1c3c72412f3aa30c02dd637c9],
Registrierungswerte: 5
PUP.Optional.SearchCertified.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, In Quarantäne, [51c6d4983852a1953a673ab7f80bad53]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=%s, In Quarantäne, [5cbba6c68ffb1125e4c5f5fb13f0c53b]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=%s, In Quarantäne, [a671d993d5b5e0560aa03cb4a55e36ca]
PUP.Optional.WebCheck.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{52b0f3db-f988-4788-b9dc-861d016f4487}, C:\Program Files (x86)\Web Check\WebCheck.xpi, In Quarantäne, [4bcc412b05858aac784230bb7a89a55b]
PUP.Optional.SearchCertified.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, In Quarantäne, [9a7d2d3ff09a5dd9930c6e837a8914ec]
Registrierungsdaten: 19
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Gut: (www.google.com), Schlecht: (%appdata%\SimplyTech\home\home.htm),Ersetzt,[0b0c5d0f6b1fa690a1cd52a52dd8d42c]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[6fa845274f3b0f2790cd837d0204b14f]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[eb2c94d8e7a391a55805d12fa36304fc]
Hijack.StartPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[bf582e3e6f1b37ff362725db10f62fd1]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[1ef92d3f7d0dd1654f3227d015f0649c]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[43d4412b76145bdbfe607f8139cdb44c]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[ad6a82ea4842c175f28f8275ab5afe02]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[04135f0dabdf46f0e37bf60af70ff50b]
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[bc5b65074d3d45f1fe83f8ff09fcf40c]
Hijack.SearchPage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[e334bab209813bfbcf8f47b98c7acd33]
Hijack.StartPage, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[bc5bcca0bdcd0a2cb1abff018a7c8779]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[b16615578a0054e2b1cfe6119b6ada26]
Hijack.SearchPage, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[3cdba6c6bbcf3cfa7ae5b05063a3f010]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[e92e224a43473bfb423ebc3b24e1629e]
Hijack.SearchPage, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Bar, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[38df98d4ff8b47ef530c7f817a8cd32d]
PUP.Optional.CertifiedToolBar.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[dc3b0d5f2367142299e7a651b0558e72]
Hijack.SearchPage, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Search Page, hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=, Gut: (hxxp://www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=),Ersetzt,[27f064083b4fa2942a35e9172cda17e9]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=%s, Gut: (www.google.com), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=%s),Ersetzt,[28ef214b276369cdb78426dcba4c33cd]
PUP.Optional.SearchCertifiedTB.A, HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|(Default), hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=%s, Gut: (www.google.com/), Schlecht: (hxxp://search.certified-toolbar.com?si=&st=bs&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=%s),Ersetzt,[ea2d3537b8d26bcb112b50b21aec46ba]
Ordner: 4
PUP.Optional.WebCheck.A, C:\Program Files (x86)\Web Check, In Quarantäne, [d93e125a19714ee807c1d4089b68d52b],
PUP.Optional.HomeTab.A, C:\Users\NEF\AppData\LocalLow\HomeTab, In Quarantäne, [799e125a404ae3533cceb4e4cb3849b7],
PUP.Optional.HomeTab.A, C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\ke0biu73.default-1414579441767\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}, In Quarantäne, [44d319533f4b10266615e6b9f013cf31],
PUP.Optional.HomeTab.A, C:\Users\NEF\AppData\Roaming\Mozilla\Firefox\Profiles\n1y0m5xg.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}, In Quarantäne, [f52227450a806dc9d4a7b2eddc27c23e],
Dateien: 22
PUP.Optional.HomeTab.A, C:\Users\Konfigurator\AppData\Local\DownloadGuide\Offers\hometab.exe, In Quarantäne, [37e0a5c72c5e999d6572291b18e9ca36],
PUP.Optional.CrossRider, C:\Users\Konfigurator\AppData\Local\DownloadGuide\Offers\plus-hd-3-8.exe, In Quarantäne, [1601abc1305a6acc431253ff11f0ab55],
PUP.Optional.Simplytech, C:\Windows\Launcher.exe, In Quarantäne, [888f224a1773f046c1edcd9c9f6607f9],
PUP.Optional.WebCheck.A, C:\Program Files (x86)\Web Check\WebCheck.crx, In Quarantäne, [d93e125a19714ee807c1d4089b68d52b],
PUP.Optional.WebCheck.A, C:\Program Files (x86)\Web Check\icon.ico, In Quarantäne, [d93e125a19714ee807c1d4089b68d52b],
PUP.Optional.WebCheck.A, C:\Program Files (x86)\Web Check\Uninst.exe, In Quarantäne, [d93e125a19714ee807c1d4089b68d52b],
PUP.Optional.WebCheck.A, C:\Program Files (x86)\Web Check\WebCheck.xpi, In Quarantäne, [d93e125a19714ee807c1d4089b68d52b],
PUP.Optional.WebSearch.A, C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\elt3f1yd.default\searchplugins\Web Search.xml, In Quarantäne, [59be3834aedcf3438ca2c54131d350b0],
PUP.Optional.WebSearch.A, C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\ke0biu73.default-1414579441767\searchplugins\Web Search.xml, In Quarantäne, [19febfadfe8cfe38200eac5a25df837d],
PUP.Optional.WebSearch.A, C:\Users\Konfigurator\AppData\Roaming\Mozilla\Firefox\Profiles\066gruod.default\searchplugins\Web Search.xml, In Quarantäne, [6fa8c1abddad2c0a949afb0be51ff10f],
PUP.Optional.WebSearch.A, C:\Users\Konfigurator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_583395\searchplugins\Web Search.xml, In Quarantäne, [24f370fcfb8fc96d78b6da2cd331d42c],
PUP.Optional.WebSearch.A, C:\Users\NEF\AppData\Roaming\Mozilla\Firefox\Profiles\n1y0m5xg.default\searchplugins\Web Search.xml, In Quarantäne, [3cdbf07cb7d3f145a985986e966e7d83],
PUP.Optional.SearchCertifiedTB.A, C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml, In Quarantäne, [b463d6968ffbe3536076c348f90b30d0],
PUP.Optional.HomeTab.A, C:\Users\NEF\AppData\LocalLow\HomeTab\settings.dat, In Quarantäne, [799e125a404ae3533cceb4e4cb3849b7],
PUP.Optional.HomeTab.A, C:\Users\NEF\AppData\LocalLow\HomeTab\stbcfg.bin, In Quarantäne, [799e125a404ae3533cceb4e4cb3849b7],
PUP.Optional.HomeTab.A, C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\ke0biu73.default-1414579441767\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\HomeTab_6787.sqlite, In Quarantäne, [44d319533f4b10266615e6b9f013cf31],
PUP.Optional.HomeTab.A, C:\Users\NEF\AppData\Roaming\Mozilla\Firefox\Profiles\n1y0m5xg.default\extensions\{ad7ef860-f366-4be1-8d12-4363b9356947}\HomeTab_6787.sqlite, In Quarantäne, [f52227450a806dc9d4a7b2eddc27c23e],
PUP.Optional.CertifiedTB.A, C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\elt3f1yd.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=");), Ersetzt,[c55229433456979fa08b330e26e09967]
PUP.Optional.CertifiedTB.A, C:\Users\Allgemein\AppData\Roaming\Mozilla\Firefox\Profiles\ke0biu73.default-1414579441767\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=");), Ersetzt,[cc4b82eaef9b181ee249f94811f5d729]
PUP.Optional.CertifiedTB.A, C:\Users\Konfigurator\AppData\Roaming\Mozilla\Firefox\Profiles\066gruod.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=");), Ersetzt,[859292da33572313101b4af7a2647090]
PUP.Optional.CertifiedTB.A, C:\Users\Konfigurator\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_583395\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=");), Ersetzt,[29ee1755078374c26ebd1f22ea1c12ee]
PUP.Optional.CertifiedTB.A, C:\Users\NEF\AppData\Roaming\Mozilla\Firefox\Profiles\n1y0m5xg.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=&st=chrome&tid=6787&ver=4.4&ts=1379196000000.000009&tguid=66920-6787-1379267368849-4E0DEAEFFFA97E2AC669B1E91C78A2F7&q=");), Ersetzt,[62b503695a307eb849e2f54c9b6bc739]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
ADWCleaner Code:
# AdwCleaner v4.201 - Bericht erstellt 13/04/2015 um 10:36:53
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Lokal]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Konfigurator - KONFIGURATOR-PC
# Gestarted von : C:\Users\Allgemein\Desktop\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Program Files\SoftwareUpdater
Ordner Gelöscht : C:\Users\Allgemein\AppData\Local\AskPartnerNetwork
Ordner Gelöscht : C:\Users\Allgemein\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\Konfigurator\AppData\Local\DownloadGuide
Ordner Gelöscht : C:\Users\Konfigurator\AppData\Local\SoftwareUpdater
Ordner Gelöscht : C:\Users\Konfigurator\AppData\Local\DriverTuner
Ordner Gelöscht : C:\Users\Konfigurator\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\Konfigurator\AppData\LocalLow\SimplyTech
Ordner Gelöscht : C:\Users\NEF\AppData\LocalLow\GutscheinCodes
Ordner Gelöscht : C:\Users\NEF\AppData\LocalLow\SimplyTech
***** [ Geplante Tasks ] *****
Task Gelöscht : FreeDriverScout
Task Gelöscht : Software Updater
Task Gelöscht : Software Updater Ui
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\DriverTuner_Init
Schlüssel Gelöscht : HKCU\Software\DriverTuner
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v37.0.1 (x86 de)
[elt3f1yd.default\prefs.js] - Zeile Gelöscht : user_pref("HomeTab_6787.global.CurrentSearchEngineSelection", "US: United States of America");
[elt3f1yd.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
[elt3f1yd.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Web Search");
[elt3f1yd.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[ke0biu73.default-1414579441767\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[ke0biu73.default-1414579441767\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
[ke0biu73.default-1414579441767\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[ke0biu73.default-1414579441767\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Web Search");
[066gruod.default\prefs.js] - Zeile Gelöscht : user_pref("HomeTab_6787.global.CurrentSearchEngineSelection", "US: United States of America");
[066gruod.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
[066gruod.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Web Search");
[066gruod.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[066gruod.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"toolbar_AVIRA-V7@apn.ask.com\":{\"d\":\"C:\\\\Users\\\\Konfigurator\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\066gruod.default\\\[...]
[Solo_583395\prefs.js] - Zeile Gelöscht : user_pref("HomeTab_6787.global.CurrentSearchEngineSelection", "US: United States of America");
[Solo_583395\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[Solo_583395\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
[Solo_583395\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[Solo_583395\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Web Search");
[n1y0m5xg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[n1y0m5xg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultengine", "Web Search");
[n1y0m5xg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[n1y0m5xg.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Web Search");
*************************
AdwCleaner[R0].txt - [5331 Bytes] - [13/04/2015 10:34:47]
AdwCleaner[S0].txt - [5131 Bytes] - [13/04/2015 10:36:53]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [5190 Bytes] ##########
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Home Premium x64
Ran by Konfigurator on 13.04.2015 at 14:09:35,50
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\Konfigurator\AppData\Roaming\mozilla\firefox\profiles\066gruod.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Users\Konfigurator\AppData\Roaming\mozilla\firefox\profiles\066gruod.default\prefs.js
user_pref("HomeTab_6787.global.DisplayRecentSearches", "true");
Emptied folder: C:\Users\Konfigurator\AppData\Roaming\mozilla\firefox\profiles\066gruod.default\minidumps [5 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.04.2015 at 14:11:43,21
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Konfigurator (administrator) on KONFIGURATOR-PC on 13-04-2015 14:16:11
Running from C:\Users\Allgemein\Desktop
Loaded Profiles: Konfigurator & Allgemein (Available profiles: Konfigurator & UpdatusUser & Allgemein & NEF)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13632216 2013-07-09] (Realtek Semiconductor)
HKLM\...\Run: [Nvtmru] => C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => E:\iTunes\iTunesHelper.exe [152544 2012-12-12] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [726320 2015-04-08] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\RunOnce: [Malwarebytes Anti-Malware (cleanup)] => C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe [54072 2015-03-17] (Malwarebytes Corporation)
HKU\S-1-5-21-1442246070-1792902156-347592443-1000\...\RunOnce: [Report] => \AdwCleaner\AdwCleaner[S1].txt [1095 2015-04-13] ()
HKU\S-1-5-21-1442246070-1792902156-347592443-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Ribbons.scr [241664 2010-11-20] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1442246070-1792902156-347592443-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1442246070-1792902156-347592443-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1442246070-1792902156-347592443-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:tabs
HKU\S-1-5-21-1442246070-1792902156-347592443-1007\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKU\S-1-5-21-1442246070-1792902156-347592443-1007\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-08-06] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-08-06] (Oracle Corporation)
Toolbar: HKU\S-1-5-21-1442246070-1792902156-347592443-1007 -> No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.3.103
Tcpip\..\Interfaces\{56739AD1-B7A8-40FC-B705-0340536B639E}: [NameServer] 192.168.0.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Konfigurator\AppData\Roaming\Mozilla\Firefox\Profiles\066gruod.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> E:\iTunes\Mozilla Plugins\npitunes.dll [2012-10-31] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-08-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-08-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2013-06-21] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\Konfigurator\AppData\Roaming\Mozilla\Firefox\Profiles\066gruod.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-01-11]
FF Extension: No Name - C:\Program Files (x86)\Web Check\WebCheck.xpi [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [815920 2015-04-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [434424 2015-04-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [434424 2015-04-08] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1004280 2015-04-08] (Avira Operations GmbH & Co. KG)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 ZOLL Data Retriever Service; C:\Program Files (x86)\ZOLL Data Systems\ZOLL Data Retriever\ZOLL Data Retriever Service.exe [34816 2013-07-18] (ZOLL Data Systems, Inc.) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-02-12] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-09-15] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-12] (Avira Operations GmbH & Co. KG)
S3 hcw88rc5; C:\Windows\System32\Drivers\hcw88rc5.sys [15872 2013-09-14] (Hauppauge Computer Works, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-13] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S2 PcCGoCls; \SystemRoot\System32\Drivers\PcCGoCls.sys [X]
S3 SANDRA; \??\C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP5\WNt500x64\Sandra.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-13 14:14 - 2015-04-13 14:16 - 00011144 _____ () C:\Users\Allgemein\Desktop\FRST.txt
2015-04-13 14:11 - 2015-04-13 14:12 - 00001121 _____ () C:\Users\Allgemein\Desktop\JRT.txt
2015-04-13 14:09 - 2015-04-13 14:09 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-KONFIGURATOR-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-13 14:09 - 2015-04-13 14:09 - 00000000 ____D () C:\RegBackup
2015-04-13 14:08 - 2015-04-13 14:08 - 00005272 _____ () C:\Users\Allgemein\Desktop\AdwCleaner[S0].txt
2015-04-13 10:34 - 2015-04-13 14:04 - 00000000 ____D () C:\AdwCleaner
2015-04-13 10:32 - 2015-04-13 10:32 - 00020999 _____ () C:\Users\Allgemein\Desktop\MBAM.txt
2015-04-13 10:29 - 2015-04-13 10:29 - 00001438 _____ () C:\Users\Konfigurator\Desktop\MBAM.txt
2015-04-13 10:10 - 2015-04-13 10:10 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-13 10:10 - 2015-04-13 10:10 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-13 10:10 - 2015-04-13 10:10 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-13 10:10 - 2015-04-13 10:10 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-13 10:10 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-13 10:10 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-13 10:10 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-13 10:09 - 2015-04-13 10:09 - 00002049 _____ () C:\Users\Allgemein\Desktop\anleitung.txt
2015-04-13 10:07 - 2015-04-13 10:07 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Allgemein\Desktop\mbam-setup-2.1.4.1018.exe
2015-04-13 10:07 - 2015-04-13 10:07 - 02686959 _____ (Thisisu) C:\Users\Allgemein\Desktop\JRT.exe
2015-04-13 10:07 - 2015-04-13 10:07 - 02217984 _____ () C:\Users\Allgemein\Desktop\AdwCleaner_4.201.exe
2015-04-10 18:29 - 2015-04-10 18:30 - 10207975 _____ () C:\Entfernung SoftwareUpdater.UI.zip
2015-04-10 16:39 - 2015-04-10 16:47 - 00000000 ____D () C:\Qoobox
2015-04-10 16:39 - 2015-04-10 16:46 - 00000000 ____D () C:\Windows\erdnt
2015-04-10 16:39 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-10 16:39 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-10 16:39 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-10 16:39 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-10 16:39 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-10 16:39 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-10 16:39 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-10 16:39 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-10 16:26 - 2015-04-10 16:26 - 00001264 _____ () C:\Users\Konfigurator\Desktop\Revo Uninstaller.lnk
2015-04-10 16:26 - 2015-04-10 16:26 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-10 13:01 - 2015-04-13 14:16 - 00000000 ____D () C:\FRST
2015-04-10 13:00 - 2015-04-10 13:00 - 02095616 _____ (Farbar) C:\Users\Allgemein\Desktop\FRST64.exe
2015-04-10 12:59 - 2015-04-10 12:59 - 00000000 _____ () C:\Users\Konfigurator\defogger_reenable
2015-04-10 12:57 - 2015-04-10 12:57 - 00050477 _____ () C:\Users\Allgemein\Downloads\Defogger.exe
2015-04-05 19:03 - 2015-04-10 16:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-04 14:05 - 2015-04-04 14:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 14:05 - 2015-04-04 14:05 - 00000000 ___SD () C:\Windows\system32\GWX
2015-03-24 21:40 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-24 21:40 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-24 21:40 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-24 21:40 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-24 21:40 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-24 21:40 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-24 21:40 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-24 21:40 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-14 16:06 - 2015-03-14 16:06 - 00000072 _____ () C:\Users\NEF\Downloads\2015-03-08-10-33-49_fixed(1).fit
2015-03-14 16:01 - 2015-03-14 16:01 - 00000072 _____ () C:\Users\NEF\Downloads\2015-03-08-10-33-49_fixed.fit
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-13 14:10 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-13 14:10 - 2009-07-14 06:45 - 00023168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-13 14:09 - 2013-01-05 10:52 - 01356475 _____ () C:\Windows\WindowsUpdate.log
2015-04-13 14:05 - 2013-09-14 17:45 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-13 14:05 - 2013-09-14 14:12 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-04-13 14:05 - 2013-01-05 21:21 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-04-13 14:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-13 14:05 - 2009-07-14 06:51 - 00173642 _____ () C:\Windows\setupact.log
2015-04-13 14:02 - 2013-09-14 17:45 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-13 14:02 - 2013-09-14 13:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-13 10:42 - 2009-07-14 19:58 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-04-13 10:42 - 2009-07-14 19:58 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-04-13 10:42 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-13 10:30 - 2013-01-05 18:21 - 00478880 _____ () C:\Windows\PFRO.log
2015-04-11 21:55 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2015-04-10 16:51 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-10 16:45 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-10 13:19 - 2014-09-25 09:56 - 00000000 ____D () C:\Users\NEF\AppData\Roaming\Avira
2015-04-10 12:59 - 2013-01-05 10:52 - 00000000 ____D () C:\Users\Konfigurator
2015-04-08 08:08 - 2014-09-16 08:37 - 00000000 ____D () C:\Users\Allgemein\AppData\Roaming\Avira
2015-04-08 08:08 - 2014-09-15 10:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-04-08 08:08 - 2013-01-05 18:19 - 00000000 ____D () C:\ProgramData\Avira
2015-04-08 08:06 - 2013-01-06 00:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-01 20:04 - 2013-09-14 12:59 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-25 12:40 - 2014-12-12 04:19 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-25 12:40 - 2014-05-11 10:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-20 20:35 - 2013-09-22 21:44 - 00000000 ____D () C:\Users\Allgemein\AppData\Local\Microsoft Games
2015-03-14 13:09 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-03-14 12:19 - 2009-07-14 06:45 - 00436024 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-14 12:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-14 12:17 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\Dism
Some content of TEMP:
====================
C:\Users\Allgemein\AppData\Local\temp\avgnt.exe
C:\Users\Konfigurator\AppData\Local\temp\Quarantine.exe
C:\Users\Konfigurator\AppData\Local\temp\sqlite3.dll
C:\Users\NEF\AppData\Local\temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-05 11:41
==================== End Of Log ============================
--- --- ---
Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Konfigurator at 2015-04-13 14:16:26
Running from C:\Users\Allgemein\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{CCE825DB-347A-4004-A186-5F4A6FDD8547}) (Version: 2.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}) (Version: 6.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4255 - CDBurnerXP)
Code (x32 Version: 5.5.4.42 - ZOLL Data Systems) Hidden
Code Review 5.5.4.42 (HKLM-x32\...\InstallShield_{C8E68B73-32DA-4DBB-A132-F535688F9B4E}) (Version: 5.5.4.42 - ZOLL Data Systems)
Free Driver Scout (HKLM-x32\...\{1e7e6e40-febe-4058-a85a-5a80722b86d7}) (Version: 1.0.0.141 - Covus Freemium)
Free Driver Scout (Version: 1.0.0.141 - Covus Freemium) Hidden
GeForce Experience NvStream Client Components (Version: 0.1.87 - NVIDIA Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
iTunes (HKLM\...\{0E5D76AD-A3FB-48D5-8400-8903B10317D3}) (Version: 11.0.1.12 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 37.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 37.0.1 (x86 de)) (Version: 37.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPlayer für Windows (HKLM-x32\...\{97D341C8-B0D1-4E4A-A49A-C30B52F168E9}) (Version: 2013-06-29 - The MPlayer Team)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 320.49 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 320.49 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.6.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.6.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 320.49 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 320.49 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.24.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.24.2 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0604 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0604 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.5 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6971 - Realtek Semiconductor Corp.)
RescueNet Code Review SDK API (HKLM-x32\...\{56F7CAF7-D824-4663-A5E0-700CBEEF637C}) (Version: 6.18.63 - ZOLL)
Rett-Test 2.0 (HKLM-x32\...\{1469C28A-E3B1-4A04-AE12-4181A3DBCE47}_is1) (Version: - StorfingerIT)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
SHIELD Streaming (Version: 1.05.28 - NVIDIA Corporation) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
ZOLL Data Retriever (HKLM-x32\...\{383AC176-AC20-4FD6-AC03-D71B5CAC6274}) (Version: 6.17.58 - ZOLL)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
01-04-2015 20:31:10 Geplanter Prüfpunkt
04-04-2015 14:04:55 Windows Update
10-04-2015 16:27:50 Revo Uninstaller's restore point - HomeTab 4.4
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {02A6FC68-12DF-4ED0-9547-0439AA61B0BF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-14] (Google Inc.)
Task: {0A2459B6-58ED-49D5-B5CE-BF4FFE8BB791} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {0FD99D52-985C-43BE-ADD4-ECEC5F5B5474} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {57CB0B74-9546-4B08-9D43-3BB3E3412023} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {65D77789-8B04-4C09-8E2E-D185584FD56B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-14] (Google Inc.)
Task: {66C5ED21-6A7F-474D-A27E-92E32A1E6A80} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {B71D1DBB-000E-4626-ACE9-45071E7DBC98} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
2013-01-05 21:21 - 2013-06-21 12:23 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 14:13 - 2012-11-28 14:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1442246070-1792902156-347592443-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Konfigurator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
HKU\S-1-5-21-1442246070-1792902156-347592443-1007\Control Panel\Desktop\\Wallpaper -> C:\Users\Allgemein\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ApnTBMon => "C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe"
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "E:\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MPlayerForWindows_AutoUpdateV2 => "E:\MPlayer for Windows\Updater.exe" /L=1031 /AutoCheck
==================== Accounts: =============================
Administrator (S-1-5-21-1442246070-1792902156-347592443-500 - Administrator - Disabled)
Allgemein (S-1-5-21-1442246070-1792902156-347592443-1007 - Limited - Enabled) => C:\Users\Allgemein
Gast (S-1-5-21-1442246070-1792902156-347592443-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1442246070-1792902156-347592443-1002 - Limited - Enabled)
Konfigurator (S-1-5-21-1442246070-1792902156-347592443-1000 - Administrator - Enabled) => C:\Users\Konfigurator
NEF (S-1-5-21-1442246070-1792902156-347592443-1008 - Limited - Enabled) => C:\Users\NEF
UpdatusUser (S-1-5-21-1442246070-1792902156-347592443-1005 - Limited - Enabled) => C:\Users\UpdatusUser
==================== Faulty Device Manager Devices =============
Name: Intel(R) Turbo Boost Technology Driver
Description: Intel(R) Turbo Boost Technology Driver
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Intel
Service: Impcd
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: Netzwerkcontroller
Description: Netzwerkcontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz
Percentage of memory in use: 27%
Total physical RAM: 4087.12 MB
Available physical RAM: 2961.45 MB
Total Pagefile: 8172.42 MB
Available Pagefile: 6781.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:97.66 GB) (Free:42.71 GB) NTFS
Drive e: (Software) (Fixed) (Total:133.5 GB) (Free:132.64 GB) NTFS
Drive f: (Daten) (Fixed) (Total:700.26 GB) (Free:699.66 GB) NTFS
Drive g: (Sicherung) (Fixed) (Total:186.31 GB) (Free:186.22 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186.3 GB) (Disk ID: 90E390E3)
Partition 1: (Not Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 50E04F25)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=700.3 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=133.5 GB) - (Type=OF Extended)
==================== End Of Log ============================
|
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
