| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SafeSaver lässt sich nicht löschenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.01.2014, 14:42
| #1 |
| |  SafeSaver lässt sich nicht löschen Hallo zusammen ich hoffe Ihr könnt mir helfen. Gestern habe ich mir dieses nervige Programm eingefangen, es verlinkt zufällig Wörter und schickt einen auf Werbewebsites. Hat sich in meinen Browsern (IE, FF, Chrome) als Addon eingenistet. ReandoomPPraicue und ReeGUlarDEails schimpfen sich die Addons. Mittlerweile habe ich schon versucht (in der Reihenfolge): - Beide Programme über die Systemsteuerung deinstallieren, ansonsten konnte ich keine auffälligen Namen entdecken. - Die Festplatten nach den Namen durchsuchen und alle Dateien die ich finde manuell löschen, auf C gabs so einiges. - IE und FF auf werkseinstellung zurücksetzen und die Addons in Chrome löschen. - Malewarebytes, Adwcleaner, Hitman Pro, Junkware Removal Tool durchlaufen lassen. Bis auf den Schritt mit dem Festplatten durchsuchen und die Dateien einzeln löschen (geht ja nur einmal) habe ich das alles schon mindestens 10 mal probiert aber nach jedem Neustart ist der Dreck wieder da. Leider hab ich erst gerade eben erfahren dass ich mich besser hätte melden sollen ohne selbst was zu probieren. Hab jetzt mal FRST durchlaufen lassen, hier die Log Files: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-12-2013 01
Ran by Fluffyman (administrator) on FLUFFYMAN-PC on 01-01-2014 14:22:45
Running from C:\Users\Fluffyman\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Spotify Ltd) C:\Users\Fluffyman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Xfire Inc.) C:\Program Files (x86)\Xfire\Xfire.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
() C:\Program Files (x86)\Xfire\xfire64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\Ctxfihlp.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(O&O Software GmbH) C:\Program Files\OO Software\Defrag\oodag.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Creative Technology Ltd) C:\Windows\SysWOW64\CTxfispi.exe
() C:\Program Files (x86)\Xfire\xfire64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [613536 2010-10-27] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [379040 2010-10-27] (Atheros Commnucations)
HKLM\...\Run: [OODefragTray] - C:\Program Files\OO Software\Defrag\oodtray.exe [4011336 2010-11-25] (O&O Software GmbH)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [8290584 2013-08-01] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe [1028384 2013-11-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] - C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()
HKLM-x32\...\Run: [UpdateLBPShortCut] - C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] - C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] - blrun
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe [222504 2010-04-20] (CyberLink Corp.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-04-29] (Intel Corporation)
HKLM-x32\...\Run: [DivXUpdate] - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1263952 2013-02-13] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [CTxfiHlp] - C:\Windows\\SysWOW64\CTXFIHLP.EXE [25600 2010-05-05] (Creative Technology Ltd)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-01] (AVAST Software)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-08-16] (Hewlett-Packard Company)
HKCU\...\Run: [Google Update] - C:\Users\Fluffyman\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-06] (Google Inc.)
HKCU\...\Run: [NetLimiter] - C:\Program Files\NetLimiter 3\NLClientApp.exe /tray
HKCU\...\Run: [Spotify] - C:\Users\Fluffyman\AppData\Roaming\Spotify\spotify.exe [5951488 2013-12-06] (Spotify Ltd)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Fluffyman\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1168896 2013-12-06] (Spotify Ltd)
MountPoints2: {7441961f-9f86-11e0-97cf-806e6f6e6963} - D:\Autorun.exe
AppInit_DLLs: [ ] ()
AppInit_DLLs-x32: [ ] ()
Startup: C:\Users\Fluffyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Fluffyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Xfire.lnk
ShortcutTarget: Xfire.lnk -> C:\Program Files (x86)\Xfire\Xfire.exe (Xfire Inc.)
BootExecute: autocheck autochk * OODBS
==================== Internet (Whitelisted) ====================
ProxyServer: 210.107.100.251:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.bing.com
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15117/CTPID.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.18
FireFox:
========
FF ProfilePath: C:\Users\Fluffyman\AppData\Roaming\Mozilla\Firefox\Profiles\21b80u3q.default-1388581057848
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @esn.me/esnsonar - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.96.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Fluffyman\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Fluffyman\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017325.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
Chrome:
=======
CHR HomePage:
CHR RestoreOnStartup: "hxxp://search.easylifeapp.com/?pid=625&src=ch1&r=2013/02/24&hid=1458390817&lg=EN&cc=DE", "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman\12.0.0.374_0\plugin/npABPlugin.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\12.0.0.477_0\plugin/npUrlAdvisor.dll No File
CHR Plugin: (Kaspersky Anti-Virus) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\12.0.0.477_0\plugin/npVKPlugin.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00C2\u00AE Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\Sonar\npesnsonar.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\BF3 Alpha Trial Web Plugins\npesnlaunch.dll No File
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Google Update) - C:\Users\Fluffyman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.6_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfkpkealncpcbfklpgnggcgjjdkbljop\1.0.3.3_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.20_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\deinkbkflkommolikefigdljdgjhkpfk\1.0.0_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooefojkjcddbgjjeoabdloeapnbccmh\1.0.0_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\laeghehalempfenbefbjbhccjcoakpmm\1.2.3_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nalagllbblcejhhmeffeiofclifnpbeo\1.5.6_0
CHR Extension: (Google Wallet) - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0
CHR Extension: () - C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojmgeoecaejeajjegjmijbcifhkbmgjd\1.8.150_0
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-01] (AVAST Software)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15125280 2013-11-08] (NVIDIA Corporation)
R2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3152200 2010-11-25] (O&O Software GmbH)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-30] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S3 OpenVPNService; "C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-01-01] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-20] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-20] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1034464 2014-01-01] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [422216 2014-01-01] (AVAST Software)
R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [79672 2014-01-01] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-01] ()
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [64280 2013-05-30] (Logitech Inc.)
R3 LGSUsbFilt; C:\Windows\System32\DRIVERS\LGSUsbFilt.Sys [41752 2013-05-30] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-09-28] (NVIDIA Corporation)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-04-16] (Duplex Secure Ltd.)
S3 ALSysIO; \??\C:\Users\FLUFFY~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 NLNdisMP; system32\DRIVERS\nlndis.sys [x]
S3 NLNdisPT; system32\DRIVERS\nlndis.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-01 14:22 - 2014-01-01 14:23 - 00020713 _____ C:\Users\Fluffyman\Desktop\FRST.txt
2014-01-01 14:22 - 2014-01-01 14:22 - 00000000 ____D C:\FRST
2014-01-01 14:21 - 2014-01-01 14:21 - 01931302 _____ (Farbar) C:\Users\Fluffyman\Desktop\FRST64.exe
2014-01-01 14:14 - 2014-01-01 14:14 - 00000000 ___RD C:\Users\Fluffyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-01 13:37 - 2014-01-01 13:37 - 00001438 _____ C:\Users\Fluffyman\Desktop\JRT.txt
2014-01-01 13:04 - 2014-01-01 13:04 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-01 13:04 - 2014-01-01 13:04 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-01 12:59 - 2014-01-01 13:04 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-01 12:59 - 2014-01-01 12:59 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-01 12:55 - 2014-01-01 12:56 - 10264904 _____ (SurfRight B.V.) C:\Users\Fluffyman\Desktop\HitmanPro_x64.exe
2014-01-01 12:48 - 2014-01-01 12:48 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 12:46 - 2014-01-01 12:46 - 01036305 _____ (Thisisu) C:\Users\Fluffyman\Desktop\JRT.exe
2014-01-01 12:24 - 2014-01-01 14:12 - 00000000 ____D C:\AdwCleaner
2014-01-01 12:21 - 2014-01-01 12:21 - 00053135 _____ C:\Users\Fluffyman\Downloads\Ultimate_YouTube_Downloader_1.0.3.3.crx
2014-01-01 12:13 - 2014-01-01 12:13 - 01233962 _____ C:\Users\Fluffyman\Desktop\adwcleaner.exe
2014-01-01 11:54 - 2014-01-01 11:54 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2013-12-31 20:44 - 2013-12-31 20:44 - 00006513 _____ C:\Users\Fluffyman\.recently-used.xbel
2013-12-30 23:25 - 2014-01-01 12:08 - 00000000 ____D C:\ProgramData\3473d4c048c6e285
2013-12-30 23:25 - 2013-12-30 23:25 - 00000000 ____D C:\ProgramData\pdpkhilcppfgoldikaiajdpnimmlekek
2013-12-28 13:17 - 2013-12-28 13:26 - 00000000 ____D C:\Users\Fluffyman\AppData\Roaming\Audacity
2013-12-27 16:20 - 2013-12-30 14:34 - 00000179 _____ C:\Users\Fluffyman\Desktop\kaffee shops.txt
2013-12-26 18:28 - 2013-12-26 18:51 - 00004576 _____ C:\Users\Fluffyman\Desktop\vermittlungsvorschlag.txt
2013-12-22 21:33 - 2014-01-01 13:23 - 00000395 _____ C:\Users\Fluffyman\Desktop\filme.txt
2013-12-17 00:41 - 2013-12-17 01:05 - 00000130 _____ C:\Users\Fluffyman\Desktop\aeropress anleitung.txt
2013-12-16 15:45 - 2013-12-25 10:27 - 00000000 ____D C:\Users\Fluffyman\Desktop\Neuer Ordner (2)
2013-12-12 02:02 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 02:02 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 02:02 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 02:02 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 02:02 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 02:02 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 02:02 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 02:02 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 02:02 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 02:02 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 02:02 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 02:02 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 02:02 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 02:02 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 02:02 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 02:02 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 02:02 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 02:02 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 02:02 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 02:02 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 02:02 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 02:02 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 02:02 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 02:02 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 02:02 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 02:02 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 02:02 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 02:02 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 02:02 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 02:02 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 02:01 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-11 22:23 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-11 22:23 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-11 22:23 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-11 22:23 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-11 22:23 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-11 22:23 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-11 22:23 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-11 22:23 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-11 22:23 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-11 22:23 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-11 22:23 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-11 22:23 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-11 22:23 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-11 22:23 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-11 22:23 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-06 15:34 - 2013-12-06 15:34 - 02822130 _____ C:\Users\Fluffyman\Downloads\YouTube_Options.crx
2013-12-06 15:31 - 2013-12-06 15:31 - 00375246 _____ C:\Users\Fluffyman\Downloads\33042.user.js
2013-12-06 15:29 - 2013-12-06 15:29 - 00048517 _____ C:\Users\Fluffyman\Downloads\youtube1.0.1.2 (1).crx
2013-12-04 02:14 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-04 02:12 - 2013-12-04 02:14 - 00012105 _____ C:\Windows\IE11_main.log
2013-12-04 02:12 - 2013-12-04 02:12 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-04 02:12 - 2013-12-04 02:12 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 02:12 - 2013-12-04 02:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 02:12 - 2013-12-04 02:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 02:12 - 2013-12-04 02:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 02:12 - 2013-12-04 02:12 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 02:12 - 2013-12-04 02:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 02:12 - 2013-12-04 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
==================== One Month Modified Files and Folders =======
2014-01-01 14:23 - 2014-01-01 14:22 - 00020713 _____ C:\Users\Fluffyman\Desktop\FRST.txt
2014-01-01 14:22 - 2014-01-01 14:22 - 00000000 ____D C:\FRST
2014-01-01 14:21 - 2014-01-01 14:21 - 01931302 _____ (Farbar) C:\Users\Fluffyman\Desktop\FRST64.exe
2014-01-01 14:21 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-01 14:21 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-01 14:19 - 2013-10-29 02:02 - 00000000 ____D C:\Users\Fluffyman\AppData\Roaming\Spotify
2014-01-01 14:19 - 2011-04-12 08:43 - 00748890 _____ C:\Windows\system32\perfh007.dat
2014-01-01 14:19 - 2011-04-12 08:43 - 00163464 _____ C:\Windows\system32\perfc007.dat
2014-01-01 14:19 - 2009-07-14 06:13 - 01730418 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-01 14:17 - 2011-06-26 19:01 - 01837458 _____ C:\Windows\WindowsUpdate.log
2014-01-01 14:14 - 2014-01-01 14:14 - 00000000 ___RD C:\Users\Fluffyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-01-01 14:14 - 2011-09-27 11:54 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-01 14:14 - 2011-07-15 13:34 - 01495472 _____ C:\Windows\system32\oodbs.lor
2014-01-01 14:14 - 2011-06-26 19:18 - 00000035 _____ C:\Users\Public\Documents\AtherosServiceConfig.ini
2014-01-01 14:14 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-01 14:14 - 2009-07-14 05:51 - 00125878 _____ C:\Windows\setupact.log
2014-01-01 14:12 - 2014-01-01 12:24 - 00000000 ____D C:\AdwCleaner
2014-01-01 14:11 - 2012-09-06 23:24 - 00001136 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188416372-2009558963-3285436635-1000UA.job
2014-01-01 13:57 - 2011-06-26 19:30 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-01 13:37 - 2014-01-01 13:37 - 00001438 _____ C:\Users\Fluffyman\Desktop\JRT.txt
2014-01-01 13:31 - 2012-04-04 07:17 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-01 13:23 - 2013-12-22 21:33 - 00000395 _____ C:\Users\Fluffyman\Desktop\filme.txt
2014-01-01 13:04 - 2014-01-01 13:04 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-01-01 13:04 - 2014-01-01 13:04 - 00000000 ____D C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-01-01 13:04 - 2014-01-01 12:59 - 00000000 ____D C:\ProgramData\HitmanPro
2014-01-01 12:59 - 2014-01-01 12:59 - 00000000 ____D C:\Program Files\HitmanPro
2014-01-01 12:56 - 2014-01-01 12:55 - 10264904 _____ (SurfRight B.V.) C:\Users\Fluffyman\Desktop\HitmanPro_x64.exe
2014-01-01 12:48 - 2014-01-01 12:48 - 00000000 ____D C:\Windows\ERUNT
2014-01-01 12:46 - 2014-01-01 12:46 - 01036305 _____ (Thisisu) C:\Users\Fluffyman\Desktop\JRT.exe
2014-01-01 12:21 - 2014-01-01 12:21 - 00053135 _____ C:\Users\Fluffyman\Downloads\Ultimate_YouTube_Downloader_1.0.3.3.crx
2014-01-01 12:15 - 2010-11-21 04:47 - 00372618 _____ C:\Windows\PFRO.log
2014-01-01 12:13 - 2014-01-01 12:13 - 01233962 _____ C:\Users\Fluffyman\Desktop\adwcleaner.exe
2014-01-01 12:08 - 2013-12-30 23:25 - 00000000 ____D C:\ProgramData\3473d4c048c6e285
2014-01-01 12:03 - 2011-06-26 19:01 - 00000000 ____D C:\Users\Fluffyman
2014-01-01 11:54 - 2014-01-01 11:54 - 00079672 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-01-01 11:54 - 2013-03-17 17:51 - 00207904 _____ C:\Windows\system32\Drivers\aswVmm.sys
2014-01-01 11:54 - 2012-07-05 13:26 - 01034464 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-01-01 11:54 - 2012-07-05 13:26 - 00422216 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-01-01 11:54 - 2012-07-05 13:26 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-01-01 11:54 - 2012-07-05 13:26 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-01-01 11:54 - 2012-07-05 13:26 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-01-01 11:54 - 2012-07-05 13:26 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-12-31 22:11 - 2012-09-06 23:24 - 00001084 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188416372-2009558963-3285436635-1000Core.job
2013-12-31 21:22 - 2011-06-26 19:51 - 00000000 ____D C:\Users\Fluffyman\AppData\Roaming\Xfire
2013-12-31 20:53 - 2011-06-26 20:28 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-12-31 20:45 - 2011-08-15 09:48 - 00000000 ____D C:\Users\Fluffyman\.gimp-2.6
2013-12-31 20:44 - 2013-12-31 20:44 - 00006513 _____ C:\Users\Fluffyman\.recently-used.xbel
2013-12-31 20:44 - 2011-08-15 09:54 - 00000000 ____D C:\Users\Fluffyman\AppData\Roaming\gtk-2.0
2013-12-31 20:19 - 2011-06-26 20:28 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-12-31 18:30 - 2011-07-13 15:32 - 00000000 ____D C:\Users\Fluffyman\AppData\Local\CrashDumps
2013-12-30 23:25 - 2013-12-30 23:25 - 00000000 ____D C:\ProgramData\pdpkhilcppfgoldikaiajdpnimmlekek
2013-12-30 14:34 - 2013-12-27 16:20 - 00000179 _____ C:\Users\Fluffyman\Desktop\kaffee shops.txt
2013-12-30 07:05 - 2013-10-29 02:04 - 00000000 ____D C:\Users\Fluffyman\AppData\Local\Spotify
2013-12-28 13:26 - 2013-12-28 13:17 - 00000000 ____D C:\Users\Fluffyman\AppData\Roaming\Audacity
2013-12-26 18:51 - 2013-12-26 18:28 - 00004576 _____ C:\Users\Fluffyman\Desktop\vermittlungsvorschlag.txt
2013-12-26 09:54 - 2011-06-26 19:01 - 00000000 ___RD C:\Users\Fluffyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-25 10:27 - 2013-12-16 15:45 - 00000000 ____D C:\Users\Fluffyman\Desktop\Neuer Ordner (2)
2013-12-24 19:08 - 2013-11-24 01:03 - 00000000 ____D C:\Users\Fluffyman\Desktop\Neuer Ordner
2013-12-20 15:38 - 2011-06-26 19:53 - 00000000 ____D C:\Users\Fluffyman\AppData\Roaming\CyberLink
2013-12-18 09:41 - 2011-06-26 19:51 - 00000000 ____D C:\ProgramData\Xfire
2013-12-17 19:44 - 2011-06-26 22:38 - 00000000 ____D C:\ProgramData\LightScribe
2013-12-17 01:05 - 2013-12-17 00:41 - 00000130 _____ C:\Users\Fluffyman\Desktop\aeropress anleitung.txt
2013-12-15 11:31 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-15 01:57 - 2013-08-15 11:13 - 00000000 ____D C:\Windows\system32\MRT
2013-12-15 01:56 - 2013-05-05 21:11 - 90708896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-12-12 09:15 - 2009-07-14 05:45 - 00304392 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-11 18:31 - 2012-04-04 07:17 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 18:31 - 2012-04-04 07:17 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 18:31 - 2011-06-26 19:47 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-06 15:34 - 2013-12-06 15:34 - 02822130 _____ C:\Users\Fluffyman\Downloads\YouTube_Options.crx
2013-12-06 15:31 - 2013-12-06 15:31 - 00375246 _____ C:\Users\Fluffyman\Downloads\33042.user.js
2013-12-06 15:29 - 2013-12-06 15:29 - 00048517 _____ C:\Users\Fluffyman\Downloads\youtube1.0.1.2 (1).crx
2013-12-04 11:02 - 2011-06-26 19:01 - 00001425 _____ C:\Users\Fluffyman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 11:01 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-04 02:14 - 2013-12-04 02:12 - 00012105 _____ C:\Windows\IE11_main.log
2013-12-04 02:12 - 2013-12-04 02:12 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-12-04 02:12 - 2013-12-04 02:12 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-04 02:12 - 2013-12-04 02:12 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-04 02:12 - 2013-12-04 02:12 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-04 02:12 - 2013-12-04 02:12 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-04 02:12 - 2013-12-04 02:12 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-04 02:12 - 2013-12-04 02:12 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-04 02:12 - 2013-12-04 02:12 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-12-04 02:12 - 2013-12-04 02:12 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-12-04 02:12 - 2013-12-04 02:12 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
Some content of TEMP:
====================
C:\Users\Fluffyman\AppData\Local\Temp\installerdll28064985.dll
C:\Users\Fluffyman\AppData\Local\Temp\installerdll28071709.dll
C:\Users\Fluffyman\AppData\Local\Temp\Install_HOSTS_Anti-Adware.exe
C:\Users\Fluffyman\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Fluffyman\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Fluffyman\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Fluffyman\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\Fluffyman\AppData\Local\Temp\nvStereoApiI64.dll
C:\Users\Fluffyman\AppData\Local\Temp\nvStInst.exe
C:\Users\Fluffyman\AppData\Local\Temp\Quarantine.exe
C:\Users\Fluffyman\AppData\Local\Temp\rootsupd.exe
C:\Users\Fluffyman\AppData\Local\Temp\Setup.exe
C:\Users\Fluffyman\AppData\Local\Temp\sonarinst.exe
C:\Users\Fluffyman\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Fluffyman\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Fluffyman\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-30 07:54
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01
Ran by Fluffyman at 2014-01-01 14:23:31
Running from C:\Users\Fluffyman\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
7-Zip 9.20 (x32 Version: - )
Active@ ISO Burner (x32 Version: 2.1.0 - LSoft Technologies)
Adobe AIR (x32 Version: 3.7.0.2090 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 4.2 64-bit (Version: 4.2.1 - Adobe)
Adobe Reader X (10.1.6) - Deutsch (x32 Version: 10.1.6 - Adobe Systems Incorporated)
Amazon Kindle (x32 Version: - Amazon)
Amazon MP3-Downloader 1.0.17 (x32 Version: 1.0.17 - Amazon Services LLC)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.4.5.0 - Asmedia Technology)
avast! Free Antivirus (x32 Version: 9.0.2011 - Avast Software)
Battlefield 1942™ (x32 Version: 1.6.20.0 - Electronic Arts)
Battlefield 3™ (x32 Version: 1.0.0.0 - Electronic Arts)
Battlefield 4 (x32 Version: 1.0.0.1 - Electronic Arts)
Battlelog Web Plugins (x32 Version: 2.3.2 - EA Digital Illusions CE AB)
BF4 Borderless (Version: 1.0 - Realmware)
BF4 Settings Editor (Version: 1.1 - Realmware)
Bluetooth Win7 Suite (64) (Version: 7.2.0.40 - Atheros Communications)
calibre (x32 Version: 0.9.23 - Kovid Goyal)
Call of Duty: Black Ops II - Multiplayer (x32 Version: - )
Call of Duty: Black Ops II - Zombies (x32 Version: - )
Camtasia Studio 8 (x32 Version: 8.0.2.918 - TechSmith Corporation)
CCleaner (Version: 4.06 - Piriform)
Company of Heroes 2 – OPEN BETA (x32 Version: - )
Core Temp version 0.99.8 (Version: 0.99.8 - Arthur Liberman)
Counter-Strike (x32 Version: - Valve)
Counter-Strike: Global Offensive (x32 Version: - )
DivX-Setup (x32 Version: 2.6.1.44 - DivX, LLC)
Dokan Library 0.6.0 (x32 Version: - )
EasyLife Gadget (Version: 1.0 - EasyLife Gadget)
ESN Sonar (x32 Version: 0.41.0 - ESN AB)
ESN Sonar (x32 Version: 0.70.4 - ESN Social Software AB)
Fraps (remove only) (x32 Version: - )
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation)
GIMP 2.6.8 (Version: - )
Google Chrome (HKCU Version: 31.0.1650.63 - Google Inc.)
Google Earth (x32 Version: 5.2.1.1588 - Google)
Grand Theft Auto IV (x32 Version: 1.0.0013.131 - Rockstar Games Inc.)
Grand Theft Auto IV (x32 Version: 1.00.0000 - Rockstar Games)
Hugin 2011.4.0 (x32 Version: 2011.4.0 hg_cf9be9344356 - The Hugin Development Team)
ImTOO Video Converter Ultimate (x32 Version: 7.4.0.20120710 - ImTOO)
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Network Connections 15.6.25.0 (Version: 15.6.25.0 - Intel)
Intel(R) Rapid Storage Technology (x32 Version: 10.5.0.1026 - Intel Corporation)
Internet-TV für Windows Media Center (x32 Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 45 (x32 Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.)
Java(TM) 6 Update 35 (x32 Version: 6.0.350 - Oracle)
JMicron JMB36X Driver (x32 Version: 1.17.58.2 - JMicron Technology Corp.)
Katawa Shoujo (x32 Version: - )
LG CyberLink LabelPrint (x32 Version: 2.5.3109 - CyberLink Corp.)
LG CyberLink Power2Go (x32 Version: 6.2.4009 - CyberLink Corp.)
LG CyberLink PowerBackup (x32 Version: 2.5.5529 - CyberLink Corp.)
LG CyberLink YouCam (x32 Version: 2.0.3304a - CyberLink Corp.)
LG ODD Auto Firmware Update (x32 Version: 10.01.0712.01 - )
LG Power Tools (x32 Version: 6.0.3316 - CyberLink Corp.)
LightScribe System Software (x32 Version: 1.18.18.1 - LightScribe)
Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.)
Logitech Gaming Software 8.50 (Version: 8.50.281 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MediaMonkey 4.0 (x32 Version: 4.0 - Ventis Media Inc.)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 DEU Language Pack (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (x32 Version: 3.5.92.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation)
Mozilla Firefox 15.0 (x86 de) (x32 Version: 15.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 15.0 - Mozilla)
NVIDIA 3D Vision Controller-Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.7.1 (Version: 1.7.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation)
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation)
NVIDIA Optimus 9.3.21 (Version: 9.3.21 - NVIDIA Corporation)
NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 9.3.21 (Version: 9.3.21 - NVIDIA Corporation)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.3182 - NVIDIA Corporation)
NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation)
NVIDIA Update 9.3.21 (Version: 9.3.21 - NVIDIA Corporation)
NVIDIA Update Components (Version: 9.3.21 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.9 (Version: 1.2.9 - NVIDIA Corporation)
O&O Defrag Professional (Version: 14.1.305 - O&O Software GmbH)
OpenAL (x32 Version: - )
OpenOffice.org 3.3 (x32 Version: 3.3.9567 - OpenOffice.org)
Origin (x32 Version: 9.2.1.4399 - Electronic Arts, Inc.)
Pando Media Booster (x32 Version: 2.6.0.8 - Pando Networks Inc.)
PC Inspector File Recovery (x32 Version: 4.0 - )
PlanetSide 2 (x32 Version: - Sony Online Entertainment)
PunkBuster Services (x32 Version: 0.993 - Even Balance, Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6251 - Realtek Semiconductor Corp.)
Red Orchestra 2: Heroes of Stalingrad (x32 Version: - Tripwire)
Roll (x32 Version: - )
SecurityKISS Tunnel v0.1.7 (Version: - )
SHIELD Streaming (Version: 1.6.53 - NVIDIA Corporation)
Shutdown Timer (Version: 3.3.4 - Sinvise Systems)
Spotify (HKCU Version: 0.9.6.81.gd359a796 - Spotify AB)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
Team Fortress 2 (x32 Version: - Valve)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc)
VLC media player 1.1.11 (x32 Version: 1.1.11 - VideoLAN)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (x32 Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.01 (64-bit) (Version: 4.01.0 - win.rar GmbH)
Xfire (remove only) (x32 Version: - )
==================== Restore Points =========================
01-01-2014 10:53:24 avast! antivirus system restore point
01-01-2014 11:03:17 Removed Versandhelfer
==================== Hosts content: ==========================
2009-07-14 03:34 - 2014-01-01 13:05 - 00040087 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 08sr.combineads.info # hosts anti-adware / pups
127.0.0.1 08srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 12srvr.combineads.info # hosts anti-adware / pups
127.0.0.1 2010-fr.com # hosts anti-adware / pups
127.0.0.1 2012-new.biz # hosts anti-adware / pups
127.0.0.1 212link.com # hosts anti-adware / pups
127.0.0.1 2319825.ourtoolbar.com # hosts anti-adware / pups
127.0.0.1 24h00business.com # hosts anti-adware / pups
127.0.0.1 a.adorika.net # hosts anti-adware / pups
127.0.0.1 a.ad-sys.com # hosts anti-adware / pups
127.0.0.1 a.daasafterdusk.com # hosts anti-adware / pups
127.0.0.1 ad.adn360.com # hosts anti-adware / pups
127.0.0.1 adeartss.eu # hosts anti-adware / pups
127.0.0.1 adesoeasy.eu # hosts anti-adware / pups
127.0.0.1 adf.girldatesforfree.net # hosts anti-adware / pups
127.0.0.1 adm.soft365.com # hosts anti-adware / pups
127.0.0.1 adomicileavail.googlepages.com # hosts anti-adware / pups
127.0.0.1 ads7.complexadveising.com # hosts anti-adware / pups
127.0.0.1 ads.adplxmd.com # hosts anti-adware / pups
127.0.0.1 ads.aff.co # hosts anti-adware / pups
127.0.0.1 ads.alpha00001.com # hosts anti-adware / pups
127.0.0.1 ads.cloud4ads.com # hosts anti-adware / pups
127.0.0.1 ads.eorezo.com # hosts anti-adware / pups
127.0.0.1 ads.hooqy.com # hosts anti-adware / pups
127.0.0.1 ads.pornerbros.com # hosts anti-adware / pups
127.0.0.1 ads.realken.com # hosts anti-adware / pups
127.0.0.1 ads.regiedepub.com # hosts anti-adware / pups
127.0.0.1 ads.sucomspot.com # hosts anti-adware / pups
127.0.0.1 ads.tersecta.com # hosts anti-adware / pups
There are 635 more lines.
==================== Scheduled Tasks (whitelisted) =============
Task: {063B2243-90A1-45FB-BE79-F2ADC3B0EA3F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-01-01] (AVAST Software)
Task: {54504786-7404-4BF4-A36B-51ED184946D0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {8EAEA703-0690-49E4-AC8E-9FD645A25E3E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188416372-2009558963-3285436635-1000Core => C:\Users\Fluffyman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: {A43B1779-8F42-4300-9AF3-A4BA958B09B9} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03] (Adobe Systems Incorporated)
Task: {BE7E09FD-ADB5-4669-B899-A12FE7A6CB57} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {CB5AB4ED-0814-4390-8B55-05A8AE7CE375} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02] (Oracle Corporation)
Task: {D81885E1-83D5-4F81-AD0A-65D73ECBD44A} - System32\Tasks\Google Updater and Installer => C:\Users\Fluffyman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: {E019FD9D-456F-4B77-8642-63DF76BAF3C7} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1188416372-2009558963-3285436635-1000UA => C:\Users\Fluffyman\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-06] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188416372-2009558963-3285436635-1000Core.job => C:\Users\Fluffyman\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1188416372-2009558963-3285436635-1000UA.job => C:\Users\Fluffyman\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-01 12:29 - 2014-01-01 11:47 - 02152960 _____ () C:\Program Files\AVAST Software\Avast\defs\14010100\algo.dll
2010-08-16 12:21 - 2010-08-16 12:21 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-08-16 12:21 - 2010-08-16 12:21 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-08-16 12:21 - 2010-08-16 12:21 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2011-01-17 16:19 - 2012-01-23 11:14 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2009-12-15 12:46 - 2009-12-15 12:46 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 12:49 - 2009-12-15 12:49 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-02-13 03:38 - 2013-02-13 03:38 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2011-06-26 20:28 - 2006-06-09 14:20 - 00003072 _____ () C:\Windows\system32\CTXFIGER.DLL
2013-11-20 21:41 - 2013-11-20 21:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2011-06-26 20:29 - 2009-03-26 13:46 - 00148480 _____ () C:\Windows\SysWOW64\APOMngr.DLL
2013-08-18 22:55 - 2013-08-18 22:55 - 00172544 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\f60b3ee2de3f41a024920486d46d49f2\IsdiInterop.ni.dll
2011-07-23 09:01 - 2011-04-29 23:28 - 00059904 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2013-12-06 11:14 - 2013-12-04 03:47 - 00702416 _____ () C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
2013-12-06 11:14 - 2013-12-04 03:47 - 00099792 _____ () C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\libegl.dll
2013-12-06 11:14 - 2013-12-04 03:48 - 04055504 _____ () C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-06 11:14 - 2013-12-04 03:48 - 00399312 _____ () C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-06 11:14 - 2013-12-04 03:47 - 01619408 _____ () C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-06 11:14 - 2013-12-04 03:48 - 13586896 _____ () C:\Users\Fluffyman\AppData\Local\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\Temp:BF14D50A
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/01/2014 02:16:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 01:40:51 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/01/2014 02:14:35 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Error: (01/01/2014 01:39:13 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.
Microsoft Office Sessions:
=========================
Error: (01/01/2014 02:16:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/01/2014 01:40:51 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 33%
Total physical RAM: 8168.63 MB
Available physical RAM: 5419.2 MB
Total Pagefile: 8966.8 MB
Available Pagefile: 6029.37 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:59.53 GB) (Free:15.45 GB) NTFS
Drive e: (Volume) (Fixed) (Total:931.51 GB) (Free:501.6 GB) NTFS
Drive f: () (Fixed) (Total:298.09 GB) (Free:31.38 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 60 GB) (Disk ID: 5D74C695)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=60 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 6CDFF4AC)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8AE7541D)
Partition 1: (Active) - (Size=298 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Ich bin mit meinem recht begrenzten Latein am Ende. Google spuckt mir nur Threads aus wo die Leute nach Abarbeitung meiner Schritte keine Probleme mehr hatten, weiss nicht warums bei mir nicht klappen will. |
|
01.01.2014, 15:20
| #2 |
| /// the machine /// TB-Ausbilder    | SafeSaver lässt sich nicht löschen Hi,
__________________poste auch mal die Logs von AdwCleaner und MBAM.
__________________ |
|
01.01.2014, 16:54
| #3 |
| | SafeSaver lässt sich nicht löschen MBAM, der aktuellste Log:
__________________Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.31.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Fluffyman :: FLUFFYMAN-PC [Administrator] Schutz: Aktiviert 01.01.2014 13:28:53 mbam-log-2014-01-01 (13-28-53).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 260773 Laufzeit: 1 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.31.08 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Fluffyman :: FLUFFYMAN-PC [Administrator] Schutz: Aktiviert 01.01.2014 12:11:30 mbam-log-2014-01-01 (12-11-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 262161 Laufzeit: 1 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 3 HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} (PUP.Optional.EasyLife.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{01bd49d7-c76b-4310-8beb-14d7e5f322c6} (PUP.Optional.EasyLife.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 5 C:\Users\Fluffyman\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Roaming\OpenCandy\9C6C1B2B432549C6A00C7EA60034D7F7 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3288691 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3297265 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3297861 (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 10 C:\ProgramData\ReandoomPPraicue\j.exe (PUP.Optional.CRXDrop.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\ReeGUlarDEails\UMOUIRBqv.exe (PUP.Optional.CRXDrop.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Roaming\OpenCandy\9C6C1B2B432549C6A00C7EA60034D7F7\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3297265\ism.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Roaming\OpenCandy\9C6C1B2B432549C6A00C7EA60034D7F7\3135.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Roaming\OpenCandy\9C6C1B2B432549C6A00C7EA60034D7F7\TuneUpUtilities2013-2200218-p3v0.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3288691\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3288691\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3297861\chromeid.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Fluffyman\AppData\Local\Temp\ct3297861\setup.ini.txt (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) AdwCleaner Log: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 15:28:14
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Fluffyman - FLUFFYMAN-PC
# Gestartet von : C:\Users\Fluffyman\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v15.0 (de)
[ Datei : C:\Users\Fluffyman\AppData\Roaming\Mozilla\Firefox\Profiles\21b80u3q.default-1388581057848\prefs.js ]
-\\ Google Chrome v
[ Datei : C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [5705 octets] - [01/01/2014 12:24:06]
AdwCleaner[R1].txt - [1096 octets] - [01/01/2014 12:31:51]
AdwCleaner[R2].txt - [1230 octets] - [01/01/2014 13:05:05]
AdwCleaner[R3].txt - [1351 octets] - [01/01/2014 13:28:41]
AdwCleaner[R4].txt - [1471 octets] - [01/01/2014 14:06:01]
AdwCleaner[R5].txt - [1151 octets] - [01/01/2014 15:28:14]
AdwCleaner[S0].txt - [5090 octets] - [01/01/2014 12:27:02]
AdwCleaner[S1].txt - [1053 octets] - [01/01/2014 12:43:56]
AdwCleaner[S2].txt - [1292 octets] - [01/01/2014 13:07:11]
AdwCleaner[S3].txt - [1412 octets] - [01/01/2014 13:32:50]
AdwCleaner[S4].txt - [1532 octets] - [01/01/2014 14:10:49]
########## EOF - C:\AdwCleaner\AdwCleaner[R5].txt - [1511 octets] ##########
/Edit: Hier nochmal 2 frühere Logs von AdwCleaner falls das auch hilft: Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 12:24:06
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Fluffyman - FLUFFYMAN-PC
# Gestartet von : C:\Users\Fluffyman\Desktop\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : BCUService
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\END
Ordner Gefunden C:\Program Files (x86)\DeviceVM
Ordner Gefunden C:\ProgramData\SoftSafe
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\Fluffyman\AppData\LocalLow\boost_interprocess
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\DeviceVM
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\DeviceVM
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gefunden : HKLM\Software\DeviceVM
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Schlüssel Gefunden : HKLM\Software\SP Global
Schlüssel Gefunden : HKLM\Software\SProtector
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.easylifeapp.com/?pid=625&src=ie1&r=2013/02/24&hid=1458390817&lg=EN&cc=DE
-\\ Mozilla Firefox v15.0 (de)
[ Datei : C:\Users\Fluffyman\AppData\Roaming\Mozilla\Firefox\Profiles\peb4nu96.default\prefs.js ]
Zeile gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gefunden : user_pref("aol_toolbar.default.search.check", false);
Zeile gefunden : user_pref("browser.search.defaultenginename", "EasyLife");
Zeile gefunden : user_pref("browser.search.defaultenginename,S", "EasyLife");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=625&src=ff2&r=2013/02/24&hid=1458390817&lg=EN&cc=DE&l=1&q=");
Zeile gefunden : user_pref("browser.search.order.1", "EasyLife");
Zeile gefunden : user_pref("browser.search.order.1,S", "EasyLife");
Zeile gefunden : user_pref("browser.search.selectedEngine", "EasyLife");
Zeile gefunden : user_pref("browser.search.selectedEngine,S", "EasyLife");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=625&src=ff1&r=2013/02/24&hid=1458390817&lg=EN&cc=DE");
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gefunden : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=625&src=ff2&r=2013/02/24&hid=1458390817&lg=EN&cc=DE&l=1&q=");
Zeile gefunden : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gefunden : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gefunden : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gefunden : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v
[ Datei : C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [5533 octets] - [01/01/2014 12:24:06]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [5593 octets] ##########
Code:
ATTFilter # AdwCleaner v3.016 - Bericht erstellt am 01/01/2014 um 12:27:02
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Fluffyman - FLUFFYMAN-PC
# Gestartet von : C:\Users\Fluffyman\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BCUService
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\SoftSafe
Ordner Gelöscht : C:\Program Files (x86)\DeviceVM
Ordner Gelöscht : C:\Users\FLUFFY~1\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Fluffyman\AppData\LocalLow\boost_interprocess
Datei Gelöscht : C:\END
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AddressBarSearch.SearchHook.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [BCU]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{77AA6435-2488-4A94-9FE5-49519DD2ED9B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\DeviceVM
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D793423B-FF18-4A54-B9C9-75B3396BAAC4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v15.0 (de)
[ Datei : C:\Users\Fluffyman\AppData\Roaming\Mozilla\Firefox\Profiles\peb4nu96.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("browser.search.defaultenginename", "EasyLife");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "EasyLife");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.easylifeapp.com/?pid=625&src=ff2&r=2013/02/24&hid=1458390817&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "EasyLife");
Zeile gelöscht : user_pref("browser.search.order.1,S", "EasyLife");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "EasyLife");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "EasyLife");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?pid=625&src=ff1&r=2013/02/24&hid=1458390817&lg=EN&cc=DE");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.easylifeapp.com/?pid=625&src=ff2&r=2013/02/24&hid=1458390817&lg=EN&cc=DE&l=1&q=");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v
[ Datei : C:\Users\Fluffyman\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [5705 octets] - [01/01/2014 12:24:06]
AdwCleaner[S0].txt - [4934 octets] - [01/01/2014 12:27:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4994 octets] ##########
Hab Chrome deinstalliert und nochmal AdwCleaner laufen lassen, neu gestartet und Chrome wieder installiert (+ Lesezeichen und Addons importiert). Seitdem ist dieses nervige Tool in allen 3 Browsern verschwunden, Avast zeigt mir unter Browser Cleanup beim IE zwar immernoch ReandoomPPraicue und ReeGUlarDEails an aber beide sind als deaktiviert gekennzeichnet. Ich vermute dann mal dass irgendwo im Installationsverzeichnis von Chrome noch Reste waren und sich das Programm von dort immer wieder auf alle Browser neu installiert hat? Ich glaube meine Variante war eher die Holzhammer Methode (keine ahnung ob irgendwo noch Registry Einträge übrig geblieben sind etc.) aber scheint zu funktionieren..hat mich ganze 4 Stunden gekostet weil ich Chrome nur ungerne deinstallieren wollte und mir ehrlich gesagt nichts davon erhofft hatte. Dennoch vielen Dank an dich Schrauber, ein tolles Forum was Ihr hier habt! Geändert von Fluffyman (01.01.2014 um 15:37 Uhr) |
|
02.01.2014, 09:38
| #4 |
| /// the machine /// TB-Ausbilder | SafeSaver lässt sich nicht löschen Gern Geschehen 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu SafeSaver lässt sich nicht löschen |
| antivirus, browser, converter, explorer, fehler, flash player, google, homepage, junkware, launch, logfile, neustart, photoshop, plug-in, programm, pup.optional.conduit.a, pup.optional.crxdrop.a, pup.optional.easylife.a, pup.optional.opencandy, pup.optional.opencandy.a, pup.optional.sprotector.a, realtek, registry, safesaver, scan, services.exe, software, spotify web helper, tunnel, vcredist |
Linear-Darstellung
