Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 28.06.2015
Suchlauf-Zeit: 17:03:53
Logdatei: MBAM27.06.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.03.09.05
Rootkit Datenbank: v2015.06.26.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Marcus Vogelgsang
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 379535
Verstrichene Zeit: 24 Min, 44 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 9
PUP.Optional.WiseConvert.A, HKU\S-1-5-21-3727746948-312616605-306874443-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{213c8ed6-1d78-4d8f-8729-25006aa86a76}, In Quarantäne, [1861162d4941f343da3e2cee788b867a],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\APPID\PriceMeterLiveUpdate.exe, In Quarantäne, [2d4cea59e8a268ce6d236e44ee15ca36],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\PriceMeterLiveUpdate.exe, In Quarantäne, [1960232082085adc8010fdb5699a51af],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\PriceMeterLiveUpdate, In Quarantäne, [7bfeb98a6f1b52e48213a60cf50e6c94],
PUP.Optional.RollAround.A, HKLM\SOFTWARE\WOW6432NODE\RollAround, In Quarantäne, [67120a398406aa8c87a9beeacf346e92],
PUP.Optional.PriceMeter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\PriceMeterLiveUpdate.exe, In Quarantäne, [1c5dd37095f5eb4bc9c7268c09fa09f7],
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-3727746948-312616605-306874443-1001\SOFTWARE\PriceMeterLiveUpdate, In Quarantäne, [fc7d053ed7b344f29df6486a21e2e21e],
PUP.Optional.PriceMeter.A, HKU\S-1-5-21-3727746948-312616605-306874443-1001\SOFTWARE\PriceMeterUpdater, In Quarantäne, [fb7e6fd4abdf86b03064555d0003f10f],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-3727746948-312616605-306874443-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, In Quarantäne, [2257ac971674d95d4bc97b4763a002fe],
Registrierungswerte: 1
PUP.Optional.CertifiedToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURI|(Default), hxxp://search.certified-toolbar.com?si=66920&st=bs&tid=6787&ver=4.8&ts=1380578400000.000008&tguid=66920-6787-1380617223299-9BCA2DF632088B28D1BF5D06723459E9&q=%s, In Quarantäne, [96e3cf746c1e5fd71c25ab294cb7a957]
Registrierungsdaten: 1
PUP.Optional.SimplyTech.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|newtab, %appdata%\SimplyTech\home\home.htm, Gut: (www.google.com), Schlecht: (%appdata%\SimplyTech\home\home.htm),Ersetzt,[255468dbd3b73afcc73a498e7095b050]
Ordner: 15
PUP.Optional.OpenCandy, C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy, In Quarantäne, [5227ce750b7f1d19a2dddb8e8281ea16],
PUP.Optional.OpenCandy, C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\6F05CD36B8F2467093C2A0053B2D6835, In Quarantäne, [5227ce750b7f1d19a2dddb8e8281ea16],
PUP.Optional.OpenCandy, C:\Users\Marcus Vogelgsang\AppData\Roaming\OpenCandy\EB06830C84B6416686178A2266EB919B, In Quarantäne, [5227ce750b7f1d19a2dddb8e8281ea16],
PUP.Optional.MindSpark.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default\Allin1Convert_8h, In Quarantäne, [3f3a33102565aa8c8a27e38ffe05aa56],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0, In Quarantäne, [81f86bd8b8d2f541c7cbd2a89e6548b8],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\APISupport_2.1.0.8, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\MiniSP_1.0.2.93, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\Logs, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
Dateien: 46
PUP.Optional.RollAround.C, C:\Users\Marcus Vogelgsang\AppData\Roaming\RHEng\3F65D63EB9DD4A5D8434D853FA0A85FC\setup0213.exe, In Quarantäne, [3742b1920189e056155354d7e81ac13f],
PUP.Optional.ClientConnect, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\APISupport.dll, In Quarantäne, [7efb1f24f793b3836442deec5fa2de22],
PUP.Optional.ClientConnect, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\APISupport.old, In Quarantäne, [39402320aae0df57edb925a5c53c1ae6],
PUP.Optional.Freemium.A, C:\Users\Marcus Vogelgsang\AppData\Local\CRE\jopemfhojpebdeollanchfjhpbkcijoi.crx, In Quarantäne, [3f3a360df79355e198f5f1cfcd36e21e],
PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\pricemeterdownloader, In Quarantäne, [6019d76ccbbf8aac13f7bd12c73cd32d],
PUP.Optional.PriceMeter.A, C:\Windows\System32\Tasks\PriceMeterUpdater, In Quarantäne, [d9a04ef53f4b56e041b8c40eff04b44c],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0.localstorage, In Quarantäne, [46330043abdf7abcbc9b9d3d0cf73dc3],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0.localstorage-journal, In Quarantäne, [3f3a62e1355537ffc1962ab0e221fd03],
PUP.Optional.MindSpark.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default\Allin1Convert_8h\45A12400-0529-4ACC-AC7F-78F900353547.sqlite, In Quarantäne, [3f3a33102565aa8c8a27e38ffe05aa56],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_ofjgnhihlklpobkaloamkankaaoclfjh_0\1, In Quarantäne, [81f86bd8b8d2f541c7cbd2a89e6548b8],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000016.ldb, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000039.ldb, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\000048.log, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\CURRENT, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOCK, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\LOG.old, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.CrossRider.A, C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ofjgnhihlklpobkaloamkankaaoclfjh\MANIFEST-000046, In Quarantäne, [0a6f54eff89235012770354540c3b54b],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\APISupport_2.1.0.8\ApiSupport.dll, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\Cvc.dat, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\MiniSP.dll, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.Conduit.A, C:\Users\Marcus Vogelgsang\AppData\Local\TB\APISupport\MiniSP_1.0.2.93\rep.dat, In Quarantäne, [2c4dce754b3fce68a906344c986b6f91],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome.manifest, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\install.rdf, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\background.html, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\bg.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\button.xml, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\config.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\content.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\framework.xul, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon128.png, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon16.png, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.ico, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon18.png, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.ico, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon24.png, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.ico, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon32.png, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\icon48.png, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\jquery-1.6.2.min.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\options.xul, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\settings.json, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\background.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\content\mz\content.js, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
PUP.Optional.SpeedAnalysis.A, C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Extensions\speedanalysis02@SpeedAnalysis.com\chrome\skin\framework.css, In Quarantäne, [e29756ed8bff5dd91467d5ca5fa407f9],
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v4.207 - Bericht erstellt 28/06/2015 um 17:40:47
# Aktualisiert 21/06/2015 von Xplode
# Datenbank : 2015-06-23.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Marcus Vogelgsang - MARCUSVOGELGSAN
# Gestarted von : C:\Users\Marcus Vogelgsang\Downloads\AdwCleaner_4.207.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\DriverBoost
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Local\Software Updater
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\RHEng
Datei Gelöscht : C:\Users\Marcus Vogelgsang\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\Marcus Vogelgsang\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : FreeDriverScout
Task Gelöscht : pricemeterdownloader
Task Gelöscht : PriceMeterUpdater
Task Gelöscht : Software Updater
Task Gelöscht : Software Updater Ui
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22E9CC7A-04B2-4558-A993-763395274E42}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IBUpdaterService
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ProtectedSearch
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - localhost
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17801
-\\ Mozilla Firefox v38.0.1 (x86 de)
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.BUTTON_STRUCTURE", "[{\"b\":221360012,\"c\":\"mindspark.magnify\",\"p\":\"L.0\"},{\"b\":221360013,\"c\":\"mindspark.entersearchterms\",\"p\":\"L.0.0[...]
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.firstKnownVersion", "6.66.4.36873");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.homepage", "hxxp://home.tb.ask.com/index.jhtml?ptb=45A12400-0529-4ACC-AC7F-78F900353547&n=780c76fb&p2=^AYY^xdm070^YYA^de&si=flvrunner");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.initialized", true);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installKeysSource", "LocalStorage");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installType", "XPI");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.contextKey", "");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.installDate", "2014082811");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerId", "^AYY^xdm070^YYA^de");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.partnerSubId", "flvrunner");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.pixelUrl", "hxxp://allin1convert.dl.tb.ask.com/install_pixels.jhtml?partner=^AYY^xdm070^YYA^de&coId=7ccd0d5adead4678b5e925e168da2d2b");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.success", true);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.installation.toolbarId", "45A12400-0529-4ACC-AC7F-78F900353547");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.isCompliantUninstallImplementation", true);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.lastActivePing", "1411364565372");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.lastKnownVersion", "6.72.4.54862");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.defaultSearch", false);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.homePageEnabled", false);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.keywordEnabled", false);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.options.tabEnabled", false);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.partnerPixelFired", true);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.successUrl", "hxxp://flvrunner.com/thankyou.php");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.toolbarCollapsed", false);
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark._8hMembers_.weather.location", "10001");
[vvaybwkb.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "allin1convert@mindspark.com");
-\\ Google Chrome v43.0.2357.130
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?gd=&ctid=CT3323900&octid=EB_ORIGINAL_CTID&ISID=M31DCF370-3376-40DD-8837-CFCDFD0BBC3C&SearchSource=58&CUI=&UM=5&UP=SP420464BF-EFF7-4313-B4D6-C5496A028DEC&q={searchTerms}&SSPV=
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://de.yhs4.search.yahoo.com/yhs/search?hspart=avast&hsimp=yhs-001&type={partner_id}&p={searchTerms}
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : dgjkhjdcljddbedokogakmmdjgnbeanf
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : jpmbfleldcgkldadpdinhjjopdfpjfjp
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Extension] : ofjgnhihlklpobkaloamkankaaoclfjh
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Startup_URLs] : hxxp://de.yhs4.search.yahoo.com/?hspart=avast&hsimp=yhs-001&type={partner_id}
[C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Default_Search_Provider_Data] :
*************************
AdwCleaner[R0].txt - [35474 Bytes] - [28/06/2015 17:39:17]
AdwCleaner[S0].txt - [11474 Bytes] - [28/06/2015 17:40:47]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11534 Bytes] ##########
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.2.0 (06.28.2015:1)
OS: Windows 7 Home Premium x64
Ran by Marcus Vogelgsang on 28.06.2015 at 17:48:16,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\syswow64\shoC467.tmp
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Marcus Vogelgsang\appdata\local\{71923640-8669-4720-8A12-2C38CB313BCD}
Successfully deleted: [Folder] C:\Program Files (x86)\tuneup utilities 2014
Successfully deleted: [Folder] C:\ProgramData\tuneup software
Successfully deleted: [Folder] C:\Users\Marcus Vogelgsang\appdata\local\cre
Successfully deleted: [Folder] C:\Users\Marcus Vogelgsang\appdata\local\tuneup software
Successfully deleted: [Folder] C:\Users\Marcus Vogelgsang\AppData\Roaming\tuneup software
Successfully deleted: [Folder] C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
Successfully deleted: [Folder] C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
~~~ FireFox
~~~ Chrome
[C:\Users\Marcus Vogelgsang\appdata\local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Marcus Vogelgsang\appdata\local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Marcus Vogelgsang\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Marcus Vogelgsang\appdata\local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.06.2015 at 17:53:40,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015
Ran by Marcus Vogelgsang (administrator) on MARCUSVOGELGSAN on 28-06-2015 18:02:36
Running from C:\Users\Marcus Vogelgsang\Downloads
Loaded Profiles: Marcus Vogelgsang (Available Profiles: Marcus Vogelgsang)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\WerFault.exe
(Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-29] (Synaptics Incorporated)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227648 2015-03-15] (AVAST Software)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-05-10] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [StrmServer.exe] => C:\Program Files (x86)\Common Files\PCTV Systems\StreamingServer\StrmServer.exe [746768 2010-12-21] (PCTV Systems S.à r.l.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-09-15] (Apple Inc.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Lsa: [Notification Packages] scecli C:\Program Files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2012-04-19]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nach Updates suchen.lnk [2012-04-08]
ShortcutTarget: Nach Updates suchen.lnk -> C:\Program Files (x86)\Common Files\PCTV Systems\WebUpdater\WebUpdater.exe (PCTV Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-04-25]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Marcus Vogelgsang\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk [2015-06-21]
ShortcutTarget: Tintenwarnungen überwachen - HP Officejet 6600 (Netzwerk).lnk -> C:\Program Files\HP\HP Officejet 6600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ 0POLinkIconDone] -> {4931EE43-90CB-4D46-A50F-474D7C5D97BE} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 1POLinkIconFailed] -> {828F1FF1-021C-4EC0-A4F8-B1BFF6390DD3} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 2POLinkIconIng] -> {8AE3CBEA-8E21-4883-BFD0-925F5513F190} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ 3POLinkIconProhibited] -> {DED0F1AF-0505-4FB7-83AA-C2E51FA0721F} => C:\Windows\system32\mscoree.dll [2010-11-21] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-02-01] (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Marcus Vogelgsang\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll [2015-03-05] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3727746948-312616605-306874443-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3727746948-312616605-306874443-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKU\S-1-5-21-3727746948-312616605-306874443-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-01] (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-01] (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2015-04-17] (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20] (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - !{E3286BF1-E654-42FF-B4A6-5E111731DF6B} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{2CC3C6CC-0B6C-45F0-AAE6-401CC13F830D}: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default
FF Homepage: hxxp://google.de/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_194.dll [2015-06-28] ()
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-28] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2015-04-17] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-23] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default\searchplugins\google-images.xml [2014-09-02]
FF SearchPlugin: C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default\searchplugins\google-maps.xml [2014-09-02]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-04-19]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-04-18]
FF HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF HKU\S-1-5-21-3727746948-312616605-306874443-1001\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Marcus Vogelgsang\AppData\Roaming\Mozilla\Firefox\Profiles\vvaybwkb.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR Profile: C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-10]
CHR Extension: (YouTube) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-10]
CHR Extension: (Google Search) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-06]
CHR Extension: (Google Wallet) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-10]
CHR Extension: (Gmail) - C:\Users\Marcus Vogelgsang\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-10]
CHR HKLM-x32\...\Chrome\Extension: [dgldkplledicnbnnliodeffobaiaodaf] - C:\Program Files (x86)\SiteRanker\Chrome\siterank_c.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-01]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-01] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-01] (Avast Software)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1229528 2013-12-06] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [662232 2013-12-06] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 AntiVirWebService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe" [X]
S2 HPSLPSVC; C:\Users\MARCUS~1\AppData\Local\Temp\7zS79A1\hpslpsvc64.dll [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-01] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-02-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-01] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-01] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-01] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-01] ()
R3 azvusb; C:\Windows\System32\DRIVERS\azvusb.sys [54784 2009-08-24] (AzureWave Technologies, Inc.)
S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-30] (Broadcom Corporation.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-06-28] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S1 PCLEPCI; C:\Windows\SysWOW64\drivers\pclepci.sys [14165 2005-02-09] (Pinnacle Systems GmbH) [File not signed]
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-12-06] (Secunia)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-01] (Avast Software)
S3 Andbus; system32\DRIVERS\lgandbus64.sys [X]
S3 AndDiag; system32\DRIVERS\lganddiag64.sys [X]
S3 AndGps; system32\DRIVERS\lgandgps64.sys [X]
S3 ANDModem; system32\DRIVERS\lgandmodem64.sys [X]
S1 ArcCtrl; system32\drivers\ArcCtrl.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 ewusbnet; system32\DRIVERS\ewusbnet.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]
S3 LgBttPort; system32\DRIVERS\lgbtpt64.sys [X]
S3 lgbusenum; system32\DRIVERS\lgbtbs64.sys [X]
S3 LGVMODEM; system32\DRIVERS\lgvmdm64.sys [X]
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 usbbus; system32\DRIVERS\lgx64bus.sys [X]
S3 UsbDiag; system32\DRIVERS\lgx64diag.sys [X]
S3 USBModem; system32\DRIVERS\lgx64modem.sys [X]
S3 ZTEusbnet; system32\DRIVERS\ZTEusbnet.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-28 17:55 - 2015-06-28 18:01 - 02112512 _____ (Farbar) C:\Users\Marcus Vogelgsang\Downloads\FRST64(1).exe
2015-06-28 17:53 - 2015-06-28 17:53 - 00002011 _____ C:\Users\Marcus Vogelgsang\Desktop\JRT.txt
2015-06-28 17:48 - 2015-06-28 17:48 - 00000207 _____ C:\Windows\tweaking.com-regbackup-MARCUSVOGELGSAN-Windows-7-Home-Premium-(64-bit).dat
2015-06-28 17:48 - 2015-06-28 17:48 - 00000000 ____D C:\RegBackup
2015-06-28 17:45 - 2015-06-28 17:45 - 00000091 _____ C:\Windows\wininit.ini
2015-06-28 17:44 - 2015-06-28 17:44 - 00000197 _____ C:\Windows\system32\2015-06-28-15-44-41.037-AvastVBoxSVC.exe-6136.log
2015-06-28 17:37 - 2015-06-28 17:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-28 17:37 - 2015-06-28 17:37 - 00014793 _____ C:\Users\Marcus Vogelgsang\Desktop\MBAM27.06.txt
2015-06-28 17:33 - 2015-06-28 17:33 - 00000197 _____ C:\Windows\system32\2015-06-28-15-33-23.039-AvastVBoxSVC.exe-4256.log
2015-06-28 17:19 - 2015-06-28 17:40 - 00000000 ____D C:\AdwCleaner
2015-06-28 17:18 - 2015-06-28 17:19 - 02950808 _____ (Malwarebytes Corporation) C:\Users\Marcus Vogelgsang\Downloads\JRT.exe
2015-06-28 17:18 - 2015-06-28 17:18 - 02244096 _____ C:\Users\Marcus Vogelgsang\Downloads\AdwCleaner_4.207.exe
2015-06-28 17:01 - 2015-06-28 17:02 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Marcus Vogelgsang\Downloads\mbam-setup-2.1.6.1022.exe
2015-06-28 14:30 - 2015-06-28 14:30 - 00000197 _____ C:\Windows\system32\2015-06-28-12-30-16.069-AvastVBoxSVC.exe-6404.log
2015-06-28 14:29 - 2015-06-28 14:29 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-21 20:53 - 2015-06-21 20:53 - 00000197 _____ C:\Windows\system32\2015-06-21-18-53-16.009-AvastVBoxSVC.exe-3172.log
2015-06-21 20:45 - 2015-06-21 20:45 - 00000197 _____ C:\Windows\system32\2015-06-21-18-45-07.013-AvastVBoxSVC.exe-5876.log
2015-06-07 22:05 - 2015-06-07 22:05 - 00000000 ____D C:\Users\Marcus Vogelgsang\AppData\Local\GWX
2015-06-07 21:56 - 2015-06-07 21:56 - 00000197 _____ C:\Windows\system32\2015-06-07-19-56-05.032-AvastVBoxSVC.exe-4872.log
2015-06-07 21:32 - 2015-05-22 20:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-07 21:32 - 2015-05-22 20:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-07 21:32 - 2015-05-22 20:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-07 21:32 - 2015-05-22 20:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-07 21:32 - 2015-05-22 20:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-07 21:32 - 2015-05-22 20:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-07 21:32 - 2015-05-22 20:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-07 21:32 - 2015-05-21 15:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-07 21:24 - 2015-06-07 21:24 - 00000197 _____ C:\Windows\system32\2015-06-07-19-24-39.047-AvastVBoxSVC.exe-3284.log
2015-06-02 22:15 - 2015-06-02 22:15 - 00000197 _____ C:\Windows\system32\2015-06-02-20-15-37.050-AvastVBoxSVC.exe-5000.log
2015-05-31 08:54 - 2015-05-31 08:55 - 00000197 _____ C:\Windows\system32\2015-05-31-06-54-34.076-AvastVBoxSVC.exe-6200.log
2015-05-31 07:40 - 2015-05-31 07:40 - 00000197 _____ C:\Windows\system32\2015-05-31-05-40-32.080-AvastVBoxSVC.exe-3332.log
2015-05-30 19:32 - 2015-05-30 19:32 - 00024184 _____ C:\Users\Marcus Vogelgsang\Desktop\Kopie von Reisekostenabrechnung Michael Schlackheck.xlsx
2015-05-30 19:29 - 2015-05-30 19:29 - 00024161 _____ C:\Users\Marcus Vogelgsang\Desktop\Kopie von Reisekostenabrechnung Michael Baier.xlsx
2015-05-30 19:24 - 2015-05-30 19:24 - 00024145 _____ C:\Users\Marcus Vogelgsang\Desktop\Kopie von Reisekostenabrechnung Rainer Sports cup.xlsx
2015-05-30 19:24 - 2015-05-30 19:24 - 00000197 _____ C:\Windows\system32\2015-05-30-17-24-43.069-AvastVBoxSVC.exe-5216.log
2015-05-30 15:10 - 2015-05-30 15:10 - 00000197 _____ C:\Windows\system32\2015-05-30-13-10-46.015-AvastVBoxSVC.exe-4440.log
2015-05-29 11:45 - 2015-05-29 11:46 - 00000197 _____ C:\Windows\system32\2015-05-29-09-45-38.008-AvastVBoxSVC.exe-6972.log
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-28 18:02 - 2015-04-20 09:43 - 00020340 _____ C:\Users\Marcus Vogelgsang\Downloads\FRST.txt
2015-06-28 18:02 - 2014-05-01 18:40 - 00000000 ____D C:\FRST
2015-06-28 17:48 - 2012-02-18 04:20 - 01581460 _____ C:\Windows\WindowsUpdate.log
2015-06-28 17:47 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-06-28 17:47 - 2009-07-14 06:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-06-28 17:45 - 2014-04-18 12:40 - 00004182 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2015-06-28 17:44 - 2012-11-15 22:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-28 17:42 - 2015-04-08 22:22 - 00000349 _____ C:\Users\Public\Documents\PCLECHAL.INI
2015-06-28 17:42 - 2014-04-10 15:05 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-28 17:41 - 2014-04-10 15:05 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-28 17:41 - 2010-11-21 05:47 - 00506684 _____ C:\Windows\PFRO.log
2015-06-28 17:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-28 17:41 - 2009-07-14 06:51 - 00178716 _____ C:\Windows\setupact.log
2015-06-28 17:36 - 2014-04-18 15:39 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-28 17:29 - 2015-04-06 04:24 - 00000000 ____D C:\Users\Marcus Vogelgsang\Documents\Staffel-2015
2015-06-28 17:28 - 2014-04-10 13:08 - 00000000 ____D C:\Users\Marcus Vogelgsang\AppData\Local\TB
2015-06-28 17:25 - 2012-04-06 20:12 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-28 17:03 - 2014-04-25 10:42 - 00001066 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-28 17:03 - 2014-04-25 10:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-28 17:03 - 2014-04-25 10:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-28 14:50 - 2014-04-10 15:05 - 00002139 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-28 14:45 - 2014-06-14 07:44 - 00026860 _____ C:\Windows\SecuniaPackage.log
2015-06-28 14:44 - 2012-04-06 20:12 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-28 14:44 - 2012-04-06 20:12 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-28 14:44 - 2011-10-20 11:22 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-28 14:34 - 2012-02-18 13:13 - 05025010 _____ C:\Windows\system32\perfh007.dat
2015-06-28 14:34 - 2012-02-18 13:13 - 01534880 _____ C:\Windows\system32\perfc007.dat
2015-06-28 14:34 - 2009-07-14 07:13 - 01593646 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-21 20:49 - 2015-02-10 20:31 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-21 20:49 - 2014-05-08 10:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-05-31 08:52 - 2013-07-26 09:21 - 00000000 ____D C:\Users\Marcus Vogelgsang\Documents\Staffel-Oschersleben
2015-05-29 12:57 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
==================== Files in the root of some directories =======
2012-04-14 14:31 - 2012-04-14 14:51 - 0000135 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\default.rss
2014-04-18 18:05 - 2014-04-18 18:05 - 0000043 _____ () C:\Users\Marcus Vogelgsang\AppData\Roaming\WB.CFG
2013-02-08 10:51 - 2013-02-08 10:51 - 0004608 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-04-19 12:37 - 2012-04-19 12:37 - 0000017 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\resmon.resmoncfg
2012-06-13 22:07 - 2012-07-27 09:33 - 0017408 _____ () C:\Users\Marcus Vogelgsang\AppData\Local\WebpageIcons.db
2014-12-03 11:36 - 2014-12-03 11:36 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-18 04:48 - 2013-08-26 10:13 - 0013217 _____ () C:\ProgramData\ArcadeDeluxe5.log
2012-04-19 09:44 - 2012-04-19 10:17 - 0001942 _____ () C:\ProgramData\hpzinstall.log
2013-10-13 17:52 - 2013-10-13 17:53 - 0000032 _____ () C:\ProgramData\PS.log
Some files in TEMP:
====================
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp5ynggf.dll
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\Quarantine.exe
C:\Users\Marcus Vogelgsang\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-28 15:31
==================== End of log ============================
--- --- ---
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
