|
Adware.1Clickdownload in der Registrydatei Liste der Anhänge anzeigen (Anzahl: 2) Ich hatte in letzter Zeit oefters Probleme mit meinem Norton Antivirus, indem ich kurz nach einem Virusdaten Update nochmals ein Update gefahren bin. Jedesmal sah ich grosse Update Dateiemn von ueber 30 mbs. Ich fand das beunruhigend. Habe danach ein zweites Virenscanner Programm benutzt. Waehrend der Scan ist die Software wiederholt an einigen Stellen (file scans haengengeblieben. Waehrend der (ongoing scans ) wurden 5 Malware Programme auf der Registry angezeigt. Ich konnte auch keinen normalen scan fertigstellen. die blieben immer haengen. Habe dann auch Windows defender versucht, der aber die Malware nicht angezeigt hatte. Ein Screenshot der (during scan) Malwareanzeigen ist angeheftet. |
:hallo: Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das...:abklatsch:
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean :daumenhoc bekommst. Los geht's: Bitte Logs in den Thread posten. Falls nötig splitten.
|
Zitat:
# Database : 2016-12-23.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hans - HP # Running from : C:\Users\Hans\Downloads\AdwCleaner_6.041.exe # Mode: Scan # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** Service Found: swdumon ***** [ Folders ] ***** Folder Found: C:\Users\Hans\AppData\Local\PackageAware Folder Found: C:\Users\Hans\AppData\Local\slimware utilities inc Folder Found: C:\Users\Hans\AppData\Local\WhiteListing Folder Found: C:\Users\Hans\AppData\Local\SlimWare Utilities Inc Folder Found: C:\Users\Hans\AppData\LocalLow\HPAppData Folder Found: C:\Users\Hans\AppData\LocalLow\Inbox Toolbar Folder Found: C:\Users\Hans\AppData\LocalLow\Yahoo!\Companion Folder Found: C:\Users\Marbella\AppData\LocalLow\AVG Secure Search Folder Found: C:\Program Files\Common Files\Goobzo Folder Found: C:\ProgramData\SearchModule Folder Found: C:\ProgramData\Viewpoint Folder Found: C:\ProgramData\Application Data\SearchModule Folder Found: C:\ProgramData\Application Data\Viewpoint Folder Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar Folder Found: C:\Users\Public\Documents\Downloaded Installers Folder Found: C:\Program Files (x86)\Conduit Folder Found: C:\Program Files (x86)\driverupdate Folder Found: C:\Program Files (x86)\I Want This Folder Found: C:\Program Files (x86)\Viewpoint Folder Found: C:\Program Files (x86)\CompuClever Folder Found: C:\Program Files (x86)\DriverUpdate Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion Folder Found: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion Folder Found: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Files ] ***** File Found: C:\Users\Marbella\Desktop\YouTube Accelerator.lnk File Found: C:\Windows\SysNative\drivers\swdumon.sys File Found: C:\Users\Public\Desktop\eBay.lnk File Found: C:\ProgramData\uninstaller.exe File Found: C:\ProgramData\Application Data\uninstaller.exe File Found: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk File Found: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\invalidprefs.js File Found: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\searchplugins\bingp.xml File Found: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage File Found: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious keys found. ***** [ Shortcuts ] ***** Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk ( /showurl hxxp://toolbar.inbox.com/faq.aspx ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk ( /showurl hxxp://www.inbox.com/homepage.aspx?tbid=80114&iwk=253&lng=en ) Shortcut infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ( /showurl hxxp://toolbar.inbox.com/settings/settings.aspx?lng=en ) ***** [ Scheduled Tasks ] ***** No malicious task found. ***** [ Registry ] ***** Key Found: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar Key Found: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 Key Found: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib Key Found: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 Key Found: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar Key Found: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 Key Found: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Found: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Key Found: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Found: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Key Found: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Found: HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} Key Found: HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Found: HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} Key Found: HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} Key Found: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Found: HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} Key Found: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} Key Found: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Found: HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} Key Found: HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} Key Found: HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} Key Found: HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} Key Found: HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} Key Found: HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} Key Found: HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} Key Found: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Found: HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} Key Found: HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} Key Found: HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} Key Found: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} Key Found: HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} Key Found: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Found: HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} Key Found: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Found: HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} Key Found: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} Key Found: HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} Key Found: HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Key Found: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] Value Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}] Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] Value Found: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Found: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] Key Found: HKU\.DEFAULT\Software\Yahoo\Companion Key Found: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522216\Software\Yahoo\Companion Key Found: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531436\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Conduit Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\dsiteproducts Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\speedypc software Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\wecarereminder Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Crossrider Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Mp3Tube Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Conduit Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\dsiteproducts Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\speedypc software Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\wecarereminder Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Crossrider Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Mp3Tube Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Conduit Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\dsiteproducts Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Inbox Toolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\SlimWare Utilities Inc Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\speedypc software Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\wecarereminder Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\YFriendsBar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\YahooPartnerToolbar Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Crossrider Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Mp3Tube Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKU\S-1-5-18\Software\Yahoo\Companion Key Found: HKCU\Software\Conduit Key Found: HKCU\Software\dsiteproducts Key Found: HKCU\Software\Inbox Toolbar Key Found: HKCU\Software\SlimWare Utilities Inc Key Found: HKCU\Software\speedypc software Key Found: HKCU\Software\wecarereminder Key Found: HKCU\Software\Yahoo\Companion Key Found: HKCU\Software\Yahoo\YFriendsBar Key Found: HKCU\Software\YahooPartnerToolbar Key Found: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKCU\Software\AppDataLow\Software\Crossrider Key Found: HKCU\Software\AppDataLow\Software\Mp3Tube Key Found: HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. Key Found: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} Key Found: HKLM\SOFTWARE\AVG Security Toolbar Key Found: HKLM\SOFTWARE\CompeteInc Key Found: HKLM\SOFTWARE\Inbox Toolbar Key Found: HKLM\SOFTWARE\MetaStream Key Found: HKLM\SOFTWARE\SlimWare Utilities Inc Key Found: HKLM\SOFTWARE\speedypc software Key Found: HKLM\SOFTWARE\Viewpoint Key Found: HKLM\SOFTWARE\Yahoo\Companion Key Found: HKLM\SOFTWARE\systweak Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Key Found: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion Key Found: [x64] HKCU\Software\Conduit Key Found: [x64] HKCU\Software\dsiteproducts Key Found: [x64] HKCU\Software\Inbox Toolbar Key Found: [x64] HKCU\Software\SlimWare Utilities Inc Key Found: [x64] HKCU\Software\speedypc software Key Found: [x64] HKCU\Software\wecarereminder Key Found: [x64] HKCU\Software\Yahoo\Companion Key Found: [x64] HKCU\Software\Yahoo\YFriendsBar Key Found: [x64] HKCU\Software\YahooPartnerToolbar Key Found: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} Key Found: [x64] HKCU\Software\AppDataLow\Software\Crossrider Key Found: [x64] HKCU\Software\AppDataLow\Software\Mp3Tube Key Found: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion Key Found: [x64] HKLM\SOFTWARE\SearchModule Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites Key Found: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages Data Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language Data Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispa Data Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispa Data Found: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant] - hxxp://toolbar.inbox.com/search/ie.aspx?tbid=80364&lng=en Data Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] - hxxp://toolbar.inbox.com/help/sa_customize.aspx?tbid=80364 Data Found: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] - hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=%tb_id&%language Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01703C75-A7B5-4A8A-BE14-65262C860195} Key Found: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} Key Found: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} Key Found: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} Data Found: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - Safe\FastAndSafe_x64.dll Key Found: HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL Key Found: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Found: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Found: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox Key Found: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Found: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} Key Found: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} Key Found: HKLM\SOFTWARE\Classes\protocols\handler\inbox Key Found: HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Key Found: HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Found: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd Key Found: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "avg.install.extHomepage" - "hxxp://isearch.avg.com?pid=avg&sg=0&cid=%7Be98b0444-f66e-4d5e-b1b7-288909dd5639%7D&mid Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ li Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.crossrider.bic" - "1398d211988ed465331b1100ef487877" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.aflt" - "axl" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.autoRvrt" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.cntry" - "DE" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.cv" - "cv5" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.dfltLng" - "" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.dfltSrch" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.dnsErr" - true Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.envrmnt" - "production" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.excTlbr" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.hdrMd5" - "89307C2ED2A19BCBB7F870A65AF1D948" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.hmpg" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.hmpgUrl" - "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0 Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.id" - "1C659DFCCA6B6F72" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.instlDay" - "15549" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.instlRef" - "axl" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.isdcmntcmplt" - true Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.lastVrsnTs" - "1.5.23.2210:34:49" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.mntrvrsn" - "1.3.0" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.newTab" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.newTabUrl" - "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0 Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.pnu_base" - "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.prdct" - "funmoods" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.prtnrId" - "funmoods" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.sg" - "none" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.smplGrp" - "none" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.srchPrvdr" - "Search" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.tlbrId" - "base" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.tlbrSrchUrl" - "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0 Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.vrsn" - "1.5.23.22" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.vrsnTs" - "1.5.23.2210:34:49" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods.vrsni" - "1.5.23.22" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods_i.newTab" - false Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods_i.smplGrp" - "none" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.funmoods_i.vrsnTs" - "1.5.23.2210:34:49" Firefox pref Found: [C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\prefs.js] - "extensions.wecarereminder.merchHash" - "{\"AFFILIATES\":{\"1and1Internet\":{\"name\":\"1&1 Internet Inc.\",\"autor Firefox pref Found: [C:\Users\Marbella\AppData\Roaming\Mozilla\Firefox\Profiles\r9sh7yhe.default\prefs.js] - "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2" Firefox pref Found: [C:\Users\Marbella\AppData\Roaming\Mozilla\Firefox\Profiles\r9sh7yhe.default\prefs.js] - "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - search.conduit.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - inbox.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] - www-search.net Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - bbjciahceamgodcoidkjpchnokgfpphh Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - fcfenmboojpjinhpgggodefccipikbpd Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ndibdjnfmopecpmkdieinmbadjfpblof Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ojhagnahfpegocdhlopgljpaafeogmcc Chrome pref Found: [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - hxxp://www-search.net/?s=E59wlim0,e526baa3-d7d6-4508-9117-bb75c30553a2, Chrome pref Found: [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com Chrome pref Found: [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [39850 Bytes] - [24/12/2016 14:15:24] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39924 Bytes] ########### Updated on 16/12/2016 by Malwarebytes # Database : 2016-12-23.1 [Server] # Operating System : Windows 7 Home Premium Service Pack 1 (X64) # Username : Hans - HP # Running from : C:\Users\Hans\Downloads\AdwCleaner_6.041.exe # Mode: Clean # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** [-] Service deleted: swdumon ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Hans\AppData\Local\PackageAware [-] Folder deleted: C:\Users\Hans\AppData\Local\slimware utilities inc [-] Folder deleted: C:\Users\Hans\AppData\Local\WhiteListing [#] Folder deleted on reboot: C:\Users\Hans\AppData\Local\SlimWare Utilities Inc [-] Folder deleted: C:\Users\Hans\AppData\LocalLow\HPAppData [-] Folder deleted: C:\Users\Hans\AppData\LocalLow\Inbox Toolbar [-] Folder deleted: C:\Users\Hans\AppData\LocalLow\Yahoo!\Companion [-] Folder deleted: C:\Users\Marbella\AppData\LocalLow\AVG Secure Search [-] Folder deleted: C:\Program Files\Common Files\Goobzo [-] Folder deleted: C:\ProgramData\SearchModule [-] Folder deleted: C:\ProgramData\Viewpoint [#] Folder deleted on reboot: C:\ProgramData\Application Data\SearchModule [#] Folder deleted on reboot: C:\ProgramData\Application Data\Viewpoint [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar [-] Folder deleted: C:\Users\Public\Documents\Downloaded Installers [-] Folder deleted: C:\Program Files (x86)\Conduit [-] Folder deleted: C:\Program Files (x86)\driverupdate [-] Folder deleted: C:\Program Files (x86)\I Want This [-] Folder deleted: C:\Program Files (x86)\Viewpoint [-] Folder deleted: C:\Program Files (x86)\CompuClever [#] Folder deleted on reboot: C:\Program Files (x86)\DriverUpdate [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo! Companion [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Yahoo!\Companion [-] Folder deleted: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Files ] ***** [-] File deleted: C:\Users\Marbella\Desktop\YouTube Accelerator.lnk [-] File deleted: C:\Windows\SysNative\drivers\swdumon.sys [-] File deleted: C:\Users\Public\Desktop\eBay.lnk [-] File deleted: C:\ProgramData\uninstaller.exe [#] File deleted: C:\ProgramData\Application Data\uninstaller.exe [-] File deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk [-] File deleted: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\invalidprefs.js [-] File deleted: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default\searchplugins\bingp.xml [-] File deleted: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage [-] File deleted: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fcfenmboojpjinhpgggodefccipikbpd_0.localstorage-journal ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Help.lnk [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Inbox.com.lnk [!] Shortcut not deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Inbox Toolbar\Settings.lnk ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [-] Key deleted: HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary [-] Key deleted: HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [-] Key deleted: HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [-] Key deleted: HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFCtrl.AniGIF [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg.AniGIFPpg.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AniGIFPpg2.AniGIFPpg2.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.Protector.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1 [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar [#] Key deleted on reboot: [x64] HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1 [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{61AB12E1-A5FF-11D1-B2E9-444553540000} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{82351441-9094-11D1-A24B-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{6DC82D15-92F2-11D1-A255-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{28C3737A-32D1-492D-B76B-8D75EBBFB887} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{7697BC38-D0FA-454B-AC75-968B4CCABFCE} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{CE057E0D-2D7E-4DFF-A890-07BA69B8C762} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347} [-] Key deleted: HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{615E8AA1-6BB8-4A3D-A1CC-373194DB612C} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{CBEF8724-D080-4737-88DA-111EEC6651AA} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{82351433-9094-11D1-A24B-00A0C932C7DF} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{042DA63B-0933-403D-9395-B49307691690} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CCB69577-088B-4004-9ED8-FF5BCC83A039} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}] [-] Value deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{46897C77-E7A6-4C33-BFFB-E9C2E2718942}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] [-] Value deleted: HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D3D233D5-9F6D-436C-B6C7-E63F77503B30}] [-] Key deleted: HKU\.DEFAULT\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522216\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531436\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Conduit [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\dsiteproducts [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\wecarereminder [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\YFriendsBar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\YahooPartnerToolbar [#] Key deleted on reboot: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Crossrider [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Mp3Tube [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Conduit [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\dsiteproducts [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\wecarereminder [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Yahoo\YFriendsBar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\YahooPartnerToolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Crossrider [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Mp3Tube [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Conduit [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\dsiteproducts [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Inbox Toolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\SlimWare Utilities Inc [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\speedypc software [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\wecarereminder [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Yahoo\YFriendsBar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\YahooPartnerToolbar [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Crossrider [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Mp3Tube [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [#] Key deleted on reboot: HKU\S-1-5-18\Software\Yahoo\Companion [#] Key deleted on reboot: HKCU\Software\Conduit [#] Key deleted on reboot: HKCU\Software\dsiteproducts [#] Key deleted on reboot: HKCU\Software\Inbox Toolbar [#] Key deleted on reboot: HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: HKCU\Software\speedypc software [#] Key deleted on reboot: HKCU\Software\wecarereminder [#] Key deleted on reboot: HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: HKCU\Software\YahooPartnerToolbar [#] Key deleted on reboot: HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Crossrider [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Mp3Tube [#] Key deleted on reboot: HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: HKLM\SOFTWARE\SLIMWARE UTILITIES, INC. [-] Key deleted: HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B} [-] Key deleted: HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252} [-] Key deleted: HKLM\SOFTWARE\AVG Security Toolbar [-] Key deleted: HKLM\SOFTWARE\CompeteInc [-] Key deleted: HKLM\SOFTWARE\Inbox Toolbar [-] Key deleted: HKLM\SOFTWARE\MetaStream [-] Key deleted: HKLM\SOFTWARE\SlimWare Utilities Inc [-] Key deleted: HKLM\SOFTWARE\speedypc software [-] Key deleted: HKLM\SOFTWARE\Viewpoint [-] Key deleted: HKLM\SOFTWARE\Yahoo\Companion [-] Key deleted: HKLM\SOFTWARE\systweak [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [#] Key deleted on reboot: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1318442368-710658752-766906897-1000\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Conduit [#] Key deleted on reboot: [x64] HKCU\Software\dsiteproducts [#] Key deleted on reboot: [x64] HKCU\Software\Inbox Toolbar [#] Key deleted on reboot: [x64] HKCU\Software\SlimWare Utilities Inc [#] Key deleted on reboot: [x64] HKCU\Software\speedypc software [#] Key deleted on reboot: [x64] HKCU\Software\wecarereminder [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\Companion [#] Key deleted on reboot: [x64] HKCU\Software\Yahoo\YFriendsBar [#] Key deleted on reboot: [x64] HKCU\Software\YahooPartnerToolbar [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B} [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Crossrider [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Mp3Tube [#] Key deleted on reboot: [x64] HKCU\Software\AppDataLow\Software\Yahoo\Companion [-] Key deleted: [x64] HKLM\SOFTWARE\SearchModule [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Zip Opener Packages [-] Data restored: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant] [-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch] [-] Data restored: [x64] HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar] [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132522352\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [-] Key deleted: HKU\S-1-5-21-1318442368-710658752-766906897-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12232016132531802\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01703C75-A7B5-4A8A-BE14-65262C860195} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{55512205-CAB4-4644-8414-D4389B1F6324} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6} [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C4B41B3B-7C64-4E54-84D8-443E039042DC} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827} [-] Key deleted: [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7F4EFF06-7032-458e-AE16-1C1D8255C28A} [-] Data restored: [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] C:\PROGRA~3\Fast And [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escort.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortApp.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escortEng.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL [-] Key deleted: HKLM\SOFTWARE\Classes\PROTOCOLS\handler\inbox [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh [-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} [-] Key deleted: HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin [-] Key deleted: HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{0C95ABFE-4FB6-49DB-B22F-0E1F5FC4BEEC} [-] Key deleted: HKLM\SYSTEM\CurrentControlSet\Control\Class\{EEEFACB3-729F-4484-B66D-E7A7917BBFC1} [#] Key deleted on reboot: HKLM\SOFTWARE\Classes\protocols\handler\inbox [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [-] Key deleted: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh [-] Key deleted: HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [-] Key deleted: HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd [#] Key deleted on reboot: [x64] HKCU\Software\Google\Chrome\Extensions\fcfenmboojpjinhpgggodefccipikbpd ***** [ Web browsers ] ***** [-] Chrome preferences cleaned: "avg.install.extHomepage" - "hxxp://isearch.avg.com?pid=avg&sg=0&cid=%7Be98b0444-f66e-4d5e-b1b7-288909dd5639%7D&mid=2343eed3cec047d0b83ad14acce4e9e6-0ed8f22e15968ba224004fb8ab3114a5b5cd84b2&ds=ft011&coid=&cmpid=&v=18.1.0.443&lang=en&pr=sa&d=2012-07-28%2010%3A39%3A50&sap=hp" [-] Chrome preferences cleaned: "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\18.1.0.443" [-] Chrome preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com" [-] Chrome preferences cleaned: "extensions.crossrider.bic" - "1398d211988ed465331b1100ef487877" [-] Chrome preferences cleaned: "extensions.funmoods.aflt" - "axl" [-] Chrome preferences cleaned: "extensions.funmoods.autoRvrt" - false [-] Chrome preferences cleaned: "extensions.funmoods.cntry" - "DE" [-] Chrome preferences cleaned: "extensions.funmoods.cv" - "cv5" [-] Chrome preferences cleaned: "extensions.funmoods.dfltLng" - "" [-] Chrome preferences cleaned: "extensions.funmoods.dfltSrch" - false [-] Chrome preferences cleaned: "extensions.funmoods.dnsErr" - true [-] Chrome preferences cleaned: "extensions.funmoods.envrmnt" - "production" [-] Chrome preferences cleaned: "extensions.funmoods.excTlbr" - false [-] Chrome preferences cleaned: "extensions.funmoods.hdrMd5" - "89307C2ED2A19BCBB7F870A65AF1D948" [-] Chrome preferences cleaned: "extensions.funmoods.hmpg" - false [-] Chrome preferences cleaned: "extensions.funmoods.hmpgUrl" - "hxxp://start.funmoods.com/?f=1&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0C0AyC0ByC0FyBtBtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=950884659" [-] Chrome preferences cleaned: "extensions.funmoods.id" - "1C659DFCCA6B6F72" [-] Chrome preferences cleaned: "extensions.funmoods.instlDay" - "15549" [-] Chrome preferences cleaned: "extensions.funmoods.instlRef" - "axl" [-] Chrome preferences cleaned: "extensions.funmoods.isdcmntcmplt" - true [-] Chrome preferences cleaned: "extensions.funmoods.lastVrsnTs" - "1.5.23.2210:34:49" [-] Chrome preferences cleaned: "extensions.funmoods.mntrvrsn" - "1.3.0" [-] Chrome preferences cleaned: "extensions.funmoods.newTab" - false [-] Chrome preferences cleaned: "extensions.funmoods.newTabUrl" - "hxxp://start.funmoods.com/?f=2&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0C0AyC0ByC0FyBtBtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=950884659" [-] Chrome preferences cleaned: "extensions.funmoods.pnu_base" - "{\"newVrsn\":\"259\",\"lastVrsn\":\"259\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}" [-] Chrome preferences cleaned: "extensions.funmoods.prdct" - "funmoods" [-] Chrome preferences cleaned: "extensions.funmoods.prtnrId" - "funmoods" [-] Chrome preferences cleaned: "extensions.funmoods.sg" - "none" [-] Chrome preferences cleaned: "extensions.funmoods.smplGrp" - "none" [-] Chrome preferences cleaned: "extensions.funmoods.srchPrvdr" - "Search" [-] Chrome preferences cleaned: "extensions.funmoods.tlbrId" - "base" [-] Chrome preferences cleaned: "extensions.funmoods.tlbrSrchUrl" - "hxxp://start.funmoods.com/?f=3&a=axl&chnl=axl&cd=2XzuyEtN2Y1L1QzutC0CyCyDzy0D0F0C0C0AyC0ByC0FyBtBtN0D0Tzu0CtBtDzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=950884659&q=" [-] Chrome preferences cleaned: "extensions.funmoods.vrsn" - "1.5.23.22" [-] Chrome preferences cleaned: "extensions.funmoods.vrsnTs" - "1.5.23.2210:34:49" [-] Chrome preferences cleaned: "extensions.funmoods.vrsni" - "1.5.23.22" [-] Chrome preferences cleaned: "extensions.funmoods_i.newTab" - false [-] Chrome preferences cleaned: "extensions.funmoods_i.smplGrp" - "none" [-] Chrome preferences cleaned: "extensions.funmoods_i.vrsnTs" - "1.5.23.2210:34:49" [-] Chrome preferences cleaned: [-] Chrome preferences cleaned: "avg.install.installDirPath" - "C:\\ProgramData\\AVG Secure Search\\FireFoxExt\\15.5.0.2" [-] Chrome preferences cleaned: "avg.userPreferences.URLBarFocus.whiteList" - "bing\\.com google\\.\\w+ yahoo\\.\\w+ gmail\\.\\w+ hotmail\\.\\w+ live\\.\\w+ isearch\\.avg\\.com mysearch\\.avg\\.com" [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: inbox.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: trovi.search [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: www-search.net [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: bbjciahceamgodcoidkjpchnokgfpphh [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: booedmolknjekdopkepjjeckmjkdpfgl [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: fcfenmboojpjinhpgggodefccipikbpd [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: flpcjncodpafbgdpnkljologafpionhb [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ndibdjnfmopecpmkdieinmbadjfpblof [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: ojhagnahfpegocdhlopgljpaafeogmcc [-] [C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default] [homepage] Deleted: hxxp://www-search.net/?s=E59wlim0,e526baa3-d7d6-4508-9117-bb75c30553a2, [-] [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com [-] [C:\Users\Marbella\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com ************************* :: "Tracing" keys deleted :: Winsock settings cleared :: Proxy settings cleared :: IE policies deleted :: Chrome policies deleted ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [38889 Bytes] - [24/12/2016 14:22:43] C:\AdwCleaner\AdwCleaner[S0].txt - [40184 Bytes] - [24/12/2016 14:15:24] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [39037 Bytes] ########## AdwCleaner Logfile: Code: # AdwCleaner v6.041 - Logfile created 24/12/2016 at 15:11:44Vielen Dank fuer Deine Hilfe Juergen. vielen Dank nochmals Jürgen. Ich werde eine 25 Euro Spende an den Board schicken! |
Zitat:
Die eigentliche Anweisung war aber, dass Du die FRST-Logs in Code-Tags posten sollst. ;) Aber egal, schauen wir jetzt nach: Schritt 1 http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...e/frst/sn1.PNG Bitte starte FRST erneut, markiere auch die checkbox http://deeprybka.trojaner-board.de/b...t/addition.pngund drücke auf Untersuchen. Bitte poste mir den Inhalt der beiden Logs die erstellt werden. |
Ran by Hans (administrator) on HP (26-12-2016 12:35:24) Running from C:\Users\Hans\Desktop\FRST64CODE Loaded Profiles: Hans (Available Profiles: Hans & Marbella) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (© 2015 Microsoft Corporation) C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-17] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [Google Update] => C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [BingSvc] => C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-18] (Siber Systems) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: F - F:\pushinst.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {bd328fcb-9d1b-11e0-a5ab-9205c8b1b65b} - L:\ptcwidget.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {c95a38b6-541e-11e0-9bab-00038a000015} - L:\unlock.exe autoplay=true HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\PROGRA~3\Fast And => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-08-02] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-12-26] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0A139030-988A-4C2A-B5FD-3F4310FE5301}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1F0712D9-332F-4E95-B24F-B1360ECDCEC0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{28611991-9E63-4AAC-89C9-43D22A3DF324}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{299E30CD-576C-419B-93F6-8239956DA413}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6456FE51-6AB2-4C05-9B9E-4C2402539CAB}: [DhcpNameServer] 66.174.71.33 66.174.95.44 Tcpip\..\Interfaces\{7936B5D6-90BA-4A5C-BCC1-F1E14C260FB5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{86A2C942-097A-4DFC-A33F-7EB736A8FF7C}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Tcpip\..\Interfaces\{88221D92-98E0-427C-AB1D-81121567033F}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{8DD16FC0-FFC4-4201-AE70-6240344B8421}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/ HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {27DEDF55-0D6D-43B1-ACE2-882D2407E616} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS445 SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {822B8BEE-AD0F-478D-BBF2-7BE9A8C7CA4F} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default [2015-08-30] FF Extension: (Emulator) - C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default\Extensions\Navcore.9.151.605385@tomtom.com [2011-08-20] [not signed] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-08-30] [not signed] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Scendix Software\Fax\Profiles\t825lh6t.default [2015-12-10] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default [2016-12-25] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF ProfilePath: C:\Users\Hans\AppData\Roaming\Marmiko IT-Solutions GmbH\Browser 7\Profiles\gsljnzx8.default [2015-01-25] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-12-18] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-12-18] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-21] [not signed] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (Skype Toolbars) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Hans\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC) CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2016-12-24] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Skype) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-20] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-16] CHR Extension: (Norton Safe) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05] CHR Extension: (RoboForm Password Manager) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-13] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hans\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-15] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8274576 2014-10-31] () R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-11-08] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060352 2010-11-08] () [File not signed] R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [485376 2010-11-08] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-12-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-14] (Symantec Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161223.002\IDSvia64.sys [1038032 2016-12-13] (Symantec Corporation) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-26] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-26] (Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed] S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-07] (CACE Technologies) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2016-12-22] (Riverbed Technology, Inc.) R3 pwftap; C:\Windows\System32\DRIVERS\pwftap.sys [36736 2013-09-02] (The OpenVPN Project) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-07] (Realtek Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-24 17:43 - 2016-12-22 11:06 - 00295936 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopcap.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00078336 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopacket.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00036496 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Drivers\npf_devolo.sys 2016-12-24 15:05 - 2016-12-24 15:05 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041(1).exe 2016-12-24 14:49 - 2016-12-24 14:49 - 00017499 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041(2).exe 2016-12-24 14:33 - 2016-12-24 14:33 - 00039297 _____ C:\Users\Hans\Desktop\AdwCleaner[C0].txt 2016-12-24 14:08 - 2016-12-24 15:21 - 00000000 ____D C:\AdwCleaner 2016-12-24 14:06 - 2016-12-24 14:06 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041.exe 2016-12-24 13:58 - 2016-12-24 13:58 - 00000283 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041.exe.URL 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Documents\FRST.txt 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST - Copy.txt 2016-12-23 15:13 - 2016-12-26 12:35 - 00000000 ____D C:\Users\Hans\Desktop\FRST64CODE 2016-12-23 14:34 - 2016-12-26 12:35 - 00000000 ____D C:\FRST 2016-12-23 14:34 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST.txt 2016-12-23 14:30 - 2016-10-26 16:29 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-12-22 18:49 - 2016-12-22 18:57 - 00002704 _____ C:\Users\Hans\Desktop\Rkill.txt 2016-12-22 18:47 - 2016-12-22 18:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hans\Downloads\rkill.exe 2016-12-21 22:53 - 2016-12-21 22:53 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-cb.NT-3.0.5.1299.exe 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Marbella\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Hans\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00000010 _____ C:\Windows\msoffice.ini 2016-12-21 21:34 - 2016-12-21 21:35 - 00000000 ____D C:\Users\Hans\Desktop\AOL Saved PFC 2016-12-21 18:10 - 2016-12-21 18:10 - 00001053 _____ C:\Users\Hans\Desktop\MALWARE REPORT 21122016.txt 2016-12-21 15:05 - 2016-12-26 12:22 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-21 15:05 - 2016-12-21 15:05 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-21 15:04 - 2016-12-26 12:21 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-21 15:04 - 2016-12-23 10:59 - 00001877 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-21 15:04 - 2016-12-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-21 15:04 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-21 14:59 - 2016-12-21 14:59 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-18 16:23 - 2016-12-18 16:23 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-12-18 16:23 - 2016-12-18 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-12-18 16:20 - 2016-12-18 16:20 - 00000000 ____D C:\Program Files\iPod 2016-12-18 15:15 - 2016-12-18 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2016-12-18 15:09 - 2016-12-18 15:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-12-18 13:11 - 2016-12-22 13:11 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHans 2016-12-18 13:11 - 2016-12-22 13:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHans.job 2016-12-18 12:13 - 2016-12-18 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-14 20:56 - 2016-12-18 15:09 - 00002108 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-12-14 20:08 - 2016-12-23 10:59 - 00572736 _____ C:\Windows\ntbtlog.txt 2016-12-14 18:58 - 2016-12-18 15:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-12-11 18:21 - 2016-12-11 18:21 - 00033593 _____ C:\Users\Hans\Downloads\SKM_554e16120814300.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto(1).pdf 2016-12-11 18:08 - 2016-12-11 18:08 - 00071409 _____ C:\Users\Hans\Downloads\82467005_2016_Nr.011_Kontoauszug_vom_30.11.2016_20161211060841.pdf 2016-12-11 15:14 - 2016-12-18 11:51 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-12-11 15:14 - 2016-12-18 11:51 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-12-11 15:14 - 2016-12-11 15:14 - 00000000 ____D C:\Program Files (x86)\Norton 360 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19.pdf 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19 (1).pdf 2016-12-10 15:11 - 2016-12-26 12:25 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-10 15:10 - 2016-12-10 15:10 - 00002099 _____ C:\Users\Public\Desktop\Norton Online Backup.lnk 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\Program Files (x86)\Symantec 2016-12-10 15:08 - 2016-12-10 15:08 - 12590864 _____ (Symantec Corporation) C:\Users\Hans\Downloads\NortonOnlineBackup.exe 2016-12-10 14:51 - 2016-12-10 14:51 - 00900344 _____ C:\Users\Hans\Desktop\Norton_Removal_Tool.exe 2016-12-10 14:49 - 2016-12-10 14:49 - 00860112 _____ (Igor Pavlov) C:\Users\Hans\Desktop\NortonMountPointRepairExtractor.exe 2016-12-05 22:39 - 2016-12-05 22:39 - 02103882 _____ C:\Users\Hans\Downloads\Instructions_on_setting_up_auto_epay.pdf 2016-12-04 18:13 - 2016-12-04 18:13 - 01615493 _____ C:\Users\Hans\Downloads\JotNot_12-03-2016.pdf 2016-12-04 14:38 - 2016-12-04 14:38 - 00361536 _____ C:\Users\Hans\Downloads\kopierer@uni.trier.de_20160825_105307(1).pdf 2016-12-02 17:45 - 2016-12-02 17:45 - 01136903 _____ C:\Users\Hans\Downloads\lika1478120034(1) (1).pdf 2016-12-02 16:05 - 2016-12-02 16:05 - 00001771 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2016-11-27 16:46 - 2016-11-27 16:46 - 00543669 _____ C:\Users\Hans\Downloads\Maria Sozialversicherung - 6 Jan 2015 - 15-49.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 12:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:28 - 2009-07-14 06:13 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-26 12:24 - 2015-08-15 18:15 - 00000000 ___RD C:\Users\Hans\Google Drive 2016-12-26 12:21 - 2013-06-08 16:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2016-12-26 12:21 - 2013-05-31 19:22 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2016-12-26 12:20 - 2013-02-02 22:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-12-26 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-26 12:19 - 2009-07-14 05:45 - 00355656 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism 2016-12-26 03:17 - 2012-07-26 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-25 19:03 - 2011-02-15 03:38 - 00000000 ____D C:\ProgramData\PDFC 2016-12-25 15:37 - 2016-11-22 20:03 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Mozilla 2016-12-25 15:03 - 2011-04-17 01:02 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps 2016-12-24 17:46 - 2016-02-17 09:53 - 00000000 ____D C:\Program Files (x86)\devolo 2016-12-24 14:15 - 2011-04-22 16:07 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Yahoo! 2016-12-24 14:02 - 2014-03-15 23:48 - 00000000 ____D C:\Users\Hans\Documents\Snipping Tool 2016-12-24 14:00 - 2015-07-31 10:07 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-12-22 18:36 - 2015-03-08 09:55 - 00000000 ____D C:\Users\Hans\Downloads\PL2303_Prolific_DriverInstaller_v1_10_0_20140925 2016-12-22 18:15 - 2014-04-08 00:52 - 00000000 ____D C:\Users\Hans\AppData\Local\TB 2016-12-22 16:04 - 2014-11-06 00:43 - 00000000 ____D C:\Program Files\Wondershare 2016-12-21 21:55 - 2011-03-19 22:25 - 00000000 ____D C:\ProgramData\AOL Downloads 2016-12-21 21:36 - 2011-03-19 22:32 - 00000000 ____D C:\Users\Hans\AppData\Local\AOL 2016-12-21 21:35 - 2014-09-27 18:03 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads 2016-12-21 21:35 - 2011-03-19 22:34 - 00000000 ____D C:\Users\Hans\AppData\Roaming\AOL 2016-12-21 21:35 - 2011-03-19 22:31 - 00000000 ____D C:\ProgramData\AOL 2016-12-18 16:23 - 2014-03-15 15:35 - 00000000 ____D C:\Program Files\iTunes 2016-12-18 16:20 - 2011-04-17 01:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-12-18 15:09 - 2015-05-09 15:53 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2016-12-18 15:05 - 2016-10-15 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-18 13:18 - 2012-07-26 23:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-18 13:18 - 2012-04-09 23:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-18 13:18 - 2011-05-14 22:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-18 13:17 - 2011-10-23 02:51 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-18 13:17 - 2011-02-15 03:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-18 11:59 - 2016-04-09 14:26 - 00004130 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2016-12-18 11:59 - 2012-06-15 21:37 - 00003478 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2016-12-18 11:59 - 2011-10-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-12-18 11:59 - 2011-08-23 02:47 - 00002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 11:59 - 2011-08-23 02:47 - 00002058 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001929 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001927 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001917 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-18 11:38 - 2015-08-15 17:35 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA 2016-12-18 11:38 - 2015-08-15 17:35 - 00003230 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core 2016-12-18 11:38 - 2011-08-17 23:29 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 11:38 - 2011-08-17 23:29 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-18 11:27 - 2009-07-14 06:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-14 20:42 - 2011-09-04 17:52 - 00000000 ____D C:\Users\Hans\AppData\Local\NPE 2016-12-14 20:28 - 2015-12-22 13:03 - 00000000 ____D C:\NPE 2016-12-12 21:48 - 2011-02-15 03:52 - 00000000 ____D C:\ProgramData\Norton 2016-12-12 21:47 - 2015-05-09 15:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-12-11 17:28 - 2011-02-15 03:51 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-12-10 16:41 - 2011-08-17 23:29 - 00000000 ____D C:\Users\Hans\AppData\Local\Google 2016-12-10 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-12-04 22:57 - 2011-03-20 20:41 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype 2016-12-04 18:14 - 2012-10-03 23:52 - 00000000 ____D C:\Users\Hans\Documents\Marbella 2016-12-02 17:17 - 2011-04-23 15:43 - 00000000 ____D C:\Users\Hans\Documents\My Scans 2016-12-02 16:07 - 2015-07-26 18:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 16:06 - 2015-07-26 18:14 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-12-02 16:05 - 2016-09-25 12:21 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2016-12-02 16:05 - 2016-04-29 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-28 19:38 - 2011-03-20 20:40 - 00000000 ____D C:\ProgramData\Skype 2016-11-28 19:37 - 2011-03-20 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2011-06-19 20:08 - 2011-06-19 20:08 - 0001854 _____ () C:\Users\Hans\AppData\Roaming\GhostObjGAFix.xml 2014-01-12 01:44 - 2014-01-12 01:45 - 55694664 _____ (Igor Pavlov) C:\Users\Hans\AppData\Roaming\SUPRAUpdatePaket.exe 2014-01-27 00:16 - 2014-01-28 16:20 - 0000139 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG 2014-01-27 00:16 - 2014-01-28 16:20 - 0000005 _____ () C:\Users\Hans\AppData\Roaming\WBPU-TTL.DAT 2011-03-25 23:20 - 2014-11-01 17:01 - 0001370 _____ () C:\Users\Hans\AppData\Roaming\wklnhst.dat 2012-01-08 18:37 - 2015-08-19 17:43 - 0007598 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg 2015-03-07 15:09 - 2015-03-07 15:09 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-20 20:42 - 2011-03-20 20:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-03-19 23:18 - 2012-09-15 20:23 - 0004971 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Hans\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\Hans\AppData\Local\Temp\uninst.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-29 03:22 Ran by Hans (administrator) on HP (26-12-2016 12:35:24) Running from C:\Users\Hans\Desktop\FRST64CODE Loaded Profiles: Hans (Available Profiles: Hans & Marbella) Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (devolo AG) C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe (Garmin Ltd. or its subsidiaries) C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe () C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe (Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe (Roxio) C:\Program Files (x86)\Roxio\RoxioNow Player\RNowSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe (WDC) C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDFME\WDFME.exe () C:\Program Files (x86)\Western Digital\WD Smartware\Front Parlor\WDSC.exe () C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe (AMD) C:\Windows\System32\atieclxx.exe (Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\n360.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe () C:\Program Files (x86)\Private Communications\PRIVATE WiFi\PrivateWiFi.exe () C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe (Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe (© 2015 Microsoft Corporation) C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe (Siber Systems) C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Hewlett-Packard Co.) C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPNetworkCommunicatorCom.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1300570305\ee\aolsoftware.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe (Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe (Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [611896 2010-09-15] () HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.) HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1300570305\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.) HKLM-x32\...\Run: [HP Software Update] => c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2011-08-17] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [Google Update] => C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\GoogleUpdateCore.exe [601752 2016-12-18] (Google Inc.) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23818360 2016-11-30] (Google) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [BingSvc] => C:\Users\Hans\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110376 2016-12-18] (Siber Systems) HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [NoInstrumentation] 1 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Policies\Explorer: [HideSCAHealth] 0 HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: E - E:\Setup.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: F - F:\pushinst.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {bd328fcb-9d1b-11e0-a5ab-9205c8b1b65b} - L:\ptcwidget.exe HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\MountPoints2: {c95a38b6-541e-11e0-9bab-00038a000015} - L:\unlock.exe autoplay=true HKU\S-1-5-21-1318442368-710658752-766906897-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1407912 2016-11-29] (Garmin Ltd. or its subsidiaries) HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "C:\Windows\system32\config\systemprofile\AppData\Roaming\SearchProtect" HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE -> AppInit_DLLs: C:\PROGRA~3\Fast And => No File ShellIconOverlayIdentifiers: [ GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-11-30] (Google) ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\buShell.dll [2016-11-12] (Symantec Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2011-03-21] ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk [2015-08-02] ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) Startup: C:\Users\Hans\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk [2016-12-26] ShortcutTarget: Monitor Ink Alerts - HP Photosmart 7520 series (Network).lnk -> C:\Program Files\hp\HP Photosmart 7520 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{0A139030-988A-4C2A-B5FD-3F4310FE5301}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{1F0712D9-332F-4E95-B24F-B1360ECDCEC0}: [DhcpNameServer] 192.168.42.129 Tcpip\..\Interfaces\{28611991-9E63-4AAC-89C9-43D22A3DF324}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{299E30CD-576C-419B-93F6-8239956DA413}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{6456FE51-6AB2-4C05-9B9E-4C2402539CAB}: [DhcpNameServer] 66.174.71.33 66.174.95.44 Tcpip\..\Interfaces\{7936B5D6-90BA-4A5C-BCC1-F1E14C260FB5}: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{86A2C942-097A-4DFC-A33F-7EB736A8FF7C}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Tcpip\..\Interfaces\{88221D92-98E0-427C-AB1D-81121567033F}: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{8DD16FC0-FFC4-4201-AE70-6240344B8421}: [DhcpNameServer] 75.75.76.76 75.75.75.75 192.168.1.1 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=de&pid=N360&pvid=22.5.5.15 HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxps://www.google.com/ HKU\S-1-5-21-1318442368-710658752-766906897-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch SearchScopes: HKLM -> DefaultScope value is missing SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Comcast URL = hxxp://search.xfinity.com/?cat=subweb&con=mmchrome&q={searchTerms}&cid=xfstart_tech_search SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {27DEDF55-0D6D-43B1-ACE2-882D2407E616} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms}&rlz=1I7ADRA_enUS445 SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {822B8BEE-AD0F-478D-BBF2-7BE9A8C7CA4F} URL = hxxps://www.google.com/search?q={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://www.bing.com/search?FORM=SKY2DF&PC=SKY2&q={searchTerms}&src=IE-SearchBox SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms} SearchScopes: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = hxxp://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2016-07-21] (HP Inc.) BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.7.0.11\IPS\IPSBHO.DLL => No File BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-08] (Oracle Corporation) BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-07-21] (HP Inc.) BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.) Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-16] (Microsoft Corporation.) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-05-01] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\coIEPlg.dll [2016-11-12] (Symantec Corporation) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2016-12-18] (Siber Systems Inc.) Toolbar: HKU\S-1-5-21-1318442368-710658752-766906897-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-05-01] (Google Inc.) DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection2.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2016-09-23] (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default [2015-08-30] FF Extension: (Emulator) - C:\Users\Hans\AppData\Roaming\TomTom\HOME\Profiles\0mgktzer.default\Extensions\Navcore.9.151.605385@tomtom.com [2011-08-20] [not signed] FF Extension: (Map status indicator) - C:\Program Files (x86)\TomTom HOME 2\xul\extensions\MapShare-status@tomtom.com [2015-08-30] [not signed] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Scendix Software\Fax\Profiles\t825lh6t.default [2015-12-10] FF ProfilePath: C:\Users\Hans\AppData\Roaming\Mozilla\Firefox\Profiles\03h04r0h.default [2016-12-25] FF DefaultSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SearchEngineOrder.3: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF SelectedSearchEngine: Mozilla\Firefox\Profiles\03h04r0h.default -> Bing FF ProfilePath: C:\Users\Hans\AppData\Roaming\Marmiko IT-Solutions GmbH\Browser 7\Profiles\gsljnzx8.default [2015-01-25] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Java Console) - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2016-12-18] [not signed] FF Extension: (Skype Click to Call) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2016-12-18] [not signed] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF Extension: (Norton Security Toolbar) - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon [2016-12-18] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.2.15\coFFAddon FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Extension: (RoboForm Toolbar) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi [2016-12-18] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF Extension: (HP Smart Web Printing) - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011-03-21] [not signed] FF HKU\S-1-5-21-1318442368-710658752-766906897-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox\roboform.xpi FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_24_0_0_186.dll [2016-12-18] () FF Plugin: @microsoft.com/GENUINE -> disabled [No File] FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_24_0_0_186.dll [2016-12-18] () FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2016-10-06] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-07-11] (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-08] (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-10-01] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Hans\AppData\Local\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin HKU\S-1-5-21-1318442368-710658752-766906897-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Hans\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-02-24] (Unity Technologies ApS) Chrome: ======= CHR HomePage: Default -> hxxps://www.google.com/ CHR StartupUrls: Default -> "hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr CHR DefaultSearchKeyword: Default -> NortonSafe CHR DefaultSuggestURL: Default -> hxxps://ss-sym.search.ask.com/ss?q={searchTerms}&li=ff CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\pdf.dll => No File CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.99\gcswf32.dll => No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll => No File CHR Plugin: (RoboForm Plugin for Google Chrome/Opera/etc.) - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\plugin/rf-np-plugin.dll (Siber Systems Inc.) CHR Plugin: (Skype Toolbars) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll => No File CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll => No File CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File CHR Plugin: (MetaStream 3 Plugin) - C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll => No File CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll => No File CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Hans\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll => No File CHR Plugin: (Hulu Desktop) - C:\Windows\..\Users\Default\AppData\Local\HuluDesktop\instances\0.9.13.1\npHDPlg.dll (Hulu LLC) CHR Profile: C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default [2016-12-24] CHR Extension: (Google Drive) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-26] CHR Extension: (Norton Home Page for Chrome) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejbdobdndcjhdmljipngpeoekdinlohe [2016-03-24] CHR Extension: (Google Docs Offline) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18] CHR Extension: (Skype) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-10-20] CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-08-16] CHR Extension: (Norton Safe) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-09-10] CHR Extension: (Chrome Web Store Payments) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02] CHR Extension: (Chrome Media Router) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05] CHR Extension: (RoboForm Password Manager) - C:\Users\Hans\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2016-11-13] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [apdfllckaahabafndbhieahigkjlhalf] - C:\Users\Hans\AppData\Local\Google\Drive\user_default\apdfllckaahabafndbhieahigkjlhalf_live.crx [2015-08-15] CHR HKU\S-1-5-21-1318442368-710658752-766906897-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\Exts\Chrome.crx [2016-12-18] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-08] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-29] (Advanced Micro Devices, Inc.) [File not signed] R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.) R2 DevoloNetworkService; C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe [3883544 2016-12-22] (devolo AG) R2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [1029648 2016-11-29] (Garmin Ltd. or its subsidiaries) R2 GsServer; C:\Program Files\Siber Systems\GoodSync\gs-server.exe [8274576 2014-10-31] () R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed] R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.) R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed] R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes) R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.8.1.14\N360.exe [289080 2016-11-12] (Symantec Corporation) R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed] R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [4369680 2016-01-22] (Symantec Corporation) R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc) R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed] R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe [288256 2010-11-08] (WDC) [File not signed] R2 WDFME; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDFME\WDFME.exe [1060352 2010-11-08] () [File not signed] R2 WDSC; C:\Program Files (x86)\Western Digital\WD SmartWare\Front Parlor\WDSC.exe [485376 2010-11-08] () [File not signed] R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation) R2 WLANBelkinService; C:\Program Files (x86)\Belkin\F7D4101\V1\wlansrv.exe [36864 2009-12-28] () [File not signed] ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-04-29] (AVG Technologies) S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2013-12-17] (AVM Berlin) R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\BASHDefs\20161220.001\BHDrvx64.sys [1874136 2016-12-13] (Symantec Corporation) R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1608010.00E\ccSetx64.sys [174328 2016-06-02] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497368 2016-12-14] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156888 2016-12-14] (Symantec Corporation) R1 ESProtectionDriver; C:\Windows\system32\drivers\mbae64.sys [77416 2016-12-14] () S3 fwlanusb6; C:\Windows\System32\DRIVERS\fwlanusb6.sys [1327744 2014-03-27] (AVM GmbH) R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\IPSDefs\20161223.002\IDSvia64.sys [1038032 2016-12-13] (Symantec Corporation) R0 MBAMChameleon; C:\Windows\System32\drivers\MBAMChameleon.sys [176064 2016-12-21] (Malwarebytes) R3 MBAMFarflt; C:\Windows\system32\drivers\farflt.sys [102856 2016-12-26] (Malwarebytes) R3 MBAMProtection; C:\Windows\system32\drivers\mbam.sys [43968 2016-12-26] (Malwarebytes) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [250816 2016-12-26] (Malwarebytes) R3 MBAMWebProtection; C:\Windows\system32\drivers\mwac.sys [81696 2016-12-26] (Malwarebytes) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2011-05-10] (Apple Inc.) [File not signed] S3 NPF; C:\Windows\System32\drivers\NPF.sys [40464 2007-11-07] (CACE Technologies) R2 NPF_devolo; C:\Windows\sysWOW64\drivers\npf_devolo.sys [36496 2016-12-22] (Riverbed Technology, Inc.) R3 pwftap; C:\Windows\System32\DRIVERS\pwftap.sys [36736 2013-09-02] (The OpenVPN Project) S3 RTTEAMPT; C:\Windows\System32\DRIVERS\RtTeam620.sys [58512 2013-02-07] (Realtek Corporation) R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1608010.00E\SRTSP64.SYS [784624 2016-11-12] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1608010.00E\SRTSPX64.SYS [49400 2016-11-12] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1608010.00E\SYMEFASI64.SYS [1628888 2016-11-12] (Symantec Corporation) R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [100592 2016-12-18] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\N360x64\1608010.00E\Ironx64.SYS [289520 2016-11-12] (Symantec Corporation) R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1608010.00E\SYMNETS.SYS [567512 2016-11-12] (Symantec Corporation) S3 NAVENG; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\ENG64.SYS [X] S3 NAVEX15; \??\C:\Program Files (x86)\Norton 360\NortonData\22.5.2.15\Definitions\SDSDefs\20161214.002\EX64.SYS [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-24 17:43 - 2016-12-22 11:06 - 00295936 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopcap.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00078336 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\devolopacket.dll 2016-12-24 17:43 - 2016-12-22 11:06 - 00036496 _____ (Riverbed Technology, Inc.) C:\Windows\SysWOW64\Drivers\npf_devolo.sys 2016-12-24 15:05 - 2016-12-24 15:05 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041(1).exe 2016-12-24 14:49 - 2016-12-24 14:49 - 00017499 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041(2).exe 2016-12-24 14:33 - 2016-12-24 14:33 - 00039297 _____ C:\Users\Hans\Desktop\AdwCleaner[C0].txt 2016-12-24 14:08 - 2016-12-24 15:21 - 00000000 ____D C:\AdwCleaner 2016-12-24 14:06 - 2016-12-24 14:06 - 03977168 _____ C:\Users\Hans\Downloads\AdwCleaner_6.041.exe 2016-12-24 13:58 - 2016-12-24 13:58 - 00000283 _____ C:\Users\Hans\Desktop\AdwCleaner_6.041.exe.URL 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Documents\FRST.txt 2016-12-23 15:24 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST - Copy.txt 2016-12-23 15:13 - 2016-12-26 12:35 - 00000000 ____D C:\Users\Hans\Desktop\FRST64CODE 2016-12-23 14:34 - 2016-12-26 12:35 - 00000000 ____D C:\FRST 2016-12-23 14:34 - 2016-12-23 15:10 - 00091249 _____ C:\Users\Hans\Desktop\FRST.txt 2016-12-23 14:30 - 2016-10-26 16:29 - 00485032 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe 2016-12-22 18:49 - 2016-12-22 18:57 - 00002704 _____ C:\Users\Hans\Desktop\Rkill.txt 2016-12-22 18:47 - 2016-12-22 18:48 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Hans\Downloads\rkill.exe 2016-12-21 22:53 - 2016-12-21 22:53 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-cb.NT-3.0.5.1299.exe 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Marbella\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00001038 _____ C:\Users\Hans\Desktop\AOL Saved Files.lnk 2016-12-21 21:34 - 2016-12-21 21:35 - 00000010 _____ C:\Windows\msoffice.ini 2016-12-21 21:34 - 2016-12-21 21:35 - 00000000 ____D C:\Users\Hans\Desktop\AOL Saved PFC 2016-12-21 18:10 - 2016-12-21 18:10 - 00001053 _____ C:\Users\Hans\Desktop\MALWARE REPORT 21122016.txt 2016-12-21 15:05 - 2016-12-26 12:22 - 00102856 _____ (Malwarebytes) C:\Windows\system32\Drivers\farflt.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00081696 _____ (Malwarebytes) C:\Windows\system32\Drivers\mwac.sys 2016-12-21 15:05 - 2016-12-26 12:22 - 00043968 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys 2016-12-21 15:05 - 2016-12-21 15:05 - 00176064 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMChameleon.sys 2016-12-21 15:04 - 2016-12-26 12:21 - 00250816 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2016-12-21 15:04 - 2016-12-23 10:59 - 00001877 _____ C:\Users\Public\Desktop\Malwarebytes.lnk 2016-12-21 15:04 - 2016-12-23 10:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\ProgramData\Malwarebytes 2016-12-21 15:04 - 2016-12-21 15:04 - 00000000 ____D C:\Program Files\Malwarebytes 2016-12-21 15:04 - 2016-12-14 12:55 - 00077416 _____ C:\Windows\system32\Drivers\mbae64.sys 2016-12-21 14:59 - 2016-12-21 14:59 - 54199488 _____ (Malwarebytes ) C:\Users\Hans\Downloads\mb3-setup-consumer-3.0.5.1299.exe 2016-12-18 16:23 - 2016-12-18 16:23 - 00001755 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-12-18 16:23 - 2016-12-18 16:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-12-18 16:20 - 2016-12-18 16:20 - 00000000 ____D C:\Program Files\iPod 2016-12-18 15:15 - 2016-12-18 15:15 - 00000000 ____D C:\Windows\System32\Tasks\Norton 360 2016-12-18 15:09 - 2016-12-18 15:09 - 00003206 _____ C:\Windows\System32\Tasks\Norton WSC Integration 2016-12-18 13:11 - 2016-12-22 13:11 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForHans 2016-12-18 13:11 - 2016-12-22 13:11 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForHans.job 2016-12-18 12:13 - 2016-12-18 15:05 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-12-14 20:56 - 2016-12-18 15:09 - 00002108 _____ C:\Users\Public\Desktop\Norton 360.lnk 2016-12-14 20:08 - 2016-12-23 10:59 - 00572736 _____ C:\Windows\ntbtlog.txt 2016-12-14 18:58 - 2016-12-18 15:09 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360 2016-12-11 18:21 - 2016-12-11 18:21 - 00033593 _____ C:\Users\Hans\Downloads\SKM_554e16120814300.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto.pdf 2016-12-11 18:19 - 2016-12-11 18:19 - 00681846 _____ C:\Users\Hans\Downloads\Iban Mama Konto(1).pdf 2016-12-11 18:08 - 2016-12-11 18:08 - 00071409 _____ C:\Users\Hans\Downloads\82467005_2016_Nr.011_Kontoauszug_vom_30.11.2016_20161211060841.pdf 2016-12-11 15:14 - 2016-12-18 11:51 - 00100592 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 2016-12-11 15:14 - 2016-12-18 11:51 - 00008319 _____ C:\Windows\system32\Drivers\SYMEVENT64x86.CAT 2016-12-11 15:14 - 2016-12-11 15:14 - 00000000 ____D C:\Program Files (x86)\Norton 360 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19.pdf 2016-12-10 15:43 - 2016-12-10 15:43 - 00084162 _____ C:\Users\Hans\Downloads\19 (1).pdf 2016-12-10 15:11 - 2016-12-26 12:25 - 00000000 ____D C:\ProgramData\boost_interprocess 2016-12-10 15:10 - 2016-12-10 15:10 - 00002099 _____ C:\Users\Public\Desktop\Norton Online Backup.lnk 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup 2016-12-10 15:10 - 2016-12-10 15:10 - 00000000 ____D C:\Program Files (x86)\Symantec 2016-12-10 15:08 - 2016-12-10 15:08 - 12590864 _____ (Symantec Corporation) C:\Users\Hans\Downloads\NortonOnlineBackup.exe 2016-12-10 14:51 - 2016-12-10 14:51 - 00900344 _____ C:\Users\Hans\Desktop\Norton_Removal_Tool.exe 2016-12-10 14:49 - 2016-12-10 14:49 - 00860112 _____ (Igor Pavlov) C:\Users\Hans\Desktop\NortonMountPointRepairExtractor.exe 2016-12-05 22:39 - 2016-12-05 22:39 - 02103882 _____ C:\Users\Hans\Downloads\Instructions_on_setting_up_auto_epay.pdf 2016-12-04 18:13 - 2016-12-04 18:13 - 01615493 _____ C:\Users\Hans\Downloads\JotNot_12-03-2016.pdf 2016-12-04 14:38 - 2016-12-04 14:38 - 00361536 _____ C:\Users\Hans\Downloads\kopierer@uni.trier.de_20160825_105307(1).pdf 2016-12-02 17:45 - 2016-12-02 17:45 - 01136903 _____ C:\Users\Hans\Downloads\lika1478120034(1) (1).pdf 2016-12-02 16:05 - 2016-12-02 16:05 - 00001771 _____ C:\Users\Public\Desktop\Garmin Express.lnk 2016-11-27 16:46 - 2016-11-27 16:46 - 00543669 _____ C:\Users\Hans\Downloads\Maria Sozialversicherung - 6 Jan 2015 - 15-49.pdf ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-26 12:33 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\tracing 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:32 - 2009-07-14 05:45 - 00015792 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2016-12-26 12:28 - 2009-07-14 06:13 - 00006230 _____ C:\Windows\system32\PerfStringBackup.INI 2016-12-26 12:24 - 2015-08-15 18:15 - 00000000 ___RD C:\Users\Hans\Google Drive 2016-12-26 12:21 - 2013-06-08 16:26 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job 2016-12-26 12:21 - 2013-05-31 19:22 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2016-12-26 12:20 - 2013-02-02 22:36 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2016-12-26 12:19 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2016-12-26 12:19 - 2009-07-14 05:45 - 00355656 _____ C:\Windows\system32\FNTCACHE.DAT 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\Dism 2016-12-26 03:19 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\Dism 2016-12-26 03:17 - 2012-07-26 23:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2016-12-25 19:03 - 2011-02-15 03:38 - 00000000 ____D C:\ProgramData\PDFC 2016-12-25 15:37 - 2016-11-22 20:03 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Mozilla 2016-12-25 15:03 - 2011-04-17 01:02 - 00000000 ____D C:\Users\Hans\AppData\Local\CrashDumps 2016-12-24 17:46 - 2016-02-17 09:53 - 00000000 ____D C:\Program Files (x86)\devolo 2016-12-24 14:15 - 2011-04-22 16:07 - 00000000 ____D C:\Users\Hans\AppData\LocalLow\Yahoo! 2016-12-24 14:02 - 2014-03-15 23:48 - 00000000 ____D C:\Users\Hans\Documents\Snipping Tool 2016-12-24 14:00 - 2015-07-31 10:07 - 00000000 ____D C:\Windows\System32\Tasks\Remediation 2016-12-22 18:36 - 2015-03-08 09:55 - 00000000 ____D C:\Users\Hans\Downloads\PL2303_Prolific_DriverInstaller_v1_10_0_20140925 2016-12-22 18:15 - 2014-04-08 00:52 - 00000000 ____D C:\Users\Hans\AppData\Local\TB 2016-12-22 16:04 - 2014-11-06 00:43 - 00000000 ____D C:\Program Files\Wondershare 2016-12-21 21:55 - 2011-03-19 22:25 - 00000000 ____D C:\ProgramData\AOL Downloads 2016-12-21 21:36 - 2011-03-19 22:32 - 00000000 ____D C:\Users\Hans\AppData\Local\AOL 2016-12-21 21:35 - 2014-09-27 18:03 - 00000000 ____D C:\Users\Public\Documents\AOL Downloads 2016-12-21 21:35 - 2011-03-19 22:34 - 00000000 ____D C:\Users\Hans\AppData\Roaming\AOL 2016-12-21 21:35 - 2011-03-19 22:31 - 00000000 ____D C:\ProgramData\AOL 2016-12-18 16:23 - 2014-03-15 15:35 - 00000000 ____D C:\Program Files\iTunes 2016-12-18 16:20 - 2011-04-17 01:09 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-12-18 15:09 - 2015-05-09 15:53 - 00000000 ____D C:\Windows\system32\Drivers\N360x64 2016-12-18 15:05 - 2016-10-15 09:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-12-18 13:18 - 2012-07-26 23:29 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2016-12-18 13:18 - 2012-04-09 23:04 - 00802904 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2016-12-18 13:18 - 2011-05-14 22:11 - 00144472 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2016-12-18 13:17 - 2011-10-23 02:51 - 00000000 ____D C:\Windows\system32\Macromed 2016-12-18 13:17 - 2011-02-15 03:15 - 00000000 ____D C:\Windows\SysWOW64\Macromed 2016-12-18 11:59 - 2016-04-09 14:26 - 00004130 _____ C:\Windows\System32\Tasks\Open URL by RoboForm 2016-12-18 11:59 - 2012-06-15 21:37 - 00003478 _____ C:\Windows\System32\Tasks\Run RoboForm TaskBar Icon 2016-12-18 11:59 - 2011-10-17 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm 2016-12-18 11:59 - 2011-08-23 02:47 - 00002070 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 11:59 - 2011-08-23 02:47 - 00002058 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001929 _____ C:\Users\Public\Desktop\Google Slides.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001927 _____ C:\Users\Public\Desktop\Google Sheets.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00001917 _____ C:\Users\Public\Desktop\Google Docs.lnk 2016-12-18 11:51 - 2015-08-15 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive 2016-12-18 11:38 - 2015-08-15 17:35 - 00003502 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000UA 2016-12-18 11:38 - 2015-08-15 17:35 - 00003230 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1318442368-710658752-766906897-1000Core 2016-12-18 11:38 - 2011-08-17 23:29 - 00003330 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2016-12-18 11:38 - 2011-08-17 23:29 - 00003202 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2016-12-18 11:27 - 2009-07-14 06:08 - 00032612 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2016-12-14 20:42 - 2011-09-04 17:52 - 00000000 ____D C:\Users\Hans\AppData\Local\NPE 2016-12-14 20:28 - 2015-12-22 13:03 - 00000000 ____D C:\NPE 2016-12-12 21:48 - 2011-02-15 03:52 - 00000000 ____D C:\ProgramData\Norton 2016-12-12 21:47 - 2015-05-09 15:55 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-12-11 17:28 - 2011-02-15 03:51 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-12-10 16:41 - 2011-08-17 23:29 - 00000000 ____D C:\Users\Hans\AppData\Local\Google 2016-12-10 10:40 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF 2016-12-04 22:57 - 2011-03-20 20:41 - 00000000 ____D C:\Users\Hans\AppData\Roaming\Skype 2016-12-04 18:14 - 2012-10-03 23:52 - 00000000 ____D C:\Users\Hans\Documents\Marbella 2016-12-02 17:17 - 2011-04-23 15:43 - 00000000 ____D C:\Users\Hans\Documents\My Scans 2016-12-02 16:07 - 2015-07-26 18:07 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-02 16:06 - 2015-07-26 18:14 - 00000000 ____D C:\Program Files (x86)\Garmin 2016-12-02 16:05 - 2016-09-25 12:21 - 00003554 _____ C:\Windows\System32\Tasks\GarminUpdaterTask 2016-12-02 16:05 - 2016-04-29 16:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin 2016-11-28 19:38 - 2011-03-20 20:40 - 00000000 ____D C:\ProgramData\Skype 2016-11-28 19:37 - 2011-03-20 20:40 - 00000000 ___RD C:\Program Files (x86)\Skype ==================== Files in the root of some directories ======= 2011-06-19 20:08 - 2011-06-19 20:08 - 0001854 _____ () C:\Users\Hans\AppData\Roaming\GhostObjGAFix.xml 2014-01-12 01:44 - 2014-01-12 01:45 - 55694664 _____ (Igor Pavlov) C:\Users\Hans\AppData\Roaming\SUPRAUpdatePaket.exe 2014-01-27 00:16 - 2014-01-28 16:20 - 0000139 _____ () C:\Users\Hans\AppData\Roaming\WB.CFG 2014-01-27 00:16 - 2014-01-28 16:20 - 0000005 _____ () C:\Users\Hans\AppData\Roaming\WBPU-TTL.DAT 2011-03-25 23:20 - 2014-11-01 17:01 - 0001370 _____ () C:\Users\Hans\AppData\Roaming\wklnhst.dat 2012-01-08 18:37 - 2015-08-19 17:43 - 0007598 _____ () C:\Users\Hans\AppData\Local\Resmon.ResmonCfg 2015-03-07 15:09 - 2015-03-07 15:09 - 0000057 _____ () C:\ProgramData\Ament.ini 2011-03-20 20:42 - 2011-03-20 20:42 - 0000056 ____H () C:\ProgramData\ezsidmv.dat 2011-03-19 23:18 - 2012-09-15 20:23 - 0004971 _____ () C:\ProgramData\hpzinstall.log Some files in TEMP: ==================== C:\Users\Hans\AppData\Local\Temp\RoboForm-Setup.exe C:\Users\Hans\AppData\Local\Temp\uninst.dll ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-09-29 03:22 |
Ist es so schwer die Anweisungen zu lesen? Addition.txt fehlt noch und bitte in Code-Tags.
|
Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 |
Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
|
FRST Logfile: Code: Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-12-2016 |
Code: Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 |
Jetzt bitte Suchscan durchführen: Schritt 1 ESET Online Scanner
|
Code: ESETSmartInstaller@High as downloader log:Hans Reiter |
Hallo Hans, der Scan war aber noch nicht fertig? |
Ich dachte er war fertig, von dem bildschrirm feedback. Ich werde es nochmal machen. |
Zitat:
|
Hallo Juergen, Der Scan dauerte sehr lange. Am Ende wurde ich aufgefordert, die ESET Software zu kaufen oder die 30 Tage kostenfreie Version runterzuladen. Ich hoffe in der Logdatei ist nun alles drin. Es gab 6 Bedrohungen. . Code: ESETSmartInstaller@High as downloader log:Code: ESETSmartInstaller@High as downloader log: |
Hallo Hans, Schritt 1 http://filepony.de/icon/frst.pnghttp://deeprybka.trojaner-board.de/b...e/frst/sn4.PNG Drücke bitte die http://deeprybka.trojaner-board.de/b...ne/revo/w7.png + R Taste und schreibe notepad in das Ausführen Fenster. Klicke auf OK und kopiere nun den Text aus der Codebox in das leere Textdokument: Code: CloseProcesses:
|
Code: Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016Code: Fix result of Farbar Recovery Scan Tool (x64) Version: 21-12-2016 |
http://www.trojaner-board.de/extra/lesestoff.pngGibt es jetzt noch Probleme mit dem PC? Wenn ja, welche? |
Nein, sonst scheint der PC in Ordnung zu sein. A |
Wenn Du den PC jetzt nochmal neu startest, kommt dann wieder die cmd? |
Nein, das Booten ging jetzt normal und cmd kam nicht mehr. LG Hans |
http://deeprybka.trojaner-board.de/b...ndeeprybka.gif Wir haben es geschafft! :abklatsch: Die Logs sehen für mich im Moment sauber aus. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...:dankeschoen:und/oder das Forum mit einer kleinen Spende http://www.trojaner-board.de/extra/spende.png unterstützen. :applaus: Es bleibt mir nur noch, Dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. ;) http://deeprybka.trojaner-board.de/b...cleanupneu.png Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde: http://deeprybka.trojaner-board.de/b.../combofix2.pngCombofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte http://filepony.de/icon/tiny/delfix.pngDelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. http://deeprybka.trojaner-board.de/b...ast/schild.png Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken (z.B. hier) in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein Antivirusprogramm mit Echtzeitscanner und stets aktueller Signaturendatenbank. Meine Kauf-Empfehlung: http://deeprybka.trojaner-board.de/eset/esetmd.png Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware scannen. Optional: http://filepony.de/icon/noscript.png NoScript verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. http://filepony.de/icon/malwarebytes_anti_exploit.pngMalwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen. Lade Software von einem sauberen Portal wie http://filepony.de/images/microbanner.gif. Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 00:17 Uhr. |
Copyright ©2000-2025, Trojaner-Board
