| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. VistaWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.09.2014, 22:08
| #1 |
 |  Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Hallo ZUSAMMEN  ich habe seit längerem das Problem, dass sich ständig Werbung im meinem Firefox Browser automatisch öffnet. Außerdem ist mein Rechner extrem langsam - nicht nur beim Surfen, sondern auch bei normalen Programmabläufen im Offlinebereich. Heute bin ich bei meiner Fehlersuche auf einen Artikel über große Probleme im Sicherheitsbereich von Java gestoßen. Daraufhin habe ich angefangen sämtliche Programme, die auf meinem Rechner bei google zu erforschen. Dies habe ich auch getan, weil einige Programme wie zum Beispiel "Feven 1.5" nicht deinstalliert werden konnten - nun weiß ich natürlich auch warum das so ist. Auf meiner Suche habe ich bisher Feven 1.5, Better Surf Plus & Search Protect als klare Bedrohungen outen können. Als ich mir eine Deinstallations-Anleitung für "Feven" einholen wollte, bin ich auf eure Seite gestoßen. Inzwischen habe ich mir auch "Anti-Male-Ware" von "Mailwarebytes" installiert. Nun benötige ich bitte eine Anleitung wie ich weiter vorgehe. So wie es für mich aussieht, ist mein halber PC verseucht. Ich möchte ihn jedoch nicht aufgeben - hängt auch mit wichtigen Programmen für die Arbeit zusammen. Vorab besten Dank für eure Hilfe! |
|
10.09.2014, 22:11
| #2 |
| /// TB-Ausbilder /// Anleitungs-Guru  |  Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Mein Name ist Jürgen und ich werde Dir bei Deinem Problem behilflich sein. Zusammen schaffen wir das... 
 Hinweis:Ich kann Dir niemals eine Garantie geben, dass wir alle schädlichen Dateien finden werden. Eine Formatierung ist meist der schnellere und immer der sicherste Weg, aber auch nur bei wirklicher Malware empfehlenswert. Adware & Co. können wir sehr gut entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Du mein clean  bekommst.Los geht's: Schritt 1   Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
Lesestoff Posten in CODE-Tags: So gehts... Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert uns massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu groß für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
10.09.2014, 23:15
| #3 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. VistaCode:
ATTFilter [BAdwCleaner Logfile:  |
|
10.09.2014, 23:17
| #4 |
| /// TB-Ausbilder /// Anleitungs-Guru | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Äh...wie wäre es, wenn Du meine Anweisungen befolgst?  Schritt 1 usw. 
__________________ Gruß deeprybka  Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
11.09.2014, 18:18
| #5 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. VistaCode:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 19:03 on 11/09/2014 (Madeleine)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Ich habe jetzt die folgende Liste abgearbeitet: Speichere alle unsere Tools auf dem Desktop ab. Link: So ladet Ihr unsere Tools richtig Schritt 1: Laufwerksemulationen abschalten mit Defogger Punkt 2 weitermachen ? |
|
11.09.2014, 18:37
| #6 |
| /// TB-Ausbilder /// Anleitungs-Guru | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Hi, bitte befolge nur die Anweisungen die ich hier in den Thread poste. D.h. für Dich Schritt 1 Scan mit FRST.
__________________ --> Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista |
|
11.09.2014, 19:16
| #7 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista FRST Additions Logfile: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-11 20:06:47
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
Ask Toolbar (HKLM\...\{4F524A2D-5637-4300-76A7-A758B70C1001}) (Version: 12.16.1.29 - APN, LLC) <==== ATTENTION
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - )
Better Surf Plus (HKLM\...\Better Surf Plus) (Version: 1.1 - Better Surf) <==== ATTENTION
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
eBay Icon (HKLM\...\eBay Icon) (Version: 1.0 - AD ON Multimedia Advertising GmbH)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FAST Gigabank (HKLM\...\FAST Gigabank_is1) (Version: 2.0 - FAST LTA AG)
Feven 1.5 (HKLM\...\Feven 1.5) (Version: 1.32.153.0 - Feven) <==== ATTENTION
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 5.1.4 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
LyricsContainer (HKLM\...\{d07a13d9-0763-4d61-b23a-3e133e87ef96}) (Version: - RYD Software) <==== ATTENTION
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Media View (HKLM\...\MediaViewV1alpha1043) (Version: 1.1 - Media View) <==== ATTENTION
Media Viewer (HKLM\...\MediaViewerV1alpha1209) (Version: 1.1 - Media Viewer) <==== ATTENTION
Media Watch (HKLM\...\MediaWatchV1home2672) (Version: 1.1 - Media Watch) <==== ATTENTION
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{36C97B5B-5593-45B8-B50E-DAD87036BD9D}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - MyPC Backup) <==== ATTENTION
Nokia Connectivity Cable Driver (HKLM\...\{11964613-805F-432D-A12B-169554B793E7}) (Version: 6.84.4.0 - Nokia)
Nokia NSeries Application Installer (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Application Installer 6.83.11 (HKLM\...\Nokia NSeries Application Installer) (Version: - Nokia)
Nokia NSeries Content Copier (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Content Copier 6.83.11 (HKLM\...\Nokia NSeries Content Copier) (Version: - Nokia)
Nokia NSeries One Touch Access (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries One Touch Access 6.83.11 (HKLM\...\Nokia NSeries One Touch Access) (Version: - Nokia)
Nokia Nseries PC Suite (HKLM\...\{06A0A943-6ECF-4586-8EC7-58DF050B7CDB}) (Version: 2.0.260 - Nokia)
Nokia NSeries System Utilities (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries System Utilities 6.83.11 (HKLM\...\Nokia NSeries System Utilities) (Version: - Nokia)
Nokia Photos (HKLM\...\{100B729F-07A2-4A81-A28C-AE4A14FB4FB7}) (Version: 1.0.237 - Ihr Firmenname)
Nokia Software Updater (HKLM\...\{FE5D756F-71E1-47C4-972A-D6775344B40B}) (Version: 01.04.000.29353 - Nokia Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
Optimizer Pro v3.2 (HKLM\...\Optimizer Pro_is1) (Version: - PC Utilities Software Limited) <==== ATTENTION
PC Connectivity Solution (HKLM\...\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}) (Version: 7.22.7.1 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
SweetIM Toolbar for Internet Explorer 3.9 (HKLM\...\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}) (Version: 3.9.0007 - SweetIM Technologies Ltd.) <==== ATTENTION
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
VIS (HKLM\...\VIS) (Version: - ) <==== ATTENTION
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) (HKLM\...\4077F884D1BB007055BDB83B621D87220A73F30F) (Version: 06/01/2007 6.84.33.0 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
WinSecurity (HKLM\...\WinSecurity) (Version: - )
WPM17.8.0.3159 (HKLM\...\WPM) (Version: 17.8.0.3159 - Cherished Technololgy LIMITED) <==== ATTENTION
Wsys Control 10.2.1.2652 (HKLM\...\WsysControl) (Version: 10.2.1.2652 - Wsys Co., Ltd.) <==== ATTENTION
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{61f0d019-b016-4d56-9dae-7b7706cd6755}\InprocServer32 -> C:\Users\Madeleine\AppData\LocalLow\RadioTotal4\prxtbRad0.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Madeleine\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{A10D1118-27C0-4CAF-8D9A-DDAE7EFEDD59}\InprocServer32 -> 42494E41525953545245414D0300000003000000007CA7888E81D11003D7AB764E989B94C47736B3DF53227969A9293AE94C (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{F498FE2B-6CB2-4EE5-A384-D93B11091457}\InprocServer32 -> C:\Users\Madeleine\AppData\LocalLow\RadioTotal4\prxtbRad0.dll No File
==================== Restore Points =========================
29-08-2014 14:04:58 Geplanter Prüfpunkt
09-09-2014 14:03:26 Geplanter Prüfpunkt
10-09-2014 19:36:30 Removed iTunes
10-09-2014 19:59:40 Removed Java 7 Update 55
10-09-2014 20:01:45 Removed Java(TM) 6 Update 16
10-09-2014 20:03:21 Removed Java(TM) 6 Update 37
10-09-2014 20:07:34 Removed Skype™ 6.11
11-09-2014 14:52:18 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2011-04-16 19:05 - 00000814 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
74.208.10.249 gs.apple.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {086A8FC0-070E-48F1-B604-ED682F605F81} - System32\Tasks\{132BC443-25C9-44C9-84B9-2A4334F78896} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F5FFEFA-3703-40D9-B356-13D037C44D06} - System32\Tasks\AdobeAAMUpdater-1.0-Madeleine-PC-Madeleine => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {2C97108E-C928-48B9-AE7D-8A02E3DF1BE5} - \Feven 1.5-enabler No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D680F75-59D7-4DE1-8ED8-9DA641AB6946} - \BrowserDefendert No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4FF765E6-CAA2-4333-8D80-E3CA59D2C654} - \AmiUpdXp No Task File <==== ATTENTION
Task: {55B3DA69-5676-432B-BE5A-62FBB470C740} - \Feven 1.5-codedownloader No Task File <==== ATTENTION
Task: {5A094696-F9AE-4E59-A6E7-2B8C786BAB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {64644654-CFF3-4EBB-8566-8EFE3B97DBB6} - System32\Tasks\0814avUpdateInfo => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe [2014-08-12] ()
Task: {70E45419-0013-47A8-9B57-751F1E586C0D} - \Feven 1.5-updater No Task File <==== ATTENTION
Task: {7DA4B87A-E1E7-46B7-A5E8-2237D705C76C} - \Feven 1.5-chromeinstaller No Task File <==== ATTENTION
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {ADCA65C0-211C-4139-A5EE-B6E8E6FC336F} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {B5819B29-1659-471E-B44E-C5F64C798486} - System32\Tasks\{051345A5-0AF2-429F-BC9B-A3AEFD5CF85C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {BF40F182-E830-4E3C-B92D-847A7A02A967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {C09AD99A-A500-4CA1-AB83-A95A8F9AA2AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {D019EE45-9EED-4C88-96DA-0A6E7BE13A7F} - \Feven 1.5-firefoxinstaller No Task File <==== ATTENTION
Task: {DA296E08-42AA-4561-8D12-09D7484FC805} - System32\Tasks\{7C169ADF-65D4-4603-A3C4-9FEFA596E6AC} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\0814avUpdateInfo.job => C:\ProgramData\Avg_Update_0814av\0814av_AVG-Secure-Search-Update.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-08-24 14:44 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-18 07:58 - 2009-02-04 07:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-11-12 14:20 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 36966968 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libcef.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00610872 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-11 19:08 - 2014-08-31 15:50 - 00867896 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00886840 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00108600 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-10 20:06 - 2014-07-30 16:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-09-11 19:01 - 2014-09-11 19:01 - 00050477 _____ () C:\Users\Madeleine\Desktop\Desktop\Defogger.exe
2014-09-10 16:34 - 2014-09-10 21:28 - 16825520 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(2).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental).mp4:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: N82
Description: N82
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2014 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 31.0.0.5310, Zeitstempel 0x53c75e91, fehlerhaftes Modul mozalloc.dll, Version 31.0.0.5310, Zeitstempel 0x53c72e91, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0xf9c, Anwendungsstartzeit plugin-container.exe0.
Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET8
Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET-Zustandsdienst8
Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:59:20 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung mbam.exe, Version 1.0.0.532, Zeitstempel 0x53518532, fehlerhaftes Modul unknown, Version 0.0.0.0, Zeitstempel 0x00000000, Ausnahmecode 0xc0000005, Fehleroffset 0x02b823b0,
Prozess-ID 0xa8c, Anwendungsstartzeit mbam.exe0.
Error: (09/11/2014 00:11:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Eintrag <C:\USERS\MADELEINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL> in der Hash-Zuordnung kann nicht aktualisiert werden.
Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
Error: (09/10/2014 11:46:42 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8
System errors:
=============
Error: (09/11/2014 06:37:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update
Error: (09/10/2014 11:45:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (09/10/2014 11:42:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (09/10/2014 09:33:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2
Error: (09/10/2014 09:08:03 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Windows Search%%1053
Error: (09/10/2014 09:08:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Windows Search
Error: (09/10/2014 09:08:03 PM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
Error: (09/10/2014 08:54:15 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2
Error: (09/10/2014 05:39:58 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: AVGIDSAgent
Error: (09/10/2014 05:39:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2
Microsoft Office Sessions:
=========================
Error: (09/11/2014 05:10:16 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141bf9c01cfcdd2567100ef
Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: ASP.NETASP.NET8
Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:59:36 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: aspnet_stateASP.NET-Zustandsdienst8
Error: (09/11/2014 04:59:25 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:59:20 PM) (Source: LoadPerf) (EventID: 3012) (User: )
Description: Performance16
Error: (09/11/2014 04:48:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: mbam.exe1.0.0.53253518532unknown0.0.0.000000000c000000502b823b0a8c01cfcdcf49c9417f
Error: (09/11/2014 00:11:01 AM) (Source: Windows Search Service) (EventID: 3013) (User: )
Description: Kontext: Anwendung, SystemIndex Katalog
Details:
Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f)
C:\USERS\MADELEINE\APPDATA\ROAMING\MACROMEDIA\FLASH PLAYER\MACROMEDIA.COM\SUPPORT\FLASHPLAYER\SYS\SETTINGS.SOL
Error: (09/10/2014 11:46:42 PM) (Source: LoadPerf) (EventID: 3011) (User: )
Description: WmiApRplWmiApRpl8
CodeIntegrity Errors:
===================================
Date: 2014-09-11 20:06:13.611
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:13.198
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:12.815
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:12.426
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:11.795
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:11.413
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:10.993
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:06:10.568
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:03:01.419
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 20:03:01.039
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 48%
Total physical RAM: 2942.45 MB
Available physical RAM: 1510.52 MB
Total Pagefile: 6131.41 MB
Available Pagefile: 4125.57 MB
Total Virtual: 2047.88 MB
Available Virtual: 1914.45 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:298.09 GB) (Free:143.22 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 94BE57ED)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 11-09-2014 20:06:02
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\Desktop\Desktop\Defogger.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [BabylonToolbar] => "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\BabylonToolbarsrv.exe" /md I
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1942424 2014-08-29] (APN)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files\MyPC Backup\MyPC Backup.exe (No File)
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.crawler.com/search/dispatcher.aspx?tp=aus&qkw=%s&tbid=60747
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,ICQ Search = hxxp://search.icq.com/search/results.php?ch_id=skins7&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
URLSearchHook: HKLM - (No Name) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - No File
URLSearchHook: HKLM - (No Name) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - No File
URLSearchHook: HKLM - (No Name) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No File
URLSearchHook: HKLM - (No Name) - {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=sc&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {002FB0A4-23BC-4FF0-A626-0C0E44CACC4C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN29123739941512176&UM=2
SearchScopes: HKCU - {002FB0A4-23BC-4FF0-A626-0C0E44CACC4C} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3317893&CUI=UN29123739941512176&UM=2
SearchScopes: HKCU - {1CB20BF0-BBAE-40A7-93F4-6435FF3D0411} URL = hxxp://www.crawler.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=60747
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL =
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: CescrtHlpr Object -> {2EECD738-5844-4a99-B4B6-146BF802613B} -> C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.23.10\bh\BabylonToolbar.dll No File
BHO: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO: No Name -> {6844d7d2-99a7-4bb2-84b6-e1b865860cc4} -> No File
BHO: No Name -> {872b5b88-9db5-4310-bdd0-ac189557e5f5} -> No File
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: No Name -> {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} -> No File
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - No Name - !{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} - No File
Toolbar: HKCU - No Name - {E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} - No File
Toolbar: HKCU - No Name - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No File
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
Toolbar: HKCU - No Name - {CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - No File
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @funwebproducts.com/Plugin -> C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ICQ Toolbar - C:\Program Files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2014-05-10]
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKLM\...\Firefox\Extensions: [{ee8cd9f6-dae3-4889-816b-99fe80dae284}] - C:\Program Files\WinSecurity\winsecurity.xpi
FF Extension: WinSecurity - C:\Program Files\WinSecurity\winsecurity.xpi [2013-08-27]
FF HKCU\...\Firefox\Extensions: [{cd288a68-7b21-4f14-b789-82cc44992259}] - C:\Program Files\LyricsContainer\133.xpi
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: No Name - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (LyricsContainer) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh [2013-08-22]
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml [2013-11-01]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (BetterSurf) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap [2013-11-14]
CHR Extension: (VIS) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab [2013-11-18]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR Extension: (topdeal) - C:\ProgramData\nnlikkcdnapggndngajijlcneepblkkk\ [2013-08-22]
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [ingolnlcamoheiiladeoecpgdbjjmlaf] - C:\Program Files\WinSecurity\winsecurity.crx [2013-08-27]
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx [2013-08-27]
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx [2013-08-27]
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx [2013-08-27]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166296 2014-08-29] (APN LLC.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
R3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 20:01 - 2014-09-11 20:06 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 00:07 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-29 15:32 - 2014-08-29 15:32 - 00000320 _____ () C:\Windows\Tasks\0814avUpdateInfo.job
2014-08-29 15:32 - 2014-08-29 15:32 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 20:06 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-11 20:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:49 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 18:54 - 2009-12-12 15:32 - 02026077 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 18:50 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-11 18:45 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-11 18:44 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 18:43 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 18:41 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 18:41 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 18:41 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 18:38 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-11 00:07 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-10 23:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:54 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 23:39 - 2008-01-21 04:47 - 00136100 _____ () C:\Windows\PFRO.log
2014-09-10 23:02 - 2013-11-01 21:56 - 00000000 ____D () C:\ProgramData\eSafe
2014-09-10 22:52 - 2014-01-25 01:44 - 00000000 ____D () C:\ProgramData\topdeal
2014-09-10 22:52 - 2013-12-19 00:05 - 00000000 ____D () C:\Program Files\Optimizer Pro
2014-09-10 22:52 - 2013-12-19 00:05 - 00000000 ____D () C:\Program Files\Feven 1.5
2014-09-10 22:52 - 2013-11-18 18:15 - 00000000 ____D () C:\Program Files\RadioTotal4
2014-09-10 22:52 - 2013-09-11 20:12 - 00000000 ____D () C:\Program Files\LyricsContainer
2014-09-10 22:52 - 2011-04-16 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShopperReports
2014-09-10 22:23 - 2014-01-25 01:43 - 00000000 ____D () C:\ProgramData\sAvernet
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:35 - 2013-12-19 00:06 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:32 - 2014-08-29 15:32 - 00000320 _____ () C:\Windows\Tasks\0814avUpdateInfo.job
2014-08-29 15:32 - 2014-08-29 15:32 - 00000000 ____D () C:\ProgramData\Avg_Update_0814av
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-11 18:48
==================== End Of Log ============================
Hallo Jürgen, Kannst du damit etwas anfangen ? Was soll ich mit dem "Defogger" machen? Den hab ich ja vorhin laufen lassen. Hab jetzt zur Auswahl: Disable und Re-enable... Liebe Grüße & Danke ;-) |
|
11.09.2014, 19:28
| #8 |
| /// TB-Ausbilder /// Anleitungs-Guru | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Hi, gut gemacht. Den Defogger kannst Du so lassen wie er ist. Am Ende der Bereinigung werden wir ihn entfernen. (Hinweis: Die Programme mit ATTENTION findest Du in der Addition.txt die Du oben mit der FRST.txt gepostet hast unter installierte Programme. Der ATTENTION-Zusatz ist bei Revo nicht sichtbar.) So gehts weiter: Schritt 1 Lade Dir bitte Revo Uninstaller  hier herunter.Entpacke die zip-Datei auf den Desktop.
Auch wenn am Ende noch Programme übrig geblieben sind, die den ATTENTION-Zusatz haben, führe den nächsten Schritt aus: Schritt 2
Schritt 3 Bitte lade Dir zoek.exe von hier: http://hijackthis.nl/smeenk/
Schritt 4 Bitte starte FRST erneut, markiere auch die checkbox  und drücke auf Scan. Bitte poste mir den Inhalt der beiden Logs die erstellt werden.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
11.09.2014, 22:44
| #9 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Hello again, ich hoffe ich hab alles so hinbekommen wie gewünscht: Code:
ATTFilter # AdwCleaner v3.309 - Bericht erstellt am 11/09/2014 um 22:01:16
# Aktualisiert 02/09/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzername : Madeleine - MADELEINE-PC
# Gestartet von : C:\Users\Madeleine\Desktop\Desktop\adwcleaner_3.309.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[/!\] Nicht Gelöscht ( Junction ) : C:\Program Files\Gemeinsame Dateien
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\ShopperReports3
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Ordner Gelöscht : C:\Users\Madeleine\Documents\Optimizer Pro
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{800B5000-A755-47E1-992B-48A1C1357F07}
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\128
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\130
Ordner Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\Extensions\staged\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\abfmigjiaapipflmopkaaooigcjjdojh
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cekcjpgehmohobmdiikfnopibipmgnml
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\dedmngkbaffkenlfdcbganndoghblmap
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmlgoencnlndpglbocajlimaikjohmab
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Ordner Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Madeleine\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Windows\system32\conduitEngine.tmp
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\eBay.lnk
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Program Files\Mozilla Firefox\nsprotector.js
Datei Gelöscht : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\user.js
Datei Gelöscht : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ifohbjbgfchkkfhphahclmkpgejiplfo_0.localstorage
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Madeleine\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser (2).lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ingolnlcamoheiiladeoecpgdbjjmlaf
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate this web page with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Translate with Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Powerpoint\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Software\Microsoft\Office\Word\Addins\babylonofficeaddin.officeaddin
Schlüssel Gelöscht : HKCU\Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GutscheinCodes.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioCompress3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFile3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFileWMA3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\NCTAudioFormatSettings3.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\nctaudiocdwriter2.audiocdwriter2.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BabylonToolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\d2d6d0e53bef42
Schlüssel Gelöscht : HKLM\SOFTWARE\d2d6d0e53bef42
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2189224
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2431245
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3297265
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{59279625-EFF0-4F55-98F0-51EDDD800DD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5E50AE1D-BC76-418B-94C4-EFEAC0CEF80C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{69E54DE2-C4ED-4BEC-8046-E3F9AC74B4B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{AD25754E-D76C-42B3-A335-2F81478B722F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F54A0D21-6A53-460C-8301-C694EC9E1033}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{F7BCCFD4-2FA6-477D-A1B0-EF7500B3C49E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{01AD9322-02FF-4F4F-AC52-92FDA5AE65F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F14321-8FED-4CBC-B01A-4B57FC199062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{23BDC78C-B7BB-42E5-B970-54B292592D72}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2656B92B-0207-4AFB-BEBF-F5FD231ECD39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2C6F7E96-73BC-47A5-9F51-B67F0BAFE24D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{34CB0620-E343-4772-BBA8-D3074BC47516}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{412CD209-DDA4-4275-8C79-55F1C93FBD47}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4C58EB04-7B72-4D3D-A36E-66167A99BC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4EE0B011-604C-47F3-8F2B-39F79640B85E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{59570C1F-B692-48C9-91B4-7809E6945287}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5D9E7BE9-95E5-4392-8CD2-D82DE89589ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{63A0F7FA-2C95-4D7E-AF25-EFCC303D20A1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6559E502-6EE1-46B8-A83C-F3A45BDA23EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6AC0BB10-C922-45E2-857D-2A368FE749E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A2858A72-758F-4486-B6A1-7F1DCC0924FA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C63CA8A4-AB4E-49E5-A6C0-33FC86D80205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C6A7847E-8931-4A9A-B4EF-72A91E3CCF4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD5175E2-7CC1-418C-B66C-0AB95DAD4103}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D8BFC514-1135-4393-B09A-193D2AAC5037}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DD0F1D24-E250-4E93-966C-65615720AEFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EC1277BB-1C71-4C0D-BA6D-BFEA16E773A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322852232}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0BBF19A5-BE50-4E06-A340-6777A505E490}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{869E753F-BD0D-4832-8131-94FEEE058AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355855532}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366856632}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{252C2315-CCE0-4446-8DA7-C00292A690BA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2D77AC8A-0A4C-40D0-9557-51907A575E45}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{43B4B831-F41F-4F73-8F14-4FFF0BA75B1B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{6C9945B7-1D19-46CB-88C0-45A24DF6CD6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{84B9B044-17C0-48FB-A300-C9747D5DF29C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{85672EDB-2CC8-40B9-A9E8-77D3478F2EFB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F310F027-15CB-4A7F-B10D-3A4AFB5013A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344854432}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8736C681-37A0-40C6-A0F0-4C083409151C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1CB20BF0-BBAE-40A7-93F4-6435FF3D0411}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\Imesh
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\lollipop
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Tbccint_HKLM
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\mediabarim
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ShopperReports3
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\BetterSurf
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\eSafeSecControl
Schlüssel Gelöscht : HKLM\SOFTWARE\ICQ\ICQToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaPlayerV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaViewerV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaViewV1
Schlüssel Gelöscht : HKLM\SOFTWARE\MediaWatchV1
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Video downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinSecurity
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{608FB285-F572-48DE-AE44-28ABFF3F6BF9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A6CC2CA2-2779-4F10-88BF-A3C9EB874C24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Babylon
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\dosearches Browser Protecter
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Feven 1.5
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\VIS
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WinSecurity
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Wpm
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\WsysControl
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16575
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js ]
[ Datei : C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.sm.de/?q={searchTerms}
Gelöscht [Search Provider] : hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=DVS2&o=1586&locale=de_DE&apn_uid=&apn_ptnrs=%5EAAA&apn_sauid=&apn_dtid=%5EYYYYYY%5EYY%5EDE&psv=&q={searchTerms}
*************************
AdwCleaner[R0].txt - [38976 octets] - [10/09/2014 23:57:00]
AdwCleaner[R1].txt - [39037 octets] - [11/09/2014 00:06:38]
AdwCleaner[R2].txt - [35056 octets] - [11/09/2014 21:28:52]
AdwCleaner[R3].txt - [33284 octets] - [11/09/2014 21:34:58]
AdwCleaner[R4].txt - [31314 octets] - [11/09/2014 21:49:30]
AdwCleaner[S0].txt - [2310 octets] - [11/09/2014 21:31:18]
AdwCleaner[S1].txt - [2550 octets] - [11/09/2014 21:36:56]
AdwCleaner[S2].txt - [29192 octets] - [11/09/2014 22:01:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [29253 octets] ##########
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Madeleine on 11.09.2014 at 22:15:15,18.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Madeleine\Desktop\Desktop\zoek.exe [Scan all users] [Script inserted]
===== Runcheck 22:16:53,89 =====
--- Create Environment Variables 22:16:55,56
--- Create System Restore Point 22:17:05,09
Code:
ATTFilter Zoek.exe v5.0.0.0 Updated 10-September-2014
Tool run by Madeleine on 11.09.2014 at 22:15:15,18.
Microsoft® Windows Vista™ Home Premium 6.0.6002 Service Pack 2 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Madeleine\Desktop\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
11.09.2014 22:17:40 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Internet Explorer\SearchScopes\{002FB0A4-23BC-4FF0-A626-0C0E44CACC4C} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{61f0d019-b016-4d56-9dae-7b7706cd6755} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully
HKEY_USERS\S-1-5-21-491985906-3955461640-2065506893-1000\Software\Mozilla\Firefox\Extensions\{cd288a68-7b21-4f14-b789-82cc44992259} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F} deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\internet explorer\urlsearchhooks\{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\!{6844d7d2-99a7-4bb2-84b6-e1b865860cc4} deleted successfully
HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\{ee8cd9f6-dae3-4889-816b-99fe80dae284} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{ee8cd9f6-dae3-4889-816b-99fe80dae284} deleted successfully
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js:
Added to C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\tco4ifj7.default\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js:
Added to C:\Users\MADELE~1\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474\prefs.js:
user_pref("browser.startup.homepage", "hxxp://www.google.com");
user_pref("browser.search.defaulturl", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "hxxp://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "hxxp://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Habe noch die Datei runcheck.txt und zoeck-results.txt. im system c gefunden. Benötigst du diese auch? Schritt 4 Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-09-2014
Ran by Madeleine at 2014-09-11 23:39:39
Running from C:\Users\Madeleine\Desktop\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version: - Adobe Systems Incorporated)
Adobe AIR (HKLM\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe AIR (Version: 2.7.1.19610 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Community Help (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5 Design Standard (HKLM\...\{49DC7D87-B9F9-4782-9386-B7F13BC75E48}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Media Player (HKLM\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
Adobe Media Player (Version: 1.8 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.11) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.11 - Adobe Systems Incorporated)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
AVM FRITZ!WLAN (HKLM\...\AVMWLANCLI) (Version: - )
Camera RAW Plug-In for EPSON Creativity Suite (HKLM\...\{93EA9C3E-BDFD-4309-A605-9B5BBC0CCEFD}) (Version: 2.2.0.0 - SEIKO EPSON CORPORATION)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
DivX Converter (HKLM\...\{13F3917B56CD4C25848BDC69916971BB}) (Version: 7.1.0 - DivX, Inc.)
DivX Converter (HKLM\...\{B13A7C41581B411290FBC0395694E2A9}) (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (HKLM\...\DivX Plus DirectShow Filters) (Version: - DivX, Inc.)
DivX Plus Web Player (HKLM\...\{B7050CBDB2504B34BC2A9CA0A692CC29}) (Version: 2.0.0 - DivX,Inc.)
DivX Version Checker (HKLM\...\{3FC7CBBC4C1E11DCA1A752EA55D89593}) (Version: 7.1.0.9 - DivX, Inc.)
DivX-Setup (HKLM\...\DivX Setup) (Version: 2.6.1.84 - DivX, LLC)
eBay Icon (HKLM\...\eBay Icon) (Version: 1.0 - AD ON Multimedia Advertising GmbH)
EPSON Attach To Email (HKLM\...\InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}) (Version: 1.01.0000 - SEIKO EPSON)
EPSON Attach To Email (Version: 1.01.0000 - SEIKO EPSON) Hidden
EPSON Copy Utility 3 (HKLM\...\{67EDD823-135A-4D59-87BD-950616D6E857}) (Version: 3.3.0.0 - )
EPSON Easy Photo Print (HKLM\...\{3D78F2A2-C893-4ABD-B5FE-AD7011837755}) (Version: 1.5.0.0 - SEIKO EPSON CORPORATION)
EPSON File Manager (HKLM\...\{2EB81825-E9EE-44F4-8F51-1240C3898DC6}) (Version: 1.3.0.0 - )
EPSON Scan (HKLM\...\EPSON Scanner) (Version: - )
EPSON Scan Assistant (HKLM\...\{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}) (Version: 1.10.00 - )
EPSON-Drucker-Software (HKLM\...\EPSON Printer and Utilities) (Version: - SEIKO EPSON Corporation)
FAST Gigabank (HKLM\...\FAST Gigabank_is1) (Version: 2.0 - FAST LTA AG)
Free Audio CD Burner version 1.4.7 (HKLM\...\Free Audio CD Burner_is1) (Version: - DVDVideoSoft Limited.)
Free Studio version 5.1.4 (HKLM\...\Free Studio_is1) (Version: - DVDVideoSoft Limited.)
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (Version: 1.3.24.15 - Google Inc.) Hidden
ICQ7.2 (HKLM\...\{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}) (Version: 7.2 - ICQ)
iTunes (HKLM\...\{23B8A91D-680B-462B-87AD-3D70F7341731}) (Version: 10.6.1.7 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - deu) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version: - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Corporation (Version: 9.0.30729.1 - Microsoft Corporation) Hidden
Microsoft LifeCam (HKLM\...\{36C97B5B-5593-45B8-B50E-DAD87036BD9D}) (Version: 3.0.215.0 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.9 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nokia Connectivity Cable Driver (HKLM\...\{11964613-805F-432D-A12B-169554B793E7}) (Version: 6.84.4.0 - Nokia)
Nokia NSeries Application Installer (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Application Installer 6.83.11 (HKLM\...\Nokia NSeries Application Installer) (Version: - Nokia)
Nokia NSeries Content Copier (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries Content Copier 6.83.11 (HKLM\...\Nokia NSeries Content Copier) (Version: - Nokia)
Nokia NSeries One Touch Access (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries One Touch Access 6.83.11 (HKLM\...\Nokia NSeries One Touch Access) (Version: - Nokia)
Nokia Nseries PC Suite (HKLM\...\{06A0A943-6ECF-4586-8EC7-58DF050B7CDB}) (Version: 2.0.260 - Nokia)
Nokia NSeries System Utilities (Version: 6.83.11 - Nokia) Hidden
Nokia NSeries System Utilities 6.83.11 (HKLM\...\Nokia NSeries System Utilities) (Version: - Nokia)
Nokia Photos (HKLM\...\{100B729F-07A2-4A81-A28C-AE4A14FB4FB7}) (Version: 1.0.237 - Ihr Firmenname)
Nokia Software Updater (HKLM\...\{FE5D756F-71E1-47C4-972A-D6775344B40B}) (Version: 01.04.000.29353 - Nokia Corporation)
OpenOffice.org 3.1 (HKLM\...\{99E862CC-6F69-4D39-99AA-DBF71BF3B585}) (Version: 3.1.9420 - OpenOffice.org)
PC Connectivity Solution (HKLM\...\{99A40651-0BC2-4095-8F9A-A40FAB224FEF}) (Version: 7.22.7.1 - Nokia)
PDF Settings CS5 (Version: 10.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
SAMSUNG Mobile Composite Device Software (HKLM\...\SAMSUNG Mobile Composite Device) (Version: - )
Samsung Mobile phone USB driver Software (HKLM\...\Samsung Mobile phone USB driver) (Version: - )
SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )
SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )
Samsung PC Studio 3 (Version: 3.0.0.80601 - Samsung Electronics Co., Ltd.) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Skype Toolbars (HKLM\...\{981029E0-7FC9-4CF3-AB39-6F133621921A}) (Version: 1.0.4051 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.12.10.g89b2a4fc - Spotify AB)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{EAD7BEF9-B28C-425F-B2C5-538CB27EF013}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version: - Microsoft)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
Windows Live Anmelde-Assistent (HKLM\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live OneCare safety scanner (HKLM\...\Windows Live OneCare safety scanner) (Version: - Microsoft Corporation)
Windows Live OneCare safety scanner (Version: 1.0.0.0 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows-Treiberpaket - Nokia (WUDFRd) WPD (06/01/2007 6.84.33.0) (HKLM\...\4077F884D1BB007055BDB83B621D87220A73F30F) (Version: 06/01/2007 6.84.33.0 - Nokia)
Windows-Treiberpaket - Nokia Modem (02/15/2007 3.1) (HKLM\...\0C5EDC3653FED5B121F464339EAC12534D253B25) (Version: 02/15/2007 3.1 - Nokia)
WinRAR (HKLM\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM\...\YTdetect) (Version: - )
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{039B2CA5-3B41-4D93-AD77-47D3293FC5CB}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{42481700-CF3C-4D05-8EC6-F9A1C57E8DC0}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{66E8DCC7-97D2-4A89-8E08-D0610FF0878C}\InprocServer32 -> C:\Users\Madeleine\AppData\Local\Conduit\Community Alerts\Alert.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{A10D1118-27C0-4CAF-8D9A-DDAE7EFEDD59}\InprocServer32 -> 42494E41525953545245414D0300000003000000007CA7888E81D11003D7AB764E989B94C47736B3DF53227969A9293AE94C (the data entry has 8 more characters).
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{BB6410D8-F879-4184-9C5C-6A02D16AE0B3}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{CA1073A2-5F3F-4445-8E5E-7109BDCEDDBE}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D0D38C6E-BF64-4C42-840D-3E0019D9F7A6}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{D5A55D2D-C59D-42C3-A5BF-4C08EEE74339}\InprocServer32 -> C:\Program Files\Skype\Plugin Manager\ezPMUtils.dll No File
CustomCLSID: HKU\S-1-5-21-491985906-3955461640-2065506893-1000_Classes\CLSID\{F498FE2B-6CB2-4EE5-A384-D93B11091457}\InprocServer32 -> C:\Users\Madeleine\AppData\LocalLow\RadioTotal4\prxtbRad0.dll No File
==================== Restore Points =========================
29-08-2014 14:04:58 Geplanter Prüfpunkt
09-09-2014 14:03:26 Geplanter Prüfpunkt
10-09-2014 19:36:30 Removed iTunes
10-09-2014 19:59:40 Removed Java 7 Update 55
10-09-2014 20:01:45 Removed Java(TM) 6 Update 16
10-09-2014 20:03:21 Removed Java(TM) 6 Update 37
10-09-2014 20:07:34 Removed Skype™ 6.11
11-09-2014 14:52:18 Windows Update
11-09-2014 18:53:51 Revo Uninstaller's restore point - Ask Toolbar
11-09-2014 18:54:24 Removed Ask Toolbar
11-09-2014 19:04:20 Revo Uninstaller's restore point - Better Surf Plus
11-09-2014 19:06:10 Revo Uninstaller's restore point - Feven 1.5
11-09-2014 19:07:52 Revo Uninstaller's restore point - LyricsContainer
11-09-2014 19:09:26 Revo Uninstaller's restore point - Media View
11-09-2014 19:10:32 Revo Uninstaller's restore point - Media Viewer
11-09-2014 19:11:36 Revo Uninstaller's restore point - Media Watch
11-09-2014 19:12:40 Revo Uninstaller's restore point - MyPC Backup
11-09-2014 19:16:39 Revo Uninstaller's restore point - Optimizer Pro v3.2
11-09-2014 19:18:13 Revo Uninstaller's restore point - SweetIM Toolbar for Internet Explorer 3.9
11-09-2014 19:20:04 Revo Uninstaller's restore point - VIS
11-09-2014 19:21:46 Revo Uninstaller's restore point - WPM17.8.0.3159
11-09-2014 19:22:50 Revo Uninstaller's restore point - Wsys Control 10.2.1.2652
11-09-2014 20:17:05 zoek.exe restore point
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2011-04-16 19:05 - 00000814 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
74.208.10.249 gs.apple.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {086A8FC0-070E-48F1-B604-ED682F605F81} - System32\Tasks\{132BC443-25C9-44C9-84B9-2A4334F78896} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsDownload&installinfo=google-toolbar:offered-notinstalled,google-chrome:notoffered;toolbaroffered
Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {1F5FFEFA-3703-40D9-B356-13D037C44D06} - System32\Tasks\AdobeAAMUpdater-1.0-Madeleine-PC-Madeleine => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {2C97108E-C928-48B9-AE7D-8A02E3DF1BE5} - \Feven 1.5-enabler No Task File <==== ATTENTION
Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {3D680F75-59D7-4DE1-8ED8-9DA641AB6946} - \BrowserDefendert No Task File <==== ATTENTION
Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation)
Task: {4FF765E6-CAA2-4333-8D80-E3CA59D2C654} - \AmiUpdXp No Task File <==== ATTENTION
Task: {55B3DA69-5676-432B-BE5A-62FBB470C740} - \Feven 1.5-codedownloader No Task File <==== ATTENTION
Task: {5A094696-F9AE-4E59-A6E7-2B8C786BAB39} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-10] (Adobe Systems Incorporated)
Task: {64644654-CFF3-4EBB-8566-8EFE3B97DBB6} - \0814avUpdateInfo No Task File <==== ATTENTION
Task: {70E45419-0013-47A8-9B57-751F1E586C0D} - \Feven 1.5-updater No Task File <==== ATTENTION
Task: {7DA4B87A-E1E7-46B7-A5E8-2237D705C76C} - \Feven 1.5-chromeinstaller No Task File <==== ATTENTION
Task: {AA4C51F5-C189-420A-90B1-9DB8CB1B36F1} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {ADCA65C0-211C-4139-A5EE-B6E8E6FC336F} - \LyricsContainer Update No Task File <==== ATTENTION
Task: {B5819B29-1659-471E-B44E-C5F64C798486} - System32\Tasks\{051345A5-0AF2-429F-BC9B-A3AEFD5CF85C} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.73.105.457/de/abandoninstall?page=tsMain
Task: {BF40F182-E830-4E3C-B92D-847A7A02A967} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {C09AD99A-A500-4CA1-AB83-A95A8F9AA2AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-19] (Google Inc.)
Task: {D019EE45-9EED-4C88-96DA-0A6E7BE13A7F} - \Feven 1.5-firefoxinstaller No Task File <==== ATTENTION
Task: {DA296E08-42AA-4561-8D12-09D7484FC805} - System32\Tasks\{7C169ADF-65D4-4603-A3C4-9FEFA596E6AC} => C:\Program Files\Skype\Phone\Skype.exe
Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] ()
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2010-08-24 14:44 - 2010-03-15 11:28 - 00141824 _____ () C:\Program Files\WinRAR\rarext.dll
2009-08-18 07:58 - 2009-02-04 07:00 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2011-11-12 14:20 - 2009-02-27 17:39 - 00019968 _____ () C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.deu
2013-08-29 02:23 - 2013-08-29 02:23 - 01861968 _____ () C:\Program Files\DivX\DivX Update\DivXUpdate.exe
2013-08-29 02:25 - 2013-08-29 02:25 - 00100688 _____ () C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 36966968 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libcef.dll
2009-08-18 16:54 - 2009-08-18 16:54 - 00970752 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00610872 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-08-11 19:08 - 2014-08-31 15:50 - 00867896 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\ffmpegsumo.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00886840 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libglesv2.dll
2014-08-11 19:08 - 2014-08-31 15:50 - 00108600 _____ () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\libegl.dll
2014-05-10 20:06 - 2014-07-30 16:49 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:373E1720
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(1).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental)(2).mp4:TOC.WMV
AlternateDataStreams: C:\Users\Madeleine\Downloads\Enya - Only Time (Instrumental).mp4:TOC.WMV
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: isatap.{23E5A51C-C30E-4C6B-A4B7-CBAA6C12917F}
Description: Microsoft-ISATAP-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: N82
Description: N82
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: Nokia
Service: WUDFRd
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/11/2014 10:07:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm spotify.exe, Version 0.9.12.10 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen.
Prozess-ID: ee8
Anfangszeit: 01cfcdfba6dd3d38
Zeitpunkt der Beendigung: 16
Error: (09/11/2014 09:22:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:21:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:20:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:18:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:16:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:12:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:11:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:10:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:09:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
System errors:
=============
Error: (09/11/2014 11:16:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 11.09.2014 um 23:14:51 unerwartet heruntergefahren.
Error: (09/11/2014 10:32:03 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (09/11/2014 10:32:02 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (09/11/2014 10:32:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (09/11/2014 10:32:01 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (09/11/2014 10:32:00 PM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: PEVSystemStart
Error: (09/11/2014 06:37:51 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: Windows Update
Error: (09/10/2014 11:45:23 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Windows Update
Error: (09/10/2014 11:42:39 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: 30000Microsoft .NET Framework NGEN v4.0.30319_X86
Error: (09/10/2014 09:33:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Search Protect by Conduit Service%%2
Microsoft Office Sessions:
=========================
Error: (09/11/2014 10:07:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: spotify.exe0.9.12.10ee801cfcdfba6dd3d3816
Error: (09/11/2014 09:22:49 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:21:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:20:04 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:18:13 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:16:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:12:39 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:11:36 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:10:31 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
Error: (09/11/2014 09:09:26 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {110cd147-9480-4a66-932a-0b721348d7db}
CodeIntegrity Errors:
===================================
Date: 2014-09-11 23:39:09.885
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:09.516
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:09.148
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:08.779
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:08.330
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:07.961
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:07.586
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:39:07.142
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidsdriverx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:38:09.302
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-09-11 23:38:08.937
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\avgidshx.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 5200+
Percentage of memory in use: 55%
Total physical RAM: 2942.45 MB
Available physical RAM: 1318.17 MB
Total Pagefile: 6133.44 MB
Available Pagefile: 4306.56 MB
Total Virtual: 2047.88 MB
Available Virtual: 1905.6 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:298.09 GB) (Free:137.79 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298.1 GB) (Disk ID: 94BE57ED)
Partition 1: (Active) - (Size=298.1 GB) - (Type=07 NTFS)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014
Ran by Madeleine (administrator) on MADELEINE-PC on 11-09-2014 23:38:59
Running from C:\Users\Madeleine\Desktop\Desktop
Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe
(AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe
(Microsoft Corporation) C:\Windows\vVX1000.exe
(Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
() C:\Program Files\DivX\DivX Update\DivXUpdate.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe
(Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH)
HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation)
HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.)
HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC)
HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] ()
HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters).
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd)
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk
ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe ()
Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk
ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046}
SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms}
BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474
FF NewTab: hxxp://www.google.com/
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778"
CHR DefaultSearchKeyword: Default -> dosearches
CHR DefaultSearchProvider: Default -> dosearches
CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19]
CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17]
CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25]
CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01]
CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13]
CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22]
CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx []
CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx []
CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx []
CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx []
CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx []
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed]
S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.)
S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed]
S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed]
R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed]
R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib)
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed]
S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation)
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 20:01 - 2014-09-11 23:39 - 00000000 ____D () C:\FRST
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-11 23:39 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST
2014-09-11 23:23 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify
2014-09-11 23:20 - 2009-12-12 15:32 - 02036156 _____ () C:\Windows\WindowsUpdate.log
2014-09-11 23:18 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing
2014-09-11 23:17 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-11 23:16 - 2008-01-21 04:47 - 00138190 _____ () C:\Windows\PFRO.log
2014-09-11 23:16 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-11 23:16 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:16 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log
2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup
2014-09-11 23:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-11 22:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log
2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt
2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek
2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt
2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt
2014-09-11 22:02 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner
2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable
2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine
2014-09-11 18:44 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-09-10 23:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat
2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft
2014-09-10 23:54 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner
2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype
2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype
2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java
2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify
2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe
2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat
2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc
2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4
2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache
2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
Some content of TEMP:
====================
C:\Users\Madeleine\AppData\Local\Temp\7za.exe
C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe
C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe
C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll
C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe
C:\Users\Madeleine\AppData\Local\Temp\First15.exe
C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe
C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe
C:\Users\Madeleine\AppData\Local\Temp\Java.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe
C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe
C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe
C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE
C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe
C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe
C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll
C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe
C:\Users\Madeleine\AppData\Local\Temp\remove.exe
C:\Users\Madeleine\AppData\Local\Temp\sed.exe
C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe
C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe
C:\Users\Madeleine\AppData\Local\Temp\swreg.exe
C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe
C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll
C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe
C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe
C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe
C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe
C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll
C:\Users\Madeleine\AppData\Local\Temp\wget.exe
C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe
C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-11 23:23
==================== End Of Log ============================
Merci ! |
|
12.09.2014, 09:12
| #10 |
| /// TB-Ausbilder /// Anleitungs-Guru | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista OK, mach noch bitte einen Malwarebytes-Scan. Hast ja schon mal drauf gehabt: Schritt 1  Malwarebytes Antimalware
Schritt 2 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
12.09.2014, 10:15
| #11 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. VistaCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Protection, 12.09.2014 10:48:50, SYSTEM, MADELEINE-PC, Protection, Malware Protection, Starting, Protection, 12.09.2014 10:48:50, SYSTEM, MADELEINE-PC, Protection, Malware Protection, Started, Protection, 12.09.2014 10:48:50, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Starting, Protection, 12.09.2014 10:49:07, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Started, Update, 12.09.2014 10:49:24, SYSTEM, MADELEINE-PC, Manual, Rootkit Database, 2014.2.20.1, 2014.9.10.2, Update, 12.09.2014 10:49:27, SYSTEM, MADELEINE-PC, Manual, Malware Database, 2014.3.4.9, 2014.9.12.2, Protection, 12.09.2014 10:49:28, SYSTEM, MADELEINE-PC, Protection, Refresh, Starting, Protection, 12.09.2014 10:49:28, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Stopping, Protection, 12.09.2014 10:49:29, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Stopped, Protection, 12.09.2014 10:49:36, SYSTEM, MADELEINE-PC, Protection, Refresh, Success, Protection, 12.09.2014 10:49:36, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Starting, Protection, 12.09.2014 10:49:36, SYSTEM, MADELEINE-PC, Protection, Malicious Website Protection, Started, (end) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014 Ran by Madeleine (administrator) on MADELEINE-PC on 12-09-2014 11:11:49 Running from C:\Users\Madeleine\Desktop\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe (Microsoft Corporation) C:\Windows\vVX1000.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corporation) C:\Windows\System32\conime.exe (Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters). HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe () Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474 FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778" CHR DefaultSearchKeyword: Default -> dosearches CHR DefaultSearchProvider: Default -> dosearches CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19] CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17] CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25] CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01] CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13] CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22] CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx [] CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx [] CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx [] CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx [] CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed] R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed] S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation) S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 10:48 - 2014-09-12 11:09 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log 2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek 2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log 2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt 2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt 2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup 2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt 2014-09-11 20:01 - 2014-09-12 11:11 - 00000000 ____D () C:\FRST 2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable 2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner 2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4 2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 11:11 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST 2014-09-12 11:09 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 11:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-12 11:06 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-12 10:43 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-12 10:42 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify 2014-09-12 10:42 - 2009-12-12 15:32 - 02046358 _____ () C:\Windows\WindowsUpdate.log 2014-09-12 10:37 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-12 10:37 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-11 23:18 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing 2014-09-11 23:16 - 2008-01-21 04:47 - 00138190 _____ () C:\Windows\PFRO.log 2014-09-11 23:16 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log 2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup 2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log 2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt 2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek 2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt 2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt 2014-09-11 22:02 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner 2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable 2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine 2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-09-10 23:56 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat 2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft 2014-09-10 23:54 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner 2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype 2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype 2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java 2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify 2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe 2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat 2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc 2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4 2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe Some content of TEMP: ==================== C:\Users\Madeleine\AppData\Local\Temp\7za.exe C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe C:\Users\Madeleine\AppData\Local\Temp\First15.exe C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe C:\Users\Madeleine\AppData\Local\Temp\Java.exe C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe C:\Users\Madeleine\AppData\Local\Temp\remove.exe C:\Users\Madeleine\AppData\Local\Temp\sed.exe C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe C:\Users\Madeleine\AppData\Local\Temp\swreg.exe C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll C:\Users\Madeleine\AppData\Local\Temp\wget.exe C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-11 23:23 ==================== End Of Log ============================ :-) und schwupp - heute lies sich mein PC viel schneller starten... Außerdem bekomme ich jetzt nicht mehr diese Warnnachricht beim Starten "Apple Application was not found" --- PERFECT :-) |
|
12.09.2014, 10:37
| #12 |
| /// TB-Ausbilder /// Anleitungs-Guru | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Hi, bitte Suchlaufprotokoll posten... Ggf. nochmal scannen... Lesestoff MBAM-Funde posten: So gehts...Manchmal ist es wichtig zu wissen, welche Schadprogramme im Vorfeld ohne Anweisung der Helfer schon gelöscht wurden. Daher benötige ich den Inhalt der Logdatei, in welcher der Suchlauf protokolliert wurde.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
12.09.2014, 13:44
| #13 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. VistaCode:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 12.09.2014 Suchlauf-Zeit: 13:19:05 Logdatei: Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.12.03 Rootkit Datenbank: v2014.09.10.02 Lizenz: Testversion Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Self-protection: Deaktiviert Betriebssystem: Windows Vista Service Pack 2 CPU: x86 Dateisystem: NTFS Benutzer: Madeleine Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 300192 Verstrichene Zeit: 33 Min, 9 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) Liebe Grüße P.S. mein PC ist während der letzten Stunde 2 x abgestürzt... |
|
12.09.2014, 15:02
| #14 |
| /// TB-Ausbilder /// Anleitungs-Guru | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. Vista Bitte mach mal ein frisches FRST. Schritt 1 Bitte starte FRST erneut, und drücke auf Scan. Bitte poste mir den Inhalt des Logs.
__________________ Gruß deeprybka Lob, Kritik, Wünsche? Spende fürs trojaner-board? _______________________________________________ „Neminem laede, immo omnes, quantum potes, iuva.“ Arthur Schopenhauer |
|
12.09.2014, 15:20
| #15 |
| | Feven 1.5 / Better Surf Plus / Search Protect - Viren gefunden auf Wind. VistaFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-09-2014 Ran by Madeleine (administrator) on MADELEINE-PC on 12-09-2014 16:19:06 Running from C:\Users\Madeleine\Desktop\Desktop Platform: Microsoft® Windows Vista™ Home Premium Service Pack 2 (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgrsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgcsrvx.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Microsoft Corporation) C:\Windows\System32\SLsvc.exe (ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe (Google Inc.) C:\Program Files\Google\Update\1.3.24.15\GoogleCrashHandler.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgwdsvc.exe (AVM Berlin) C:\Program Files\avmwlanstick\WLanNetService.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe (Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgnsx.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgemcx.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (AVM Berlin GmbH) C:\Program Files\avmwlanstick\FRITZWLanMini.exe (Microsoft Corporation) C:\Windows\vVX1000.exe (Adobe Systems Inc.) C:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe () C:\Program Files\DivX\DivX Update\DivXUpdate.exe (AVG Technologies CZ, s.r.o.) C:\Program Files\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation) C:\Windows\ehome\ehtray.exe (Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\spotify.exe (Spotify Ltd) C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Microsoft Corporation) C:\Windows\ehome\ehmsas.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe () C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyHelper.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation) HKLM\...\Run: [AVMWlanClient] => C:\Program Files\avmwlanstick\FRITZWLANMini.exe [343552 2006-06-23] (AVM Berlin GmbH) HKLM\...\Run: [VX1000] => C:\Windows\vVX1000.exe [757248 2009-06-26] (Microsoft Corporation) HKLM\...\Run: [LifeCam] => C:\Program Files\Microsoft LifeCam\LifeExp.exe [118640 2009-07-24] (Microsoft Corporation) HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated) HKLM\...\Run: [Acrobat Assistant 8.0] => C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated) HKLM\...\Run: [SwitchBoard] => C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM\...\Run: [AdobeCS5ServiceManager] => C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated) HKLM\...\Run: [] => [X] HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421736 2012-03-27] (Apple Inc.) HKLM\...\Run: [DivXMediaServer] => C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-08-21] (DivX, LLC) HKLM\...\Run: [DivXUpdate] => C:\Program Files\DivX\DivX Update\DivXUpdate.exe [1861968 2013-08-29] () HKLM\...\Run: [AVG_UI] => C:\Program Files\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.) HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.com/ww.special-uninstallation-feedback-app?lic=OQBBAFYARgBSAEUARQAtAFYAMgBHADMASwAtADgANwBXAFUAVQAtADIAVABWAEgAQQAtAFgANgBEAEYAOAAtAEwANgBQAEEATgA"&"inst=NwA3AC0ANAA0AD (the data entry has 293 more characters). HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect" HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [msnmsgr] => C:\Program Files\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [ICQ] => C:\Program Files\ICQ7.2\ICQ.exe [133432 2011-01-05] (ICQ, LLC.) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AdobeBridge] => [X] HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [GoogleChromeAutoLaunch_8F8DCD463458B8C70FE6ACB3E05E83C2] => "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [AVG-Secure-Search-Update_1213b] => C:\Users\Madeleine\AppData\Roaming\AVG 1213b Campaign\AVG-Secure-Search-Update-1213b.exe /PROMPT /mid=a2c67ac9e276bc7c749248a5af60a882-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=1213b HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify] => C:\Users\Madeleine\AppData\Roaming\Spotify\Spotify.exe [6621752 2014-08-31] (Spotify Ltd) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\Run: [Spotify Web Helper] => C:\Users\Madeleine\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1245752 2014-08-31] (Spotify Ltd) HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: G - G:\pushinst.exe HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {4b5558a8-0427-11df-8b42-0022685d8ab7} - E:\pushinst.exe HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {6712b8a9-854a-11e1-8aea-0022685d8ab7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta HKU\S-1-5-21-491985906-3955461640-2065506893-1000\...\MountPoints2: {f6386fd5-e721-11de-b041-0022685d8ab7} - K:\pushinst.exe Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nokia Nseries PC Suite.lnk ShortcutTarget: Nokia Nseries PC Suite.lnk -> C:\Program Files\Nokia\NNPCS\RunLauncher.exe () Startup: C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk ShortcutTarget: OpenOffice.org 3.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe () ShellIconOverlayIdentifiers: 01FotoBank -> {489d8d66-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 02FotoBank -> {489d8d67-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 03FotoBank -> {489d8d68-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 04FotoBank -> {489d8d6A-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 05FotoBank -> {489d8d6B-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 06FotoBank -> {489d8d6C-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 07FotoBank -> {489d8d6D-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) ShellIconOverlayIdentifiers: 08FotoBank -> {489d8d6E-38d6-4dd3-83d5-9a7e07b65904} => C:\Program Files\FAST Gigabank\FotoBanker.dll (FAST LTA AG) GroupPolicy: Group Policy on Chrome detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20656961367BCA01 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch URLSearchHook: HKLM - Default Value = {855F3B16-6D32-4fe6-8A56-BBB695989046} SearchScopes: HKLM - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms} SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = SearchScopes: HKCU - {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms} SearchScopes: HKCU - {A2BA2DB7-1711-40F9-93D0-139D05F0F584} URL = hxxp://www.sm.de/?q={searchTerms} BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKLM - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Toolbar: HKCU - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Madeleine\AppData\Roaming\Mozilla\Firefox\Profiles\znn0mjrh.default-1410381468474 FF NewTab: hxxp://www.google.com/ FF SearchEngineOrder.1: Google FF SelectedSearchEngine: Google FF Homepage: hxxp://www.google.com FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q= FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll () FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 -> C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin: @java.com/DTPlugin -> C:\Program Files\Java\jre6\bin\dtplugin\npDeployJava1.dll No File FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.1.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: Adobe Acrobat -> C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 -> C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.) FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2014-05-10] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-12-14] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR RestoreOnStartup: Default -> "hxxp://www.dosearches.com/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=hp&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778" CHR DefaultSearchKeyword: Default -> dosearches CHR DefaultSearchProvider: Default -> dosearches CHR DefaultSearchURL: Default -> hxxp://search.dosearches.com/web/?utm_source=b&utm_medium=slbnew&utm_campaign=rg&utm_content=ds&from=slbnew&uid=SAMSUNGXHD322HJ_S17AJ9BS704370&ts=1383335778&type=default&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll No File CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files\QuickTime\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll No File CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files\FunWebProducts\Installr\1.bin\NPFunWeb.dll No File CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U13) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll No File CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Facebook Plugin) - C:\Users\Madeleine\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.130.20) - C:\Windows\system32\npDeployJava1.dll No File CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) CHR CustomProfile: C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Feven 1.5) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\baodmgdpdoelldjmkhknbolcldnfjegg [2013-12-19] CHR Extension: (Ancient Map) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcjaemihddenoopkkhaamlcoliiiain [2013-09-17] CHR Extension: (sAvernet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\chfialnlkofnjapfnmokopdehgfmhibg [2014-01-25] CHR Extension: (Lightning Newtab) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo [2013-11-01] CHR Extension: (Helper extension) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchpfiddbhbdnagofhkjlaiaejmkdcla [2013-09-13] CHR Extension: (No Name) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2013-08-22] CHR Extension: (Google Wallet) - C:\Users\Madeleine\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR HKLM\...\Chrome\Extension: [ciofmnkmmkifclnkmflcbopnokbljoeb] - C:\Program Files\VideoPlayerV3\VideoPlayerV3beta488\ch\VideoPlayerV3beta488.crx [] CHR HKLM\...\Chrome\Extension: [fajjlmbhnkdcimdnijpnpccgfhplmbmf] - C:\Program Files\MediaViewV1\MediaViewV1alpha1043\ch\MediaViewV1alpha1043.crx [] CHR HKLM\...\Chrome\Extension: [jnhbjhjficooacggmaognpejifaofnfj] - C:\Program Files\MediaViewV1\MediaViewV1alpha125\ch\MediaViewV1alpha125.crx [] CHR HKLM\...\Chrome\Extension: [ongopfbpiphhgfnlemmkajofmgbbdkne] - C:\Program Files\MediaWatchV1\MediaWatchV1home2672\ch\MediaWatchV1home2672.crx [] CHR HKLM\...\Chrome\Extension: [onpdpoehbhoonfncaenmonlbnonmofin] - C:\Program Files\MediaViewerV1\MediaViewerV1alpha1209\ch\MediaViewerV1alpha1209.crx [] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.) R2 AVM WLAN Connection Service; C:\Program Files\avmwlanstick\WlanNetService.exe [350876 2006-04-06] (AVM Berlin) [File not signed] S3 FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2011-03-03] (Macrovision Europe Ltd.) [File not signed] R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation) S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) S3 ServiceLayer; C:\Program Files\Nokia\PC Connectivity Solution\ServiceLayer.exe [300544 2007-06-15] (Nokia.) [File not signed] S3 SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed] ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R1 Avgdiskx; C:\Windows\System32\DRIVERS\avgdiskx.sys [121624 2014-06-30] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [200984 2014-07-21] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [147736 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [21272 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [188696 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [241944 2014-06-17] (AVG Technologies CZ, s.r.o.) R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [98584 2014-08-06] (AVG Technologies CZ, s.r.o.) R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [27416 2014-06-17] (AVG Technologies CZ, s.r.o.) R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [197400 2014-06-17] (AVG Technologies CZ, s.r.o.) S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [264704 2006-04-06] (AVM GmbH) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-05-12] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-09-12] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-05-12] (Malwarebytes Corporation) S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl.sys [18432 2010-04-19] (Apple Inc.) [File not signed] R1 StarOpen; C:\Windows\system32\Drivers\StarOpen.sys [5632 2006-07-24] () [File not signed] R1 tStLib; C:\Windows\System32\drivers\tStLib.sys [55224 2014-03-24] (StdLib) S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [41984 2011-02-18] (Apple, Inc.) [File not signed] S3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1956096 2009-06-26] (Microsoft Corporation) S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt 2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt 2014-09-12 10:48 - 2014-09-12 15:49 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-09-12 10:48 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-09-12 10:48 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-09-11 22:29 - 2014-09-11 23:15 - 00004531 _____ () C:\folders.log 2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek 2014-09-11 22:17 - 2014-09-11 22:32 - 00004748 _____ () C:\zoek-results.log 2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt 2014-09-11 22:15 - 2014-09-11 22:32 - 00002821 _____ () C:\runcheck.txt 2014-09-11 22:11 - 2014-09-11 23:07 - 00000000 ____D () C:\zoek_backup 2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt 2014-09-11 20:01 - 2014-09-12 16:19 - 00000000 ____D () C:\FRST 2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable 2014-09-11 17:27 - 2014-08-15 16:51 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-09-11 17:27 - 2014-08-15 16:42 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-09-11 17:27 - 2014-08-15 16:42 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-09-11 17:27 - 2014-08-15 16:37 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-09-11 17:27 - 2014-08-15 16:37 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-09-11 17:27 - 2014-08-15 16:36 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-09-11 17:27 - 2014-08-15 16:35 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-09-11 17:27 - 2014-08-15 16:35 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-09-11 17:27 - 2014-08-15 16:35 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-09-11 17:27 - 2014-08-15 16:34 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-09-11 17:27 - 2014-08-15 16:34 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-09-11 17:27 - 2014-08-15 16:34 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-09-11 17:27 - 2014-08-15 16:34 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-09-11 17:27 - 2014-08-15 16:34 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2014-09-10 23:58 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll 2014-09-10 23:56 - 2014-09-11 22:01 - 00000000 ____D () C:\AdwCleaner 2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe 2014-08-28 14:49 - 2014-08-23 03:03 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-28 14:49 - 2014-08-23 01:26 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-19 18:43 - 2014-08-19 18:00 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4 2014-08-16 22:05 - 2014-06-27 00:17 - 00619664 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe 2014-08-16 22:05 - 2014-06-27 00:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll 2014-08-16 22:05 - 2014-06-27 00:17 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll 2014-08-16 22:05 - 2014-06-06 06:28 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe 2014-08-16 10:35 - 2014-07-08 02:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2014-08-16 10:35 - 2014-06-14 02:44 - 00638400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys 2014-08-16 10:35 - 2014-06-14 02:33 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll 2014-08-16 10:35 - 2014-06-02 12:31 - 02263552 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll 2014-08-16 10:35 - 2014-06-02 12:31 - 00332800 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll 2014-08-16 10:35 - 2014-06-02 12:30 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll 2014-08-16 10:35 - 2014-06-02 12:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll 2014-08-16 10:35 - 2014-06-02 10:56 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-12 16:19 - 2014-09-11 20:01 - 00000000 ____D () C:\FRST 2014-09-12 16:06 - 2010-05-19 19:47 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-09-12 15:49 - 2014-09-12 10:48 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-09-12 15:48 - 2012-09-10 19:59 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-09-12 14:44 - 2009-12-12 15:32 - 02055690 _____ () C:\Windows\WindowsUpdate.log 2014-09-12 14:42 - 2014-08-11 19:07 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\Spotify 2014-09-12 14:41 - 2009-12-15 17:10 - 00000000 ____D () C:\Users\Madeleine\Tracing 2014-09-12 14:39 - 2010-05-19 19:46 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-09-12 14:39 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-09-12 14:39 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-09-12 14:39 - 2006-11-02 14:47 - 00003664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-09-12 13:55 - 2014-09-12 13:55 - 00001177 _____ () C:\Suchlaufprotokoll.txt 2014-09-12 13:54 - 2014-09-12 13:54 - 00001172 _____ () C:\Users\Madeleine\Desktop\Mawarebystes.txt 2014-09-12 13:12 - 2010-02-10 21:26 - 00000000 _____ () C:\Users\Madeleine\AppData\Local\prvlcl.dat 2014-09-12 13:08 - 2014-08-06 19:14 - 00000000 ____D () C:\Users\Madeleine\Desktop\Neuer Ordner 2014-09-12 11:20 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-09-12 10:48 - 2014-09-12 10:48 - 00000903 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-09-12 10:48 - 2014-09-12 10:48 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-09-12 10:43 - 2012-06-21 11:19 - 00000000 ____D () C:\ProgramData\MFAData 2014-09-11 23:16 - 2008-01-21 04:47 - 00138190 _____ () C:\Windows\PFRO.log 2014-09-11 23:15 - 2014-09-11 22:29 - 00004531 _____ () C:\folders.log 2014-09-11 23:07 - 2014-09-11 22:11 - 00000000 ____D () C:\zoek_backup 2014-09-11 22:32 - 2014-09-11 22:17 - 00004748 _____ () C:\zoek-results.log 2014-09-11 22:32 - 2014-09-11 22:15 - 00002821 _____ () C:\runcheck.txt 2014-09-11 22:29 - 2014-09-11 22:29 - 00000000 ____D () C:\zoek 2014-09-11 22:17 - 2014-09-11 22:17 - 00000441 _____ () C:\Users\Madeleine\Desktop\zoeck.txt 2014-09-11 22:10 - 2014-09-11 22:10 - 00029334 _____ () C:\Users\Madeleine\Desktop\ADWCleaner_Resp..txt 2014-09-11 22:01 - 2014-09-10 23:56 - 00000000 ____D () C:\AdwCleaner 2014-09-11 22:01 - 2014-05-10 20:06 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-09-11 22:01 - 2013-11-18 16:59 - 00000862 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2014-09-11 22:01 - 2009-12-12 15:37 - 00000987 _____ () C:\Users\Madeleine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2014-09-11 19:52 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\Microsoft.NET 2014-09-11 19:03 - 2014-09-11 19:03 - 00000000 _____ () C:\Users\Madeleine\defogger_reenable 2014-09-11 19:03 - 2009-12-12 15:37 - 00000000 ____D () C:\Users\Madeleine 2014-09-11 17:25 - 2009-08-18 07:08 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-09-11 17:23 - 2013-08-15 00:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-09-11 17:03 - 2006-11-02 12:24 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe 2014-09-10 23:55 - 2011-01-04 19:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\DVDVideoSoft 2014-09-10 23:46 - 2009-04-11 18:55 - 08271192 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-09-10 22:18 - 2013-08-09 14:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-09-10 22:16 - 2014-09-10 22:16 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Madeleine\Downloads\mbam-setup-2.0.2.1012.exe 2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ___RD () C:\Program Files\Skype 2014-09-10 22:08 - 2010-05-19 19:46 - 00000000 ____D () C:\ProgramData\Skype 2014-09-10 22:03 - 2009-12-25 00:02 - 00000000 ____D () C:\Program Files\Java 2014-09-10 21:35 - 2014-08-11 19:08 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Spotify 2014-09-10 21:28 - 2012-09-10 19:59 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-09-10 21:28 - 2011-12-12 18:48 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-09-10 21:26 - 2010-06-14 20:54 - 00000000 ____D () C:\Users\Madeleine\AppData\Local\Adobe 2014-09-04 10:35 - 2014-03-31 17:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG 2014-09-04 10:35 - 2013-11-18 16:43 - 00000862 _____ () C:\Users\Public\Desktop\AVG 2014.lnk 2014-08-29 15:27 - 2006-11-02 14:47 - 03835752 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-08-23 03:03 - 2014-08-28 14:49 - 00297984 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll 2014-08-23 01:26 - 2014-08-28 14:49 - 02054656 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-08-22 15:36 - 2010-06-08 19:28 - 00007944 _____ () C:\Users\Madeleine\AppData\Local\d3d9caps.dat 2014-08-19 18:44 - 2010-05-04 14:31 - 00000000 ____D () C:\Users\Madeleine\AppData\Roaming\vlc 2014-08-19 18:00 - 2014-08-19 18:43 - 19402103 _____ () C:\Users\Madeleine\Desktop\20140819_175929.mp4 2014-08-17 17:02 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\rescache 2014-08-17 16:43 - 2006-11-02 13:18 - 00000000 ____D () C:\Windows\system32\de-DE 2014-08-15 16:51 - 2014-09-11 17:27 - 12363264 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-08-15 16:42 - 2014-09-11 17:27 - 09739776 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-08-15 16:42 - 2014-09-11 17:27 - 01810432 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-08-15 16:37 - 2014-09-11 17:27 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-08-15 16:37 - 2014-09-11 17:27 - 01129472 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-08-15 16:36 - 2014-09-11 17:27 - 01427968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-08-15 16:35 - 2014-09-11 17:27 - 01802240 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00717824 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00607744 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00353792 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00231936 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00142848 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-08-15 16:35 - 2014-09-11 17:27 - 00065024 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-08-15 16:35 - 2014-09-11 17:27 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2014-08-15 16:34 - 2014-09-11 17:27 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-08-15 16:34 - 2014-09-11 17:27 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-08-15 16:34 - 2014-09-11 17:27 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-08-15 16:34 - 2014-09-11 17:27 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2014-08-15 16:34 - 2014-09-11 17:27 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe Some content of TEMP: ==================== C:\Users\Madeleine\AppData\Local\Temp\7za.exe C:\Users\Madeleine\AppData\Local\Temp\APNSetup.exe C:\Users\Madeleine\AppData\Local\Temp\contentDATs.exe C:\Users\Madeleine\AppData\Local\Temp\d77ty3q2.dll C:\Users\Madeleine\AppData\Local\Temp\eauninstall.exe C:\Users\Madeleine\AppData\Local\Temp\First15.exe C:\Users\Madeleine\AppData\Local\Temp\FlashPlayerUpdate.exe C:\Users\Madeleine\AppData\Local\Temp\hijackthis.exe C:\Users\Madeleine\AppData\Local\Temp\Java.exe C:\Users\Madeleine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\Madeleine\AppData\Local\Temp\msgC6B7.exe C:\Users\Madeleine\AppData\Local\Temp\NirCmd.exe C:\Users\Madeleine\AppData\Local\Temp\ose00000.exe C:\Users\Madeleine\AppData\Local\Temp\PEVZ.EXE C:\Users\Madeleine\AppData\Local\Temp\PicasaCD.exe C:\Users\Madeleine\AppData\Local\Temp\PrefJsonCpp.exe C:\Users\Madeleine\AppData\Local\Temp\qbyfjkct.dll C:\Users\Madeleine\AppData\Local\Temp\Quarantine.exe C:\Users\Madeleine\AppData\Local\Temp\remove.exe C:\Users\Madeleine\AppData\Local\Temp\sed.exe C:\Users\Madeleine\AppData\Local\Temp\shortcut.exe C:\Users\Madeleine\AppData\Local\Temp\sqlite3.exe C:\Users\Madeleine\AppData\Local\Temp\swreg.exe C:\Users\Madeleine\AppData\Local\Temp\swxcacls.exe C:\Users\Madeleine\AppData\Local\Temp\tbsof0.dll C:\Users\Madeleine\AppData\Local\Temp\TB_9BE1.exe C:\Users\Madeleine\AppData\Local\Temp\The Sims 2_uninst.exe C:\Users\Madeleine\AppData\Local\Temp\uninst1.exe C:\Users\Madeleine\AppData\Local\Temp\vcredist_x86.exe C:\Users\Madeleine\AppData\Local\Temp\VP6Install.exe C:\Users\Madeleine\AppData\Local\Temp\VP6VFW.dll C:\Users\Madeleine\AppData\Local\Temp\wget.exe C:\Users\Madeleine\AppData\Local\Temp\wlsetup-cvr.exe C:\Users\Madeleine\AppData\Local\Temp\zoek-delete.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-12 14:45 ==================== End Of Log ============================ |
|
dann auf 
und dann auf 
.
Adwcleaner.
Linear-Darstellung
