erste datei mbma
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 10.05.2015 08:35:46, SYSTEM, DUST, Manual, Rootkit Database, 2015.2.25.1, 2015.4.21.1,
Update, 10.05.2015 08:35:46, SYSTEM, DUST, Manual, Remediation Database, 2015.3.9.1, 2015.5.9.1,
Protection, 10.05.2015 08:35:51, SYSTEM, DUST, Protection, Malware Protection, Starting,
Protection, 10.05.2015 08:35:51, SYSTEM, DUST, Protection, Malware Protection, Started,
Protection, 10.05.2015 08:35:51, SYSTEM, DUST, Protection, Malicious Website Protection, Starting,
Update, 10.05.2015 08:35:54, SYSTEM, DUST, Manual, Malware Database, 2015.3.9.5, 2015.5.10.2,
Protection, 10.05.2015 08:35:54, SYSTEM, DUST, Protection, Refresh, Starting,
Protection, 10.05.2015 08:36:14, SYSTEM, DUST, Protection, Malicious Website Protection, Started,
Protection, 10.05.2015 08:36:14, SYSTEM, DUST, Protection, Malicious Website Protection, Stopping,
Protection, 10.05.2015 08:36:14, SYSTEM, DUST, Protection, Malicious Website Protection, Stopped,
Protection, 10.05.2015 08:36:39, SYSTEM, DUST, Protection, Refresh, Success,
Protection, 10.05.2015 08:36:40, SYSTEM, DUST, Protection, Malicious Website Protection, Starting,
Protection, 10.05.2015 08:37:11, SYSTEM, DUST, Protection, Malicious Website Protection, Started,
Detection, 10.05.2015 08:38:09, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:38:12, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:38:18, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:40:15, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:40:18, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:40:24, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:51:36, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
Detection, 10.05.2015 08:51:39, SYSTEM, DUST, Protection, Malicious Website Protection, IP, 62.219.81.123, 0, Outbound,
(end)
AdwCleaner Logfile: Code:
# AdwCleaner v4.203 - Logfile created 10/05/2015 at 14:43:46
# Updated 30/04/2015 by Xplode
# Database : 2015-05-09.1 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : Dust - DUST
# Running from : C:\Programme\AdwCleaner_4.203.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Programme\predm
Folder Deleted : C:\DOKUME~1\Dust\LOKALE~1\Temp\raving reyven
Folder Deleted : C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\globalUpdate
Folder Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\HPAppData
Folder Deleted : C:\Dokumente und Einstellungen\Dust\Eigene Dateien\Updater
Folder Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default\Extensions\{f8353751-55b8-4258-fd48-33ef1876eb2c}
File Deleted : C:\END
File Deleted : C:\DOKUME~1\Dust\LOKALE~1\Temp\Uninstall.exe
File Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
File Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
File Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage
File Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Local Storage\hxxps_static.selectgo00.selectgo.net_0.localstorage-journal
File Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Local Storage\hxxp_answers.softonic.de_0.localstorage
File Deleted : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Local Storage\hxxp_answers.softonic.de_0.localstorage-journal
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Soft-Now bundle\Soft-Now bundle.lnk
Shortcut Disinfected : C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Microsoft\Internet Explorer\Quick Launch\Search.lnk
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\khialnikbocfgkohdegnebhmmaifoglp
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C430996F-4AA8-4AA8-81DE-F54432CD5786}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522962203}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{AD79BAD6-9504-4F09-ACEC-7B319584A4C1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\systweak
Key Deleted : HKCU\Software\Tutorials
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKU\.DEFAULT\Software\IBUpdaterService
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A2D81E70-2A98-4A08-A628-94388B063C5E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\NewPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Soft-Now bundle
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:2602;hxxps=127.0.0.1:2602;
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1
Data Deleted : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>;<local>
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
-\\ Mozilla Firefox v37.0.2 (x86 de)
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.a67af283579c3420abc70cd5399c4b7265c23b6cff0cf4ff989afa3fb89311be5com59564.59564.cookie.previous_page.value", "%22hxxp%3A//search.safefinder.com/%3Fst%3Dhp%26q%3D%22");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.a67af283579c3420abc70cd5399c4b7265c23b6cff0cf4ff989afa3fb89311be5com59564.59564.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.a67af283579c3420abc70cd5399c4b7265c23b6cff0cf4ff989afa3fb89311be5com59564.59564.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.a6c78cab30311420c8cc8d70d7c2e12d061a12377721444f1a183c0827fed20facom59603.59603.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aCUFCV96103896VLCZ37079202com61768.61768.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co.uk%22%2C%22amazon.com%22%2C%22anthrop[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aCUFCV96103896VLCZ37079202com61768.61768.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.com%22%2C%22www.easyjet.com%22%2C%22myp[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aCUFCV96103896VLCZ37079202com61768.61768.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.ad5c23cb6d0cf48158acbcf20d763e92fgmailcom62068.62068.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22deal[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.__ICM_LITE__fifty_test_rules.value", "%7B%22DE%22%3A%7B%22ALL%22%3A%5B%22anastasiadate.[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.__ICM_TEN__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.co[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.aff8065806db34c09ba06d6caf0e991728453cb257fef4ed58934b08be5605617com59599.59599.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.enabledItems", "{f8353751-55b8-4258-fd48-33ef1876eb2c}:1.0,ffxtlbr@Facemoods.com:1.1.0,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}:6.0.34[...]
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.Visibility", false);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCapacity", 3);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageCounter", 0);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageDay", 11);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageLastEvent", "1415547175879");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.backPageMinInterval", 15);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.barcodeid", "150872");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.countryiso", "de");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.downloadprovider", "ob_256");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.externalJsFiles", "");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.fromautoupdate", "false");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installationid", "f8353751-55b8-4258-fd48-33ef1876eb2c");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.installdate", "20/09/2014");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.iswinxp", "true");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.keepAliveLastevent", "1415719960");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.lastExternalJsUpdate", "1417078781699");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.helperbar.publisher", "shoppinghelper");
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[bq0opndw.default\prefs.js] - Line Deleted : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v39.0.2171.71
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1404045899&from=tugs&uid=ST500DM002-1BC142_Z2AAWKAQXXXXZ2AAWKAQ&q={searchTerms}
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1404045899&from=tugs&uid=ST500DM002-1BC142_Z2AAWKAQXXXXZ2AAWKAQ&q={searchTerms}
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.snapdo.com/?q={searchTerms}&category=Web&publisher=outbrowse&country=us&feedid=infospace&st=dn&dpid=us&lan=de&start=1
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
[C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Default_Search_Provider_Data] : hxxp://isearch.omiga-plus.com/web/?type=dspp&ts=1404045899&from=tugs&uid=ST500DM002-1BC142_Z2AAWKAQXXXXZ2AAWKAQ&q={searchTerms}
-\\ Opera v28.0.1750.51
*************************
AdwCleaner[R0].txt - [13410 bytes] - [10/05/2015 14:41:56]
AdwCleaner[S0].txt - [13146 bytes] - [10/05/2015 14:43:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13206 bytes] ##########
--- --- ---
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 06-05-2015 01
Ran by Dust (administrator) on DUST on 10-05-2015 15:01:45
Running from C:\Programme
Loaded Profiles: Dust (Available profiles: Dust & eva)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
(Autodesk, Inc.) C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe
(Apple Computer, Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
(SafeNet Inc.) C:\WINDOWS\system32\hasplms.exe
(Apache Software Foundation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe
(Oracle Corporation) C:\Programme\Java\jre7\bin\jqs.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe
(Malwarebytes Corporation) C:\Programme\Malwarebytes Anti-Malware\mbam.exe
(NVIDIA Corporation) C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
(Microsoft Corporation) C:\WINDOWS\system32\rundll32.exe
(Hewlett-Packard) C:\Programme\HP\HP Software Update\hpwuSchd2.exe
(CANON INC.) C:\Programme\Canon\Quick Menu\CNQMMAIN.EXE
(Avira Operations GmbH & Co. KG) C:\Programme\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Programme\Skype\Phone\Skype.exe
(Akamai Technologies, Inc.) C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(Akamai Technologies, Inc.) C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(CANON INC.) C:\Programme\Canon\Quick Menu\CNQMUPDT.EXE
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [16855552 2007-10-25] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SkyTel] => C:\WINDOWS\SkyTel.EXE [1826816 2007-10-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [NvMediaCenter] => RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
HKLM\...\Run: [HP Software Update] => C:\Programme\HP\HP Software Update\HPWuSchd2.exe [49152 2007-10-14] (Hewlett-Packard)
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [Autodesk Sync] => C:\Programme\Autodesk\Autodesk Sync\AdSync.exe [383424 2012-02-06] (Autodesk, Inc.)
HKLM\...\Run: [CanonQuickMenu] => C:\Programme\Canon\Quick Menu\CNQMMAIN.EXE [1282632 2013-07-23] (CANON INC.)
HKLM\...\Run: [upt4pc_en_7.exe] => C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\fst_de_69\upt4pc_en_7.exe -runhelper
HKLM\...\Run: [Avira Systray] => C:\Programme\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1275210071-926492609-682003330-1004\...\Run: [Skype] => C:\Programme\Skype\Phone\Skype.exe [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\S-1-5-21-1275210071-926492609-682003330-1004\...\Run: [Akamai NetSession Interface] => C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Akamai\netsession_win.exe [4673432 2014-10-30] (Akamai Technologies, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk [2009-03-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\Dust\Startmenü\Programme\Autostart\Dropbox.lnk [2013-11-27]
ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox\bin\DropboxExt.25.dll [2015-02-11] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [AutoCAD Digital Signatures Icon Overlay Handler] -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll [2012-02-07] (Autodesk, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1275210071-926492609-682003330-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:2602;https=127.0.0.1:2602;
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1275210071-926492609-682003330-1004 -> DefaultScope {F81A849A-5230-46C3-97B6-E1155ABFD2AF} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1275210071-926492609-682003330-1004 -> {F81A849A-5230-46C3-97B6-E1155ABFD2AF} URL = https://www.google.com/search?q={searchTerms}
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2007-11-06] (Hewlett-Packard Co.)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre7\bin\ssv.dll [2013-07-09] (Oracle Corporation)
BHO: LeapFTP Internet Explorer Hook -> {A5479DA1-7843-43A7-B5C0-BE342C77B629} -> C:\Programme\LeapFTP 3.0\lftpie.dll [2008-07-14] (LeapWare)
BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Programme\Java\jre7\bin\jp2ssv.dll [2013-07-09] (Oracle Corporation)
BHO: No Name -> {EAEE5C74-6D0D-4aca-9232-0DA4A7B866BA} -> C:\Programme\PicLensIE\cooliris.dll [2009-04-30] (Cooliris Inc.)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Programme\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2007-11-06] (Hewlett-Packard Co.)
Toolbar: HKU\S-1-5-21-1275210071-926492609-682003330-1004 -> No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
DPF: {0D9392CD-A784-4FCA-9342-0F75F7D7C8CB} hxxp://www.cltnet.de/login/dplaunch.cab
DPF: {31435657-9980-0010-8000-00AA00389B71} hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
DPF: {A9F8D9EC-3D0A-4A60-BD82-FBD64BAD370D} hxxp://h20264.www2.hp.com/ediags/dd/install/HPDriverDiagnosticsxp2k.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: ms-help - {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll [2007-12-28] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\SYSTEM\OLE DB\msdaipp.dll [2003-07-11] (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10] (Skype Technologies S.A.)
Filter: deflate - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Filter: gzip - {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll [2014-03-06] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [94208 2006-02-28] (Apple Computer, Inc.)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default
FF NetworkProxy: "no_proxies_on", "*.local"
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-17] ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Programme\Google\Picasa3\npPicasa3.dll No File
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\WINDOWS\system32\npDeployJava1.dll [2013-07-09] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Programme\Java\jre7\bin\plugin2\npjp2.dll [2013-07-09] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Programme\Microsoft Silverlight\npctrl.1.0.30716.0.dll [2008-07-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.25.11\npGoogleUpdate3.dll No File
FF Plugin: Adobe Reader -> C:\Programme\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\nppdf32.dll [2012-07-30] (Adobe Systems Inc.)
FF Extension: Skype Click to Call - C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2015-04-21]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-04-21]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-04-21]
FF Extension: Java Console - C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-04-21]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2010-10-07]
FF Extension: No Name - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default\extensions\{f8353751-55b8-4258-fd48-33ef1876eb2c} [Not Found]
FF Extension: No Name - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default\extensions\CUFCV96103896@VLCZ37079202.com [Not Found]
FF Extension: No Name - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default\extensions\d5c23cb6-d0cf-4815-8acb-cf20d763e92f@gmail.com [Not Found]
FF Extension: No Name - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Mozilla\Firefox\Profiles\bq0opndw.default\extensions\ff806580-6db3-4c09-ba06-d6caf0e99172@8453cb25-7fef-4ed5-8934-b08be5605617.com [Not Found]
Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.stunde-des-hoechsten.de/de/gebet/gebetsanliegen-lesen.html", "hxxp://www.google.de/"
CHR Profile: C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-06-28]
CHR Extension: (Google Drive) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-06-28]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-08]
CHR Extension: (YouTube) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-06-28]
CHR Extension: (Google Search) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-06-28]
CHR Extension: (Skype Click to Call) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-06-28]
CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-06-28]
CHR Extension: (Gmail) - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-06-28]
CHR HKLM\...\Chrome\Extension: [aaaangmfdabjilefmognkgcebjgcojek] - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\APN\GoogleCRXs\aaaangmfdabjilefmognkgcebjgcojek_7.14.1.0.crx [Not Found]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Programme\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-10-10]
StartMenuInternet: Chrome.7PJGQCDPPEBVE77SFQGWOPEMSE - C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\Chrome\Application\chrome.exe
Opera:
=======
OPR Extension: (video MediaPlayer) - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Extensions\dnaojefanpmakfgcaliphepgoiiafmpf [2014-06-28]
OPR Extension: (Fraven 1.1) - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Extensions\hcpdbkoonabfhfkeiaanphdfonombbpb [2014-06-28]
OPR Extension: (HDV1.6) - C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Opera Software\Opera Stable\Extensions\jgielablfighaafogapfgpnlieaajbgk [2014-06-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Adobe LM Service; C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2009-03-06] (Adobe Systems) [File not signed]
R2 AdobeActiveFileMonitor4.0; C:\Programme\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe [102400 2005-10-03] () [File not signed]
R2 Autodesk Content Service; C:\Programme\Autodesk\Content Service\Connect.Service.ContentService.exe [19232 2012-01-31] (Autodesk, Inc.)
R2 Avira.OE.ServiceHost; C:\Programme\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [229376 2006-02-28] (Apple Computer, Inc.) [File not signed]
S3 FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816 2014-03-29] (Flexera Software, Inc.)
R2 ForcewareWebInterface; C:\Programme\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe [20543 2006-04-03] (Apache Software Foundation) [File not signed]
R2 hasplms; C:\WINDOWS\system32\hasplms.exe [4609928 2013-08-09] (SafeNet Inc.)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
R2 JavaQuickStarterService; C:\Programme\Java\jre7\bin\jqs.exe [182184 2013-07-09] (Oracle Corporation)
R2 MBAMScheduler; C:\Programme\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [148080 2015-04-21] (Mozilla Foundation)
S2 MSSQL$SQLEXPRESS; c:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29178224 2007-02-10] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-14] (Microsoft Corporation)
R2 nSvcIp; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe [131131 2006-07-13] (NVIDIA Corporation) [File not signed]
R2 nSvcLog; C:\Programme\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe [65599 2006-07-13] (NVIDIA Corporation) [File not signed]
S3 ose; C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE [89136 2003-07-28] (Microsoft Corporation)
S4 SQLBrowser; c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe [242544 2007-02-10] (Microsoft Corporation)
R2 SQLWriter; c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe [89968 2007-02-10] (Microsoft Corporation)
R2 TeamViewer8; C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe [4150112 2013-06-13] (TeamViewer GmbH)
S2 gupdate; "C:\Programme\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Programme\Google\Update\GoogleUpdate.exe" /medsvc [X]
S3 gusvc; "C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aksfridge; C:\WINDOWS\System32\DRIVERS\aksfridge.sys [376200 2013-08-09] (SafeNet Inc.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [244040 2013-08-09] (SafeNet Inc.)
S3 akshhl; C:\WINDOWS\System32\DRIVERS\akshhl.sys [53192 2013-08-09] (SafeNet Inc.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [296200 2013-08-09] (SafeNet Inc.)
R2 ASCTRM; C:\WINDOWS\system32\Drivers\ASCTRM.sys [8552 2009-03-05] (Windows (R) 2000 DDK provider)
S3 BVRPMPR5; C:\WINDOWS\system32\drivers\BVRPMPR5.SYS [49904 2008-06-18] (Avanquest Software) [File not signed]
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-14] (Microsoft Corporation)
S3 DCamUSBSQTECH; C:\WINDOWS\System32\Drivers\SQcaptur.sys [29744 2003-10-28] (Service & Quality Technology.) [File not signed]
R2 hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [608648 2013-08-09] (SafeNet Inc.)
R3 irsir; C:\WINDOWS\System32\DRIVERS\irsir.sys [18688 2001-08-17] (Microsoft Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [119512 2015-05-10] (Malwarebytes Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-14] (Microsoft Corporation)
R3 NVENETFD; C:\WINDOWS\System32\DRIVERS\NVENETFD.sys [57856 2006-07-11] (NVIDIA Corporation)
R0 nvgts; C:\WINDOWS\System32\DRIVERS\nvgts.sys [102400 2007-08-09] (NVIDIA Corporation)
R3 nvnetbus; C:\WINDOWS\System32\DRIVERS\nvnetbus.sys [20480 2006-07-11] (NVIDIA Corporation)
R3 Rasirda; C:\WINDOWS\System32\DRIVERS\rasirda.sys [19584 2001-08-17] (Microsoft Corporation)
S3 wanatw; C:\WINDOWS\System32\DRIVERS\wanatw4.sys [33588 2003-01-10] (America Online, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 CFcatchme; \??\C:\ComboFix\CFcatchme.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U3 TlntSvr; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 14:52 - 2015-05-10 14:52 - 00000000 ____D () C:\RegBackup
2015-05-10 14:51 - 2015-05-10 14:51 - 02720307 _____ (Thisisu) C:\Programme\JRT.exe
2015-05-10 14:40 - 2015-05-10 14:43 - 00000000 ____D () C:\AdwCleaner
2015-05-10 14:40 - 2015-05-10 14:40 - 02204160 _____ () C:\Programme\AdwCleaner_4.203.exe
2015-05-10 14:18 - 2015-05-10 14:19 - 00000000 ____D () C:\Avenger
2015-05-10 09:26 - 2015-05-10 09:26 - 00002271 _____ () C:\Dokumente und Einstellungen\Dust\Desktop\mbam.txt
2015-05-10 08:35 - 2015-05-10 14:55 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-05-10 08:35 - 2015-05-10 08:35 - 00000791 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-10 08:35 - 2015-05-10 08:35 - 00000000 ____D () C:\Programme\Malwarebytes Anti-Malware
2015-05-10 08:35 - 2015-05-10 08:35 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2015-05-10 08:35 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-05-10 08:35 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-05-10 08:34 - 2015-05-10 08:34 - 21546080 _____ (Malwarebytes Corporation ) C:\Programme\mbam-setup-2.1.6.1022.exe
2015-05-08 10:16 - 2015-05-08 10:16 - 00000587 _____ () C:\Dokumente und Einstellungen\Dust\Desktop\Verknüpfung mit ComboFix.exe.lnk
2015-05-08 10:15 - 2015-05-08 15:37 - 00000000 ___SD () C:\32788R22FWJFW
2015-05-08 10:14 - 2015-05-08 10:15 - 05621999 ____R (Swearware) C:\Programme\ComboFix.exe
2015-05-08 09:55 - 2015-05-08 09:55 - 00000931 _____ () C:\Dokumente und Einstellungen\Dust\Desktop\Revo Uninstaller.lnk
2015-05-08 09:55 - 2015-05-08 09:55 - 00000000 ____D () C:\Programme\VS Revo Group
2015-05-08 09:54 - 2015-05-08 09:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Programme\revosetup95.exe
2015-05-07 12:33 - 2015-05-07 12:36 - 00084189 _____ () C:\Programme\Addition.txt
2015-05-07 12:29 - 2015-05-10 15:02 - 00024920 _____ () C:\Programme\FRST.txt
2015-05-07 12:12 - 2015-05-10 15:01 - 00000000 ____D () C:\FRST
2015-05-07 12:11 - 2015-05-07 12:11 - 01141248 _____ (Farbar) C:\Programme\FRST.exe
2015-05-07 11:04 - 2015-05-07 11:04 - 00090112 _____ () C:\WINDOWS\Minidump\Mini050715-02.dmp
2015-05-07 10:24 - 2015-05-07 10:24 - 00090112 _____ () C:\WINDOWS\Minidump\Mini050715-01.dmp
2015-05-07 09:55 - 2015-05-10 14:45 - 00000388 _____ () C:\WINDOWS\Tasks\Opera scheduled Autoupdate 1430985333.job
2015-05-07 09:55 - 2015-05-07 09:55 - 00000689 _____ () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Opera.lnk
2015-05-07 09:55 - 2015-05-07 09:55 - 00000689 _____ () C:\Dokumente und Einstellungen\All Users\Desktop\Opera.lnk
2015-05-07 09:54 - 2015-05-07 09:54 - 32623176 _____ (Opera Software) C:\Programme\Opera_28.0.1750.51_Setup.exe
2015-05-01 12:10 - 2015-05-06 12:24 - 00000000 ____D () C:\video
2015-04-25 10:21 - 2015-05-07 13:32 - 00000000 ____D () C:\harzausflug0415
2015-04-21 17:54 - 2015-04-21 17:56 - 00000000 ____D () C:\Programme\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-05-10 15:02 - 2013-07-08 11:04 - 00000000 ____D () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp
2015-05-10 15:01 - 2009-03-04 13:18 - 00000000 ___RD () C:\Programme
2015-05-10 14:48 - 2013-11-27 11:31 - 00000000 ___RD () C:\Dokumente und Einstellungen\Dust\Eigene Dateien\Dropbox
2015-05-10 14:48 - 2013-11-27 11:29 - 00000000 ____D () C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\Dropbox
2015-05-10 14:48 - 2011-12-29 17:37 - 00000000 ____D () C:\allewebprojekte
2015-05-10 14:47 - 2009-03-04 13:42 - 00000000 _____ () C:\WINDOWS\system32\nmp.log
2015-05-10 14:46 - 2010-02-08 13:58 - 01779859 _____ () C:\WINDOWS\WindowsUpdate.log
2015-05-10 14:46 - 2009-03-04 13:49 - 00182038 _____ () C:\WINDOWS\system32\nvapps.xml
2015-05-10 14:45 - 2014-12-26 18:27 - 00001082 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-10 14:45 - 2014-03-22 15:13 - 00000220 _____ () C:\WINDOWS\Tasks\Ende des Supports für Microsoft Windows XP – Benachrichtigung – Anmeldung.job
2015-05-10 14:45 - 2013-07-09 19:25 - 00000000 ____D () C:\Programme\Opera
2015-05-10 14:45 - 2013-07-08 11:04 - 00000000 ____D () C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\temp
2015-05-10 14:45 - 2009-03-04 13:34 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-05-10 14:45 - 2009-03-04 13:20 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-05-10 14:45 - 2009-03-04 13:20 - 00000050 _____ () C:\WINDOWS\wiaservc.log
2015-05-10 14:44 - 2013-12-02 19:26 - 00338438 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
2015-05-10 14:44 - 2009-03-04 13:37 - 00000300 ___SH () C:\Dokumente und Einstellungen\Dust\ntuser.ini
2015-05-10 14:44 - 2009-03-04 13:34 - 00032430 _____ () C:\WINDOWS\SchedLgU.Txt
2015-05-10 14:43 - 2014-05-03 10:28 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Soft-Now bundle
2015-05-10 14:32 - 2014-12-26 18:27 - 00001086 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-10 14:27 - 2012-04-09 12:41 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-05-10 09:29 - 2014-06-28 15:24 - 00000000 ____D () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\com
2015-05-10 09:29 - 2013-12-02 19:26 - 08898664 _____ () C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-1275210071-926492609-682003330-1004-0.dat
2015-05-10 08:35 - 2013-07-04 21:03 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-05-10 08:35 - 2009-03-04 13:17 - 00000000 ___RD () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-05-10 08:21 - 2009-07-23 16:51 - 00002607 _____ () C:\Dokumente und Einstellungen\Dust\Desktop\Microsoft Office Outlook 2003.lnk
2015-05-09 13:07 - 2008-04-14 14:00 - 00000766 _____ () C:\WINDOWS\win.ini
2015-05-09 10:28 - 2015-02-15 13:40 - 00000000 ____D () C:\bilderpapa2
2015-05-09 09:59 - 2013-11-27 11:31 - 00001043 _____ () C:\Dokumente und Einstellungen\Dust\Desktop\Dropbox.lnk
2015-05-09 09:59 - 2013-11-27 11:29 - 00000000 ____D () C:\Dokumente und Einstellungen\Dust\Startmenü\Programme\Dropbox
2015-05-09 09:59 - 2009-03-04 13:37 - 00000000 ___RD () C:\Dokumente und Einstellungen\Dust\Startmenü\Programme\Autostart
2015-05-08 16:04 - 2014-02-04 19:38 - 00000276 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2015-05-08 10:23 - 2013-07-09 19:00 - 00000000 ____D () C:\Programme\Avira
2015-05-08 10:20 - 2013-07-09 19:00 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
2015-05-08 10:20 - 2013-07-04 21:41 - 00529855 _____ () C:\WINDOWS\setupapi.log
2015-05-08 10:20 - 2012-03-11 18:17 - 00000000 ____D () C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Avira
2015-05-08 10:15 - 2013-07-08 10:45 - 00000000 ____D () C:\WINDOWS\erdnt
2015-05-08 09:55 - 2009-03-04 13:37 - 00000000 ___RD () C:\Dokumente und Einstellungen\Dust\Startmenü\Programme
2015-05-07 18:12 - 2009-03-04 13:37 - 00000000 ____D () C:\Dokumente und Einstellungen\Dust
2015-05-07 16:31 - 2013-07-05 12:55 - 00000664 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-05-07 15:31 - 2011-01-11 21:09 - 00000000 ____D () C:\WINDOWS\system32\NtmsData
2015-05-07 11:32 - 2009-03-04 13:29 - 00000000 ____D () C:\WINDOWS\Registration
2015-05-07 11:04 - 2009-10-02 15:33 - 00000000 ____D () C:\WINDOWS\Minidump
2015-04-26 18:00 - 2008-04-14 14:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2015-04-22 12:48 - 2014-06-21 11:57 - 00000000 ____D () C:\Programme\Mozilla Maintenance Service
2015-04-17 10:27 - 2012-04-09 12:41 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-04-17 10:27 - 2011-12-28 17:10 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-04-15 10:28 - 2013-07-11 11:56 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-04-15 10:16 - 2009-03-04 14:23 - 125832184 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2009-04-14 17:30 - 2009-04-14 17:30 - 2063321 _____ (GraphicRegion.com ) C:\Programme\ablerawer14_setup.exe
2009-10-17 13:31 - 2009-10-17 13:31 - 28565216 _____ ( ) C:\Programme\AdbeRdr920_de_DE.exe
2010-02-11 11:33 - 2010-07-07 11:27 - 28534656 _____ ( ) C:\Programme\AdbeRdr930_de_DE.exe
2015-05-07 12:33 - 2015-05-07 12:36 - 0084189 _____ () C:\Programme\Addition.txt
2015-05-10 14:40 - 2015-05-10 14:40 - 2204160 _____ () C:\Programme\AdwCleaner_4.203.exe
2009-03-06 19:10 - 2009-03-06 19:10 - 2708156 _____ () C:\Programme\Apo202.exe
2009-03-11 18:10 - 2009-03-11 18:10 - 2708156 _____ () C:\Programme\Apo202b.exe
2009-03-06 19:11 - 2009-03-06 19:11 - 0441748 _____ () C:\Programme\apo202src.zip
2009-03-06 19:11 - 2009-03-06 19:11 - 0393042 _____ () C:\Programme\Apomap1.exe
2009-03-11 18:09 - 2009-03-11 18:09 - 0393042 _____ () C:\Programme\Apomap1b.exe
2009-03-06 19:11 - 2009-03-06 19:11 - 0596860 _____ () C:\Programme\Apoph101.exe
2009-03-11 18:09 - 2009-03-11 18:09 - 0596860 _____ () C:\Programme\Apoph101b.exe
2009-03-06 21:36 - 2009-03-06 21:36 - 47828912 _____ (ashampoo GmbH & Co. KG ) C:\Programme\ashampoo_photo_commander_7_710_sm.exe
2009-11-28 21:20 - 2009-11-28 21:20 - 31066056 _____ () C:\Programme\avira_antivir_personal415_de.exe
2009-11-28 21:23 - 2010-11-18 12:02 - 44151368 _____ () C:\Programme\avira_antivir_personal_de.exe
2013-07-08 12:20 - 2013-07-08 12:21 - 2092792 _____ () C:\Programme\avira_free_antivirus.exe
2010-10-07 12:17 - 2010-10-09 09:33 - 36589669 _____ () C:\Programme\cbuilder_xe_win_esd.zip
2015-05-08 10:14 - 2015-05-08 10:15 - 5621999 ____R (Swearware) C:\Programme\ComboFix.exe
2009-05-14 15:35 - 2009-05-14 15:36 - 2707968 _____ () C:\Programme\cooliris-win-iefull-release-1.10.0.25085.en-US.msi
2009-04-16 18:45 - 2009-04-16 18:45 - 0627297 _____ (Freshworx ) C:\Programme\etopelister-install.exe
2010-10-07 12:13 - 2010-10-07 12:14 - 0327168 _____ () C:\Programme\Facemoods.exe
2010-05-04 16:28 - 2010-05-04 16:28 - 4076719 _____ () C:\Programme\FileZilla_3.2.7.1_win32-setup.exe
2009-03-06 19:11 - 2009-03-06 19:11 - 0055452 _____ () C:\Programme\flame-chm.zip
2009-03-11 18:10 - 2009-03-11 18:10 - 0055452 _____ () C:\Programme\flame-chmb.zip
2009-03-06 19:15 - 2009-03-06 19:15 - 0039140 _____ () C:\Programme\flamepack7.zip
2009-03-06 21:29 - 2009-03-06 21:29 - 10473064 _____ (IN MEDIA KG ) C:\Programme\fotoworks_setup.exe
2015-05-07 12:11 - 2015-05-07 12:11 - 1141248 _____ (Farbar) C:\Programme\FRST.exe
2015-05-07 12:29 - 2015-05-10 15:02 - 0033523 _____ () C:\Programme\FRST.txt
2009-03-06 21:38 - 2009-03-06 21:38 - 16006800 _____ ( ) C:\Programme\gimp-2.6.5-i686-setup.exe
2009-03-19 14:02 - 2009-03-19 14:02 - 6409944 _____ (EXP Systems LLC) C:\Programme\Install_PDFR_v228.exe
2011-04-16 18:22 - 2011-04-16 18:22 - 0885024 _____ (Sun Microsystems, Inc.) C:\Programme\jre-6u24-windows-i586-iftw.exe
2015-05-10 14:51 - 2015-05-10 14:51 - 2720307 _____ (Thisisu) C:\Programme\JRT.exe
2009-03-06 21:01 - 2009-03-06 21:01 - 0154846 _____ () C:\Programme\jubu-flames.rar
2009-03-07 12:09 - 2009-03-07 12:10 - 39235584 _____ () C:\Programme\k4b03dex.exe
2009-03-06 19:05 - 2009-03-06 19:05 - 5062814 _____ (InstallShield Software Corporation) C:\Programme\k620cdex.exe
2009-03-07 12:35 - 2009-03-07 12:35 - 5055560 _____ (InstallShield Software Corporation) C:\Programme\k620cenx.exe
2009-03-06 18:27 - 2009-03-06 18:27 - 32453152 _____ (InstallShield Software Corporation) C:\Programme\K690adex.exe
2009-03-07 11:59 - 2009-03-07 11:59 - 32453152 _____ (InstallShield Software Corporation) C:\Programme\K690adexb.exe
2009-03-07 12:37 - 2009-03-07 12:37 - 32440072 _____ (InstallShield Software Corporation) C:\Programme\K690aenx.exe
2009-03-06 18:32 - 2009-03-06 18:32 - 32440072 _____ (InstallShield Software Corporation) C:\Programme\K690aenxm.exe
2009-03-07 11:56 - 2009-03-07 11:56 - 78327355 _____ () C:\Programme\k8530dex.zip
2009-10-17 15:04 - 2009-10-17 15:04 - 2297244 _____ () C:\Programme\mapserver-5.6.0-beta3.tar.gz
2015-05-10 08:34 - 2015-05-10 08:34 - 21546080 _____ (Malwarebytes Corporation ) C:\Programme\mbam-setup-2.1.6.1022.exe
2015-05-07 09:54 - 2015-05-07 09:54 - 32623176 _____ (Opera Software) C:\Programme\Opera_28.0.1750.51_Setup.exe
2010-10-27 11:01 - 2010-10-27 11:01 - 2288616 _____ (ParetoLogic Inc.) C:\Programme\ParetoLogic FileCure.exe
2010-01-03 16:44 - 2010-01-03 16:44 - 2470416 _____ (ParetoLogic Inc.) C:\Programme\ParetoLogic FileCure_bup_.exe
2010-01-03 16:45 - 2010-01-03 16:45 - 2470416 _____ (ParetoLogic Inc.) C:\Programme\ParetoLogic FileCure_ifo_.exe
2009-05-15 19:51 - 2009-05-15 19:51 - 3485376 _____ (HDRsoft Sarl ) C:\Programme\PhotomatixPro313de.exe
2009-03-06 21:35 - 2009-03-06 21:35 - 9934392 _____ (Google Inc.) C:\Programme\picasa3-setup.exe
2009-04-14 18:05 - 2009-04-14 18:05 - 8862548 _____ () C:\Programme\rawtherapee23.exe
2009-04-08 12:57 - 2009-04-08 12:57 - 11969419 _____ () C:\Programme\rawtherapee24rc2.exe
2015-05-08 09:54 - 2015-05-08 09:54 - 2623656 _____ (VS Revo Group Ltd.) C:\Programme\revosetup95.exe
2009-04-16 17:14 - 2009-07-21 20:39 - 18699392 _____ () C:\Programme\setupDE.exe
2011-04-14 12:48 - 2011-04-14 12:48 - 1029000 _____ (Skype Technologies S.A.) C:\Programme\SkypeSetup.exe
2009-04-17 16:43 - 2009-04-17 16:43 - 18458240 _____ () C:\Programme\turbolister.exe
2009-03-07 12:17 - 2009-03-07 12:17 - 32453152 _____ (InstallShield Software Corporation) C:\Programme\zoom browser ex.exe
2009-03-07 20:26 - 2009-03-07 20:26 - 32453152 _____ (InstallShield Software Corporation) C:\Programme\zoombrowser2.exe
2009-03-07 12:36 - 2009-03-07 12:36 - 5055560 _____ (InstallShield Software Corporation) C:\Programme\zoombrw.exe
2009-03-05 17:32 - 2009-03-05 21:01 - 0000070 _____ () C:\Dokumente und Einstellungen\Dust\Anwendungsdaten\wklnhst.dat
2009-10-17 14:28 - 2009-10-22 17:38 - 2183680 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\cooliris-win-ie-release-1.10.1.25877.de-DE.msi
2009-07-29 15:09 - 2009-07-29 15:10 - 2119680 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\cooliris-win-ie-release-1.11.2.27471.en-US.msi
2009-10-14 11:43 - 2009-10-14 11:43 - 2124288 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\cooliris-win-ie-release-1.11.5.29501.en-US.msi
2014-01-05 18:26 - 2014-01-05 18:26 - 0000664 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\d3d9caps.dat
2009-03-07 10:11 - 2013-12-31 11:49 - 0014336 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2009-05-15 19:54 - 2009-05-15 19:54 - 0000137 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
2014-07-19 19:58 - 2014-07-19 19:58 - 0003298 _____ () C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\Anwendungsdaten\recently-used.xbel
Some content of TEMP:
====================
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\5kgxuba4.dll
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\AcDeltree.exe
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\avgnt.exe
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\cf7sq8fl.dll
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzrsclu.dll
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\e-ovtz0c.dll
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\lkjha6i9.dll
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\MSETUP4.EXE
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\Quarantine.exe
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\sqlite3.dll
C:\Dokumente und Einstellungen\Dust\Lokale Einstellungen\temp\x2zacksf.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Hallo, das mit jrt.exe h at nicht funktioniert, der Scandurchlauf lief an, dann hörte er aber einfach nach kurzer Zeit auf ohne eine Datei irgendwo zu hinterlassen, habe es drei mal probiert. Ich habe auch noch eine zweite Datei geschickt, aber ich weiß nicht wo die hier auf dem Trojanerbord gelandet ist, irgendwie ist sie im Moment nicht zu sehen, finden Sie die Antwort- ich habe vier Antworten geschickt, Grüße |
FRST 32-Bit | FRST 64-Bit
Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
dann auf 
und dann auf 
. 
WARNUNG an die MITLESER: 
