|
Logfiles - First / Addition ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.4 (10.06.2013:1) OS: Windows 7 Home Premium x64 Ran by ast on 10.10.2013 at 21:36:48,28 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully stopped: [Service] backupstack Successfully deleted: [Service] backupstack Failed to stop: [Service] update whilokii ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\dsiteproducts Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\esafeseccontrol Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\systweakasp_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\App Paths\mypc backup Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\openit open it! Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\UpdateTask_RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3BC70585-04B1-4BF3-BD1B-E829876E5EDA} ~~~ Files Successfully deleted: [File] C:\Windows\Tasks\digitalsite.job Successfully deleted: [File] "C:\Users\Public\Desktop\open it!.lnk" Successfully disinfected: [Shortcut] C:\Users\ast\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk Successfully disinfected: [Shortcut] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk Successfully disinfected: [Shortcut] C:\Users\ast\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer (64-bit).lnk Successfully disinfected: [Shortcut] C:\Users\ast\AppData\Roaming\microsoft\windows\start menu\Programs\Internet Explorer.lnk Successfully disinfected: [Shortcut] C:\Users\ast\AppData\Roaming\microsoft\windows\start menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk Successfully disinfected: [Shortcut] C:\Users\Public\Desktop\Mozilla Firefox.lnk Successfully repaired: [Shortcut] C:\Users\ast\desktop\Google Chrome.lnk Successfully repaired: [Shortcut] C:\Users\ast\desktop\Internet Explorer.lnk ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\babylon" Successfully deleted: [Folder] "C:\ProgramData\systweak" Successfully deleted: [Folder] "C:\Users\ast\AppData\Roaming\digitalsite" Successfully deleted: [Folder] "C:\Users\ast\AppData\Roaming\systweak" Successfully deleted: [Folder] "C:\Users\ast\appdata\local\cre" Successfully deleted: [Folder] "C:\Users\ast\appdata\locallow\datamngr" Successfully deleted: [Folder] "C:\Program Files (x86)\mypc backup" Successfully deleted: [Folder] "C:\Program Files (x86)\openit" Failed to delete: [Folder] "C:\Program Files (x86)\whilokii" Successfully deleted: [Folder] "C:\Program Files (x86)\zula games" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\advanced system protector" Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!" Successfully deleted: [Folder] "C:\Users\ast\AppData\Roaming\microsoft\windows\start menu\programs\mypc backup" Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{0E13E553-B5CA-4325-A48D-CC5E028C647A} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{3EF53EAC-E36D-47B4-B90D-CB7AD2DDD803} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{5AAA8B6B-728F-44A1-8C73-BD4E417FB9B7} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{88AADB4E-628B-4D25-AE47-B8BACC14F2B0} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{90577A27-CA8D-4749-989E-38C381A88BEA} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{94585348-AC8A-4E97-B9CD-F36FE663D3B3} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{CECE3C97-1DCC-453D-B10C-C15D14EC2B5F} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{DC5D295F-CEB7-4FBF-BF08-27674694FFAE} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{E0135D18-AEB8-4ECD-A5B3-FA56C61C1B60} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{E737E6BD-B760-4DDB-8034-CD6ED04EB35E} Successfully deleted: [Empty Folder] C:\Users\ast\appdata\local\{F5CFB573-2BD8-4824-B191-07057F280692} ~~~ FireFox Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml" Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\qvo6.xml" Successfully deleted: [File] C:\Users\ast\AppData\Roaming\mozilla\firefox\profiles\6eypn46a.default\user.js Successfully deleted: [Folder] C:\Users\ast\AppData\Roaming\mozilla\firefox\profiles\6eypn46a.default\extensions\ad80235d-5e5a-4a1d-a891-51b66a3e70f8@8f877d80-6977-415f-ac14-b52043838c19.com Successfully deleted: [Folder] C:\Users\ast\AppData\Roaming\mozilla\firefox\profiles\6eypn46a.default\extensions\{f9d03c26-0575-497e-821d-f7956d23e0ca} Successfully deleted the following from C:\Users\ast\AppData\Roaming\mozilla\firefox\profiles\6eypn46a.default\prefs.js user_pref("browser.search.defaultenginename", "qvo6"); user_pref("browser.search.selectedEngine", "qvo6"); user_pref("iminent.LayoutId", "1"); user_pref("iminent.ShowThankyouPixel", "0"); user_pref("iminent.displayFavLinks", "0"); user_pref("iminent.registerToolbarEvent102", "1381348345427"); user_pref("iminent.registerToolbarEvent109", "1380013889603"); user_pref("iminent.registerToolbarEvent111", "1380013889607"); user_pref("iminent.registerToolbarEvent112", "1380013893316"); user_pref("iminent.registerToolbarEvent122", "1380013889612"); user_pref("iminent.registerToolbarEvent140", "1381348570935"); user_pref("iminent.version", "7.41.2.1"); user_pref("iminent.versioning", "{\"CurrentVersion\":\"7.33.3.1\",\"InstallEventCTime\":1376561632719,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1381399156630}"); user_pref("iminent.webbooster.scripts.minibar.FavLinkSplitTestingClass", "v2"); user_pref("iminent.webbooster.scripts.minibar.LayoutId", "1"); user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar"); user_pref("iminent.webbooster.scripts.minibar.Services.BHPCode", "01"); user_pref("iminent.webbooster.scripts.minibar.Services.DefaultEvent", "000"); user_pref("iminent.webbooster.scripts.minibar.Services.DefaultWebSite", "000"); user_pref("iminent.webbooster.scripts.minibar.Services.IminentClientCode", "11"); user_pref("iminent.webbooster.scripts.minibar.Services.SmartFavCode", "02"); user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0"); user_pref("iminent.webbooster.scripts.minibar.displayFavLinks", "1"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent102", "1376220538823"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent109", "1373877040510"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent111", "1373877040515"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent112", "1373885312425"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent122", "1373877040519"); user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1374825903338"); user_pref("iminent.webbooster.scripts.sslminibar.FavLinkSplitTestingClass", "v1"); user_pref("iminent.webbooster.scripts.sslminibar.LayoutId", "1"); user_pref("iminent.webbooster.scripts.sslminibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar"); user_pref("iminent.webbooster.scripts.sslminibar.Services.BHPCode", "01"); user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultEvent", "000"); user_pref("iminent.webbooster.scripts.sslminibar.Services.DefaultWebSite", "000"); user_pref("iminent.webbooster.scripts.sslminibar.Services.IminentClientCode", "11"); user_pref("iminent.webbooster.scripts.sslminibar.Services.SmartFavCode", "02"); user_pref("iminent.webbooster.scripts.sslminibar.ShowThankyouPixel", "0"); user_pref("iminent.webbooster.scripts.sslminibar.displayFavLinks", "1"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent102", "1376220886210"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent109", "1376379607165"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent110", "1373875392677"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent111", "1376379607168"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent112", "1376379630818"); user_pref("iminent.webbooster.scripts.sslminibar.registerToolbarEvent122", "1376379607172"); Emptied folder: C:\Users\ast\AppData\Roaming\mozilla\firefox\profiles\6eypn46a.default\minidumps [738 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 10.10.2013 at 21:42:45,36 End of JRT log Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by ast (administrator) on HP-NOTEBOOK on 10-10-2013 21:46:06 Running from C:\Users\ast\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (IDT, Inc.) C:\Program Files\IDT\WDM\STacSV64.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe (Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Intel Corporation) C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe () C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (CyberLink) C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe (ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3\TMMonitor.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office\WINWORD.EXE (Microsoft Corporation) C:\Windows\splwow64.exe (Thisisu) C:\Users\ast\Downloads\JRT.exe (Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe (Whilokii) C:\Program Files (x86)\Whilokii\updateWhilokii.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] () HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2799912 2011-06-10] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-06-08] (IDT, Inc.) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1 HKCU\...\Run: [KiesHelper] - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [958352 2011-07-26] (Samsung) HKCU\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [3507088 2011-07-26] (Samsung Electronics Co., Ltd.) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [20880 2011-07-26] () HKCU\...\Policies\system: [DisableLockWorkstation] 0 HKCU\...\Policies\system: [DisableChangePassword] 0 HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-30] (Intel Corporation) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [38112 2012-12-18] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS) HKLM-x32\...\Run: [NWEReboot] - [x] HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvc.exe [107816 2010-08-03] (CyberLink) HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31072 2008-10-25] (Microsoft Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-09-02] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [PDFPrint] - C:\Program Files (x86)\PDF24\pdf24.exe [163000 2012-12-12] (Geek Software GmbH) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) AppInit_DLLs: [0 ] () Startup: C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (No File) ==================== Internet (Whitelisted) ==================== ProxyEnable: Internet Explorer proxy is enabled. HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=hp&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784 URLSearchHook: (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - No File StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784 SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784&type=default&q={searchTerms} SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=ds&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784&type=default&q={searchTerms} SearchScopes: HKLM - {3BC70585-04B1-4BF3-BD1B-E829876E5EDA} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) BHO-x32: TrueSuite Website Log On - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll No File BHO-x32: BonanzaDeals - {fe063412-bea4-4d76-8ed3-183be6220d17} - C:\Program Files (x86)\BonanzaDeals\BonanzaDealsIE.dll (BonanzaDeals) Toolbar: HKLM - No Name - !{3bbd3c14-4c16-4989-8366-95bc9179779d} - No File Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) Toolbar: HKLM-x32 - No Name - !{3bbd3c14-4c16-4989-8366-95bc9179779d} - No File Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No File Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [52920 2011-07-15] (EasyBits Software Corp.) ShellExecuteHooks-x32: - UPB:{B5A7F190-DDA6-4420-B3BA-52453494E6CD} - No File [ ] Tcpip\..\Interfaces\{1ECC3226-0A37-4BA8-BE6D-A31C31DA44E7}: [NameServer]193.189.250.101 193.189.250.100 FireFox: ======== FF ProfilePath: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml FF Homepage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=0E6760D819016974&affID=125035&tl=gkn542094&tsp=5031 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @java.com/DTPlugin,version=10.15.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.15.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF SearchPlugin: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\searchplugins\englische-ergebnisse.xml FF SearchPlugin: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\searchplugins\gmx-suche.xml FF SearchPlugin: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\searchplugins\lastminute.xml FF SearchPlugin: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\searchplugins\nch-de-customized-web-search.xml FF SearchPlugin: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\searchplugins\searchgol.xml FF SearchPlugin: C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\searchplugins\webde-suche.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: SearchGol - C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\Extensions\ffxtlbr@searchgol.com FF Extension: FoxLingo - C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\Extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66} FF Extension: FoxyDeal - C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\Extensions\{F58A62EB-38DC-43C4-A539-DC52E135208D} FF Extension: firefox - C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\Extensions\firefox@whilokii.net.xpi FF Extension: toolbar - C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\Extensions\toolbar@web.de.xpi FF Extension: zulagames - C:\Users\ast\AppData\Roaming\Mozilla\Firefox\Profiles\6eypn46a.default\Extensions\zulagames@ZulaGames.com.xpi FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\websitelogon@truesuite.com FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784 Chrome: ======= CHR HomePage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=0E6760D819016974&affID=125035&tl=gkn542094&tsp=5031 CHR RestoreOnStartup: "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=0E6760D819016974&affID=125035&tl=gkn542094&tsp=5031" CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\PepperFlash\pepflashplayer.dll () CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.69\pdf.dll () CHR Plugin: (Simple Pass 2011) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdhihajbmafmgilcciomnamcjfkdhikl\1.0_0\npwebsitelogon.dll No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (YouTube) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (Plus-HD-2.4) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\hojmbfiljpkaijkdifoaacbpallpfkkf\1.24.48_0 CHR Extension: (BonanzaDeals) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieadcoanfjloocmfafkebdnfefmohngj\3.5.0.0_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\ast\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [hdhihajbmafmgilcciomnamcjfkdhikl] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx CHR HKLM-x32\...\Chrome\Extension: [iaimhpklononapfjngelgdokckfjekfc] - C:\Program Files (x86)\Whilokii\iaimhpklononapfjngelgdokckfjekfc.crx CHR StartMenuInternet: Google Chrome - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=WDCXWD5000BPVT-60HXZT3_WD-WXD1E71HAZX2HAZX2&ts=1381407784 ==================== Services (Whitelisted) ================= R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-09-02] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-09-02] (Avira Operations GmbH & Co. KG) S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-10] (BonanzaDeals) S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [148976 2013-10-10] (BonanzaDeals) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-04-17] () R2 Update Whilokii; C:\Program Files (x86)\Whilokii\updateWhilokii.exe [65304 2013-10-05] (Whilokii) S3 hpqwmiex; "C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe" [x] ==================== Drivers (Whitelisted) ==================== R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-09-02] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-21] (Avira Operations GmbH & Co. KG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) S3 STTub30; C:\Windows\System32\Drivers\STTub30.sys [44768 2009-04-14] (STM) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-10 21:46 - 2013-10-10 21:46 - 00000000 ____D C:\FRST 2013-10-10 21:44 - 2013-10-10 21:45 - 01954124 _____ (Farbar) C:\Users\ast\Downloads\FRST64.exe 2013-10-10 21:42 - 2013-10-10 21:42 - 00011448 _____ C:\Users\ast\Desktop\JRT.txt 2013-10-10 21:36 - 2013-10-10 21:36 - 01032220 _____ (Thisisu) C:\Users\ast\Downloads\JRT.exe 2013-10-10 21:36 - 2013-10-10 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-10 14:30 - 2013-10-10 14:30 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-10 14:30 - 2013-10-10 14:30 - 00000000 ____D C:\Users\ast\AppData\Roaming\Malwarebytes 2013-10-10 14:30 - 2013-10-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-10 14:30 - 2013-10-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-10 14:30 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-10-10 14:29 - 2013-10-10 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ast\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-10 14:27 - 2013-10-10 14:27 - 00001134 _____ C:\Users\ast\Desktop\Continue Zip Extractor Installation.lnk 2013-10-10 14:24 - 2013-10-10 14:24 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2013-10-10 14:23 - 2013-10-10 21:38 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-10-10 14:23 - 2013-10-10 21:29 - 00000916 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-10-10 14:23 - 2013-10-10 21:29 - 00000280 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-10-10 14:23 - 2013-10-10 21:28 - 00000920 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-10-10 14:23 - 2013-10-10 21:27 - 00000000 ____D C:\Program Files (x86)\searchgol 2013-10-10 14:23 - 2013-10-10 21:05 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-10-10 14:23 - 2013-10-10 21:05 - 00001426 _____ C:\Users\ast\Desktop\Registry kostenlos entrümpeln!.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00003916 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-10-10 14:23 - 2013-10-10 14:23 - 00003664 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-10-10 14:23 - 2013-10-10 14:23 - 00003386 _____ C:\Windows\System32\Tasks\EPUpdater 2013-10-10 14:23 - 2013-10-10 14:23 - 00003382 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-10 14:23 - 2013-10-10 14:23 - 00003318 _____ C:\Windows\System32\Tasks\Advanced System Protector 2013-10-10 14:23 - 2013-10-10 14:23 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-10-10 14:23 - 2013-10-10 14:23 - 00001161 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00001047 _____ C:\Users\ast\Desktop\MyPC Backup.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00001010 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\Users\ast\AppData\Roaming\searchgol 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\Users\ast\AppData\Local\BonanzaDealsLive 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-10-10 14:23 - 2013-07-22 16:07 - 00020312 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe 2013-10-10 14:23 - 2012-07-25 12:03 - 00016896 _____ C:\Windows\system32\sasnative64.exe 2013-10-10 14:22 - 2013-10-10 14:22 - 00000000 ____D C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-10-10 14:22 - 2013-10-10 14:22 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-10-10 13:23 - 2013-10-10 13:23 - 00000000 ____D C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF-to-Word 2013-10-10 13:22 - 2013-10-10 13:22 - 00832598 _____ C:\Users\ast\Downloads\pdf2wordd(1).exe 2013-10-10 13:13 - 2013-10-10 13:13 - 00003132 _____ C:\Windows\System32\Tasks\{2F11BC40-9FE3-453B-A727-2904F9330E46} 2013-10-10 12:34 - 2013-10-10 12:34 - 100267706 _____ C:\Windows\SysWOW64\績殺Š 2013-10-10 12:10 - 2013-10-10 12:10 - 00008018 _____ C:\Users\ast\Desktop\attach.txt 2013-10-10 12:10 - 2013-10-10 12:09 - 00015258 _____ C:\Users\ast\Desktop\dds.txt 2013-10-10 12:07 - 2013-10-10 12:07 - 00700783 ____R (Swearware) C:\Users\ast\Downloads\dds+.exe 2013-10-10 11:57 - 2013-10-10 12:01 - 00000000 ____D C:\AdwCleaner 2013-10-10 11:55 - 2013-10-10 11:55 - 01048960 _____ C:\Users\ast\Downloads\adwcleaner.exe 2013-10-03 10:35 - 2013-10-03 10:35 - 98878632 _____ C:\Windows\SysWOW64\�崅D 2013-10-02 14:15 - 2013-10-04 16:16 - 00000000 ____D C:\AA-GoogleKamp 2013-10-01 11:01 - 2013-10-01 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-25 08:55 - 2013-09-25 08:55 - 97673008 _____ C:\Windows\SysWOW64\璉ꚾ* 2013-09-23 15:15 - 2013-09-23 15:30 - 01530894 _____ C:\Users\ast\Downloads\gps.apk 2013-09-23 09:08 - 2013-10-04 12:33 - 00000000 ____D C:\BremenWahl2013 2013-09-18 18:53 - 2013-10-04 11:04 - 00000000 ____D C:\AA-SAP 2013-09-11 11:21 - 2013-10-09 13:38 - 00000000 ____D C:\AA-Motion-Sensor ==================== One Month Modified Files and Folders ======= 2013-10-10 21:46 - 2013-10-10 21:46 - 00000000 ____D C:\FRST 2013-10-10 21:45 - 2013-10-10 21:44 - 01954124 _____ (Farbar) C:\Users\ast\Downloads\FRST64.exe 2013-10-10 21:42 - 2013-10-10 21:42 - 00011448 _____ C:\Users\ast\Desktop\JRT.txt 2013-10-10 21:42 - 2012-11-01 13:54 - 00001409 _____ C:\Users\ast\Desktop\Internet Explorer.lnk 2013-10-10 21:42 - 2012-11-01 12:45 - 00002215 _____ C:\Users\ast\Desktop\Google Chrome.lnk 2013-10-10 21:42 - 2012-09-18 20:16 - 00001090 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2013-10-10 21:42 - 2012-01-06 19:22 - 00001439 _____ C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-10-10 21:42 - 2012-01-06 19:22 - 00001405 _____ C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk 2013-10-10 21:38 - 2013-10-10 14:23 - 00000000 ____D C:\Program Files (x86)\Whilokii 2013-10-10 21:38 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-10-10 21:38 - 2009-07-14 06:45 - 00031856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-10-10 21:36 - 2013-10-10 21:36 - 01032220 _____ (Thisisu) C:\Users\ast\Downloads\JRT.exe 2013-10-10 21:36 - 2013-10-10 21:36 - 00000000 ____D C:\Windows\ERUNT 2013-10-10 21:34 - 2012-04-06 11:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-10-10 21:29 - 2013-10-10 14:23 - 00000916 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job 2013-10-10 21:29 - 2013-10-10 14:23 - 00000280 _____ C:\Windows\Tasks\RegClean Pro_UPDATES.job 2013-10-10 21:29 - 2012-12-09 19:20 - 00065536 _____ C:\Windows\system32\Ikeext.etl 2013-10-10 21:29 - 2012-10-16 15:39 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-10 21:29 - 2010-11-21 05:47 - 01018078 _____ C:\Windows\PFRO.log 2013-10-10 21:29 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-10-10 21:29 - 2009-07-14 06:51 - 00097129 _____ C:\Windows\setupact.log 2013-10-10 21:28 - 2013-10-10 14:23 - 00000920 _____ C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job 2013-10-10 21:28 - 2011-09-23 01:41 - 01738448 _____ C:\Windows\WindowsUpdate.log 2013-10-10 21:27 - 2013-10-10 14:23 - 00000000 ____D C:\Program Files (x86)\searchgol 2013-10-10 21:14 - 2012-10-16 15:39 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-10 21:05 - 2013-10-10 14:23 - 00003108 _____ C:\Windows\System32\Tasks\RegClean Pro 2013-10-10 21:05 - 2013-10-10 14:23 - 00001426 _____ C:\Users\ast\Desktop\Registry kostenlos entrümpeln!.lnk 2013-10-10 21:04 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\tracing 2013-10-10 14:30 - 2013-10-10 14:30 - 00001069 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2013-10-10 14:30 - 2013-10-10 14:30 - 00000000 ____D C:\Users\ast\AppData\Roaming\Malwarebytes 2013-10-10 14:30 - 2013-10-10 14:30 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-10-10 14:30 - 2013-10-10 14:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-10-10 14:29 - 2013-10-10 14:29 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\ast\Downloads\mbam-setup-1.75.0.1300.exe 2013-10-10 14:27 - 2013-10-10 14:27 - 00001134 _____ C:\Users\ast\Desktop\Continue Zip Extractor Installation.lnk 2013-10-10 14:24 - 2013-10-10 14:24 - 00003120 _____ C:\Windows\System32\Tasks\Advanced System Protector_startup 2013-10-10 14:23 - 2013-10-10 14:23 - 00003916 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA 2013-10-10 14:23 - 2013-10-10 14:23 - 00003664 _____ C:\Windows\System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore 2013-10-10 14:23 - 2013-10-10 14:23 - 00003386 _____ C:\Windows\System32\Tasks\EPUpdater 2013-10-10 14:23 - 2013-10-10 14:23 - 00003382 _____ C:\Windows\System32\Tasks\BonanzaDealsUpdate 2013-10-10 14:23 - 2013-10-10 14:23 - 00003318 _____ C:\Windows\System32\Tasks\Advanced System Protector 2013-10-10 14:23 - 2013-10-10 14:23 - 00003024 _____ C:\Windows\System32\Tasks\RegClean Pro_UPDATES 2013-10-10 14:23 - 2013-10-10 14:23 - 00001161 _____ C:\Users\Public\Desktop\Advanced System Protector.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00001047 _____ C:\Users\ast\Desktop\MyPC Backup.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00001010 _____ C:\Users\Public\Desktop\RegClean Pro.lnk 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\Users\ast\AppData\Roaming\searchgol 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\Users\ast\AppData\Local\BonanzaDealsLive 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\ProgramData\BonanzaDealsLive 2013-10-10 14:23 - 2013-10-10 14:23 - 00000000 ____D C:\Program Files (x86)\BonanzaDealsLive 2013-10-10 14:23 - 2012-01-06 19:22 - 00000000 ___RD C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-10 14:22 - 2013-10-10 14:22 - 00000000 ____D C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BonanzaDeals 2013-10-10 14:22 - 2013-10-10 14:22 - 00000000 ____D C:\Program Files (x86)\BonanzaDeals 2013-10-10 14:18 - 2012-11-26 11:09 - 00000000 ____D C:\A-Marketing 2013-10-10 13:23 - 2013-10-10 13:23 - 00000000 ____D C:\Users\ast\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PDF-to-Word 2013-10-10 13:22 - 2013-10-10 13:22 - 00832598 _____ C:\Users\ast\Downloads\pdf2wordd(1).exe 2013-10-10 13:13 - 2013-10-10 13:13 - 00003132 _____ C:\Windows\System32\Tasks\{2F11BC40-9FE3-453B-A727-2904F9330E46} 2013-10-10 12:34 - 2013-10-10 12:34 - 100267706 _____ C:\Windows\SysWOW64\績殺Š 2013-10-10 12:10 - 2013-10-10 12:10 - 00008018 _____ C:\Users\ast\Desktop\attach.txt 2013-10-10 12:09 - 2013-10-10 12:10 - 00015258 _____ C:\Users\ast\Desktop\dds.txt 2013-10-10 12:07 - 2013-10-10 12:07 - 00700783 ____R (Swearware) C:\Users\ast\Downloads\dds+.exe 2013-10-10 12:01 - 2013-10-10 11:57 - 00000000 ____D C:\AdwCleaner 2013-10-10 11:55 - 2013-10-10 11:55 - 01048960 _____ C:\Users\ast\Downloads\adwcleaner.exe 2013-10-10 09:34 - 2012-04-06 11:12 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-10-10 09:34 - 2012-04-06 11:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-10-10 09:34 - 2011-07-15 20:33 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-09 21:01 - 2012-01-06 19:18 - 00000000 ____D C:\Users\ast 2013-10-09 21:00 - 2012-02-14 12:43 - 00000000 ____D C:\Windows\system32\Macromed 2013-10-09 21:00 - 2012-02-07 23:24 - 00000000 ____D C:\Users\ast\Documents\Youcam 2013-10-09 21:00 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\AppCompat 2013-10-09 20:59 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-10-09 17:29 - 2013-03-15 10:16 - 00000000 ____D C:\A-Umsatz 2013-10-09 13:38 - 2013-09-11 11:21 - 00000000 ____D C:\AA-Motion-Sensor 2013-10-04 16:16 - 2013-10-02 14:15 - 00000000 ____D C:\AA-GoogleKamp 2013-10-04 12:33 - 2013-09-23 09:08 - 00000000 ____D C:\BremenWahl2013 2013-10-04 12:28 - 2012-02-06 12:06 - 00000000 ____D C:\Users\ast\AppData\Local\CrashDumps 2013-10-04 11:04 - 2013-09-18 18:53 - 00000000 ____D C:\AA-SAP 2013-10-03 10:35 - 2013-10-03 10:35 - 98878632 _____ C:\Windows\SysWOW64\�崅D 2013-10-02 13:36 - 2013-04-21 17:11 - 00000000 ____D C:\A-ADREmail 2013-10-01 18:45 - 2012-09-18 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2013-10-01 12:11 - 2012-09-18 20:16 - 00000000 ____D C:\Users\ast\AppData\Local\Mozilla 2013-10-01 11:01 - 2013-10-01 11:01 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-30 09:47 - 2012-11-06 18:24 - 00000000 ____D C:\A-MANUALS 2013-09-26 17:21 - 2011-07-16 06:07 - 00654166 _____ C:\Windows\system32\perfh007.dat 2013-09-26 17:21 - 2011-07-16 06:07 - 00130006 _____ C:\Windows\system32\perfc007.dat 2013-09-26 17:21 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI 2013-09-25 20:36 - 2013-07-05 12:14 - 00000000 ____D C:\AA-Mitbewerb 2013-09-25 08:55 - 2013-09-25 08:55 - 97673008 _____ C:\Windows\SysWOW64\璉ꚾ* 2013-09-23 15:30 - 2013-09-23 15:15 - 01530894 _____ C:\Users\ast\Downloads\gps.apk 2013-09-20 16:53 - 2013-06-30 09:31 - 00000000 ____D C:\AA-eCall 2013-09-20 09:58 - 2012-11-17 10:20 - 00003174 _____ C:\Windows\System32\Tasks\HPCeeScheduleForast 2013-09-20 09:58 - 2012-11-17 10:20 - 00000324 _____ C:\Windows\Tasks\HPCeeScheduleForast.job 2013-09-17 10:42 - 2013-03-10 19:32 - 00000000 ____D C:\AA-Jan-Luetzen 2013-09-14 12:07 - 2012-11-23 11:23 - 00000000 ____D C:\China-Japan-Holzs 2013-09-10 10:32 - 2013-04-28 16:57 - 00000000 ____D C:\AA-Website+Statistik Some content of TEMP: ==================== C:\Users\ast\AppData\Local\Temp\AskSLib.dll C:\Users\ast\AppData\Local\Temp\avgnt.exe C:\Users\ast\AppData\Local\Temp\BackupSetup.exe C:\Users\ast\AppData\Local\Temp\bdfilters.dll C:\Users\ast\AppData\Local\Temp\bj-uurck.dll C:\Users\ast\AppData\Local\Temp\DevSetup32.dll C:\Users\ast\AppData\Local\Temp\DevSetup64.dll C:\Users\ast\AppData\Local\Temp\DriverInstall32.exe C:\Users\ast\AppData\Local\Temp\DriverInstall64.exe C:\Users\ast\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\ast\AppData\Local\Temp\HPHelpUpdater.exe C:\Users\ast\AppData\Local\Temp\hvpekgi0.dll C:\Users\ast\AppData\Local\Temp\installhelper.dll C:\Users\ast\AppData\Local\Temp\nsc9501.tmp.exe C:\Users\ast\AppData\Local\Temp\nsj8C58.tmp.exe C:\Users\ast\AppData\Local\Temp\pdf24-creator-update.exe C:\Users\ast\AppData\Local\Temp\qspreum9.dll C:\Users\ast\AppData\Local\Temp\Quarantine.exe C:\Users\ast\AppData\Local\Temp\Resource.exe C:\Users\ast\AppData\Local\Temp\SetupDataMngr_jZip.exe C:\Users\ast\AppData\Local\Temp\sp58915.exe C:\Users\ast\AppData\Local\Temp\SRAssetsHelper.dll C:\Users\ast\AppData\Local\Temp\tbFLV_.dll C:\Users\ast\AppData\Local\Temp\UninstallHPSA.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-01 08:29 ==================== End Of Log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013 Ran by ast at 2013-10-10 21:47:32 Running from C:\Users\ast\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Avira Desktop (Enabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} AS: Avira Desktop (Enabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== Update for Microsoft Office 2007 (KB2508958) (x32) Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117) Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117) Adobe Photoshop 7.0 (x32 Version: 7.0) Adobe Reader X (10.1.6) MUI (x32 Version: 10.1.6) Adobe Shockwave Player 11.5 (x32 Version: 11.5.9.620) Apple Application Support (x32 Version: 2.3.4) Apple Mobile Device Support (Version: 6.1.0.13) Apple Software Update (x32 Version: 2.1.3.127) ArcSoft TotalMedia 3 (x32) AuthenTec TrueAPI (Version: 1.3.0.111) AutoUpdate (x32 Version: 1.1) Avira Free Antivirus (x32 Version: 14.0.0.383) Bandicam (x32 Version: 1.8.3.272) Bandisoft MPEG-1 Decoder (x32) Bing Bar (x32 Version: 7.0.610.0) Bonanza Deals (remove only) (x32 Version: 5.0.1.0) Bonjour (Version: 3.0.0.10) CyberLink Power2Go (x32 Version: 7.0.0.1906) CyberLink PowerDirector (x32 Version: 8.0.3224a) CyberLink PowerProducer (x32 Version: 5.0.2.4230) CyberLink YouCam (x32 Version: 3.5.1.4119) D3DX10 (x32 Version: 15.4.2368.0902) DivX Codec (x32 Version: 6.8.2) DivX Player (x32 Version: 6.7.0) Drv (x32 Version: 1.00.0000) DVD Player (x32) ESU for Microsoft Windows 7 SP1 (x32 Version: 2.1.1) Evernote v. 4.2.3 (x32 Version: 4.2.3.22) FastStone Capture 5.3 (x32 Version: 5.3) Filzip 3.06 (x32 Version: 3.0.6) Free PDF to Word Doc Converter v1.1 (x32 Version: 1.1) Google Chrome (x32 Version: 30.0.1599.69) Google Earth (x32 Version: 4.3.7204.836) Google Earth Plug-in (x32 Version: 7.1.1.1888) HP Client Services (Version: 1.1.12938.3539) HP Customer Experience Enhancements (x32 Version: 6.0.1.7) HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät (Version: 22.50.231.0) HP Deskjet 2050 J510 series Hilfe (x32 Version: 140.0.61.61) HP SimplePass PE 2011 (x32 Version: 5.3.0.163) IDT Audio (x32 Version: 1.0.6341.0) Intel(R) Control Center (x32 Version: 1.2.1.1007) Intel(R) Identity Protection Technology 1.1.2.0 (x32 Version: 1.1.2.0) Intel(R) Management Engine Components (x32 Version: 7.0.0.1144) Intel(R) Processor Graphics (x32 Version: 8.15.10.2372) Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026) iTunes (Version: 11.0.4.4) Java 7 Update 15 (64-bit) (Version: 7.0.150) Java SE Development Kit 7 Update 15 (64-bit) (Version: 1.7.0.150) Junk Mail filter update (x32 Version: 15.4.3502.0922) Magic Desktop (x32 Version: 3.0) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300) MD86364 Driver Install x64 (x32 Version: 6.11.615.0) Mesh Runtime (x32 Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Excel 2000 SR-1 (x32 Version: 9.00.3821) Microsoft Office 2007 Service Pack 2 (SP2) (x32) Microsoft Office Access MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Enterprise 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Excel MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Groove MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office InfoPath MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6425.1000) Microsoft Office OneNote MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Outlook MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office PowerPoint MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proof (Italian) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Proofing (German) 2007 (x32 Version: 12.0.4518.1014) Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) (x32) Microsoft Office Publisher MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Shared 64-bit MUI (German) 2007 (Version: 12.0.6425.1000) Microsoft Office Shared MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft Office Word MUI (German) 2007 (x32 Version: 12.0.6425.1000) Microsoft PowerPoint 2000 SR-1 (x32 Version: 9.00.3821) Microsoft Silverlight (x32 Version: 4.1.10111.0) Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192) Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219) Microsoft Windows Media Video 9 VCM (x32) Microsoft Word 2000 (x32 Version: 9.00.2816) Mozilla Firefox 24.0 (x86 de) (x32 Version: 24.0) Mozilla Maintenance Service (x32 Version: 24.0) Mozilla Thunderbird 17.0.8 (x86 de) (x32 Version: 17.0.8) MSVCRT (x32 Version: 15.4.2862.0708) MSVCRT_amd64 (x32 Version: 15.4.2862.0708) MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0) MSXML 4.0 SP3 Parser (x32 Version: 4.30.2100.0) MyFreeCodec (HKCU) MyPC Backup (Version: ) PDF24 Creator 5.2.0 (x32) PDF-to-Word 3.1 Demo (x32) Ralink RT5390 802.11b/g/n WiFi Adapter (x32 Version: 3.02.01.0) Realtek Ethernet Controller Driver (x32 Version: 7.40.126.2011) Realtek PCIE Card Reader (x32 Version: 6.1.7600.77) Recovery Manager (x32 Version: 2.0.0) River Past Screen Recorder (Version: 7.8) Samsung Kies (x32 Version: 2.0.2.11071_128) SAMSUNG USB Driver for Mobile Phones (Version: 1.4.2.2) STMicroelectronics DfuSe v3.0.0 (x32 Version: 3.0.0) Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (Version: 22.50.231.0) Synaptics TouchPad Driver (Version: 15.3.11.0) Update for 2007 Microsoft Office System (KB967642) (x32) Update for Microsoft Office 2007 suites (KB2597970) 32-Bit Edition (x32) VIP Access SDK (1.0.1.2) (x32 Version: 1.0.1.2) Whilokii 1.0.0 (Version: 1.0.0) Windows Live Communications Platform (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3502.0922) Windows Live Essentials (x32 Version: 15.4.3508.1109) Windows Live Fotogalerie (x32 Version: 15.4.3502.0922) Windows Live ID Sign-in Assistant (Version: 7.250.4225.0) Windows Live Installer (x32 Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3508.1109) Windows Live Mail (x32 Version: 15.4.3502.0922) Windows Live Mesh (x32 Version: 15.4.3502.0922) Windows Live Mesh ActiveX control for remote connections (x32 Version: 15.4.5722.2) Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2) Windows Live Messenger (x32 Version: 15.4.3502.0922) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (x32 Version: 15.4.3502.0922) Windows Live Photo Common (x32 Version: 15.4.3502.0922) Windows Live Photo Gallery (x32 Version: 15.4.3502.0922) Windows Live PIMT Platform (x32 Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (x32 Version: 15.4.3502.0922) Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922) Windows Live UX Platform (x32 Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109) Windows Live Writer (x32 Version: 15.4.3502.0922) Windows Live Writer Resources (x32 Version: 15.4.3502.0922) ==================== Restore Points ========================= 30-05-2013 09:54:47 Geplanter Prüfpunkt 07-06-2013 11:54:23 Geplanter Prüfpunkt 15-06-2013 07:23:49 Geplanter Prüfpunkt 22-06-2013 07:56:05 Geplanter Prüfpunkt 25-06-2013 07:16:46 Installed iTunes 25-06-2013 15:22:32 Removed HP Auto. 25-06-2013 15:24:19 Removed HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät 25-06-2013 15:25:05 Removed HP Deskjet 2050 J510 series Hilfe 25-06-2013 15:25:48 Removed HP Documentation 25-06-2013 15:27:12 Removed HP Launch Box 25-06-2013 15:27:25 Removed HP Launch Box 25-06-2013 15:28:03 Removed HP Setup Manager. 25-06-2013 15:28:29 Removed HP Support Assistant. 25-06-2013 15:30:57 Removed HP Update. 25-06-2013 15:31:55 Windows Modules Installer 25-06-2013 15:32:33 Windows Modules Installer 25-06-2013 15:33:03 Removed HP Software Framework 25-06-2013 15:34:02 Removed HP Setup Manager. 25-06-2013 15:35:12 Removed HP On Screen Display 25-06-2013 15:35:31 Removed HP Power Manager 25-06-2013 15:35:48 Removed HP Quick Launch 25-06-2013 15:36:34 Removed HP Setup. 25-06-2013 15:38:21 Removed HP SimplePass PE 2011. 25-06-2013 16:56:17 Free System Utilities 25-06-2013 17:03:24 Removed iTunes 25-06-2013 17:07:32 Free System Utilities 25.06.2013 19:07:32 02-07-2013 17:22:42 Geplanter Prüfpunkt 10-07-2013 06:46:52 Geplanter Prüfpunkt 11-07-2013 14:43:58 Wiederherstellungsvorgang 19-07-2013 06:01:46 Geplanter Prüfpunkt 27-07-2013 10:51:37 Geplanter Prüfpunkt 01-08-2013 20:38:47 PC Performer Do, Aug 01, 13 22:38 02-08-2013 05:49:08 Wiederherstellungsvorgang 09-08-2013 12:05:54 Geplanter Prüfpunkt 17-08-2013 08:16:03 Geplanter Prüfpunkt 17-08-2013 08:58:40 Wiederherstellungsvorgang 24-08-2013 20:34:12 Geplanter Prüfpunkt 02-09-2013 11:15:47 Geplanter Prüfpunkt 10-09-2013 09:19:25 Geplanter Prüfpunkt 18-09-2013 11:57:32 Geplanter Prüfpunkt 25-09-2013 12:17:43 Geplanter Prüfpunkt 03-10-2013 10:03:20 Geplanter Prüfpunkt 09-10-2013 18:53:29 Wiederherstellungsvorgang ==================== Hosts content: ========================== 2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {005EB6BE-498E-4210-9250-4E2E7EBA5FFC} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink) Task: {09DE5077-6686-4510-A9CF-0562B4CE8634} - System32\Tasks\RegClean Pro_UPDATES => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe Task: {0E96AFDC-440F-4DF0-9BE3-CFCA5DD85374} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineUA => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-10] (BonanzaDeals) Task: {2CB0EF16-F2AC-4F09-8388-FF3E61731E29} - System32\Tasks\EPUpdater => C:\Users\ast\AppData\Roaming\BABSOL~1\Shared\BabMaint.exe Task: {43D7A20D-C820-4B2D-AF0D-33883A1A3A3A} - System32\Tasks\Microsoft\Windows\MUI\Lpksetup => C:\Windows\System32\lpksetup.exe [2010-11-21] (Microsoft Corporation) Task: {5426CA6E-9373-456F-804F-9529BDF4EAE0} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06] (Google Inc.) Task: {70C98D09-4C14-4DA8-830E-494B297A0BF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-06] (Google Inc.) Task: {A1229F27-B0D6-4973-9937-7FACE3B836F9} - System32\Tasks\RegClean Pro => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe Task: {B019315C-3E8B-40AF-8962-C202807A3044} - System32\Tasks\Advanced System Protector => C:\Program Files (x86)\RegClean Pro\SystweakASP.exe Task: {B2318D2F-D168-45BC-8357-BE78378D27B1} - System32\Tasks\Start Registry Reviver => C:\Program Files (x86)\Reviversoft\Registry Reviver\RegistryReviver.exe Task: {B2CD76BB-B0B5-4BD2-84EE-7B2A525E2779} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {B78B8B5B-0251-453D-B3D9-5B0F56DBC7EA} - System32\Tasks\BonanzaDealsLiveUpdateTaskMachineCore => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe [2013-10-10] (BonanzaDeals) Task: {BE2E8902-48CC-4DFF-8D7E-69E444C55EFE} - System32\Tasks\BonanzaDealsUpdate => C:\Program Task: {C154BEC8-4D7D-48D5-A5A9-5B967C016CC3} - System32\Tasks\Advanced System Protector_startup => C:\Program Files (x86)\Advanced System Protector\AdvancedSystemProtector.exe Task: {C3E66CF6-9012-4DB1-9B01-5CA6794FFE5F} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2010-11-16] (Hewlett-Packard Co.) Task: {C413903B-998C-434B-B4A2-C0F82A2074F9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-10] (Adobe Systems Incorporated) Task: {C8F878E3-A872-40D2-BFB1-D0283E336F6B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc Task: {D67B7E70-7BD9-4899-94A8-AC0D3D06A549} - System32\Tasks\HPCeeScheduleForast => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job => C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\Windows\Tasks\HPCeeScheduleForast.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe Task: C:\Windows\Tasks\RegClean Pro_UPDATES.job => C:\Program Files (x86)\RegClean Pro\RegCleanPro.exe ==================== Loaded Modules (whitelisted) ============= 2011-05-10 19:56 - 2011-05-10 19:56 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2012-11-01 19:48 - 2012-09-19 20:17 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-04-21 21:44 - 2013-04-21 21:44 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2012-02-06 16:51 - 2012-02-06 16:51 - 00115137 _____ () C:\Users\ast\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll 2010-08-03 16:39 - 2010-08-03 16:39 - 00619816 _____ () C:\Program Files (x86)\HomeCinema\Power2Go\CLMediaLibrary.dll 2010-08-03 16:39 - 2010-08-03 16:39 - 00013096 _____ () C:\Program Files (x86)\HomeCinema\Power2Go\CLMLSvcPS.dll 2012-02-06 13:53 - 2005-08-05 17:24 - 00028672 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3\uPiApi.dll 2012-02-06 13:53 - 2004-12-14 13:00 - 00430080 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3\fpxlib.dll 2012-02-06 13:53 - 2006-01-06 15:51 - 00266303 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3\magengin.dll 2012-02-06 13:53 - 2004-12-01 18:21 - 00180224 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3\kgl.dll 2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll 2012-02-17 11:15 - 2012-02-17 11:15 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\92b2d2a459ddbe7b21b895e82161acac\IsdiInterop.ni.dll 2011-09-23 01:39 - 2011-04-30 00:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll 2013-08-30 10:23 - 2013-08-30 10:23 - 02244504 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll 2013-08-30 10:23 - 2013-08-30 10:23 - 00158104 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll 2013-08-30 10:23 - 2013-08-30 10:23 - 00022424 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll 2013-10-01 11:01 - 2013-10-01 11:01 - 03279768 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-10-10 09:34 - 2013-10-10 09:34 - 16233864 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BsScanner => ""="Service" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BsScanner => ""="Service" ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= Error: (07/11/2012 04:23:14 PM) (Source: Microsoft Office 12 Sessions)(User: ) Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20 seconds with 0 seconds of active time. This session ended with a crash. ==================== Memory info =========================== Percentage of memory in use: 48% Total physical RAM: 4043.86 MB Available physical RAM: 2064.58 MB Total Pagefile: 8085.91 MB Available Pagefile: 5740.51 MB Total Virtual: 8192 MB Available Virtual: 8191.82 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:445.34 GB) (Free:240.21 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (Recovery) (Fixed) (Total:16.26 GB) (Free:1.76 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.95 GB) FAT32 ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: CF92579A) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=445 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=16 GB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=4 GB) - (Type=0C) ==================== End Of Log ============================ |
bitte nicht immer einen neuen thread aufmachen, poste die logs in dem anderen Thema, dort habe ich dir geantwortet. |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 10:43 Uhr. |
Copyright ©2000-2025, Trojaner-Board