| |
| |||||||
Log-Analyse und Auswertung: Win 7: Snapdo, plötzliches System-ShutdownWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.03.2014, 19:50
| #1 |
 |  Win 7: Snapdo, plötzliches System-Shutdown Hallo! Ich habe ein Windows-7-64-bit-System. Vor ca. 3 Monaten habe ich mir Snapdo eingefangen (selber schuld, ich war nicht aufmerksam genug ...) und nur unzureichend entfernt - ich bin damals irgendwie nicht auf eure Seite gekommen ... Nun wollte ich den Störenfried ordentlich entfernen - mir ist erst jetzt aufgefallen, dass die Kinder in ihren Accounts in den Internet-Browsern einerseits snapdo und andererseits "gefährlich" aussehende "Systemmeldungen" (ganz klein "Ad" ...) hatten, das war mir zu heikel. Symptome: Der Computer ist insbesondere in den letzten Monaten langsamer geworden. Wir haben aber leider auch ein langsames Netz und ich arbeite mit großen Dateien, die Platte füllt sich, also habe ich es auf das geschoben. Ja, und vor ungefähr einem Jahr hat der Computer angefangen, immer wieder mal (so ein- bis zweimal im Monat) komplett abzustürzen - blauer Bildschirm mit dem Text: "A problem has been detected and Windows has been shut down to prevent damage to your computer. Modification of system code or a critical data structure was detected. (Ich kürze ab: bei mehrmaligem Auftreten solle man Hardware und Software überprüfen/neu installieren/entfernen bzw. den Systemadministrator fragen ...) Technical information: *** STOP: 0x00000109 (und viele Zahlen und Ziffern, die erspare ich mir jetzt ...)" Ich gebe zu, der Computer ließ sich normal starten. Die Aussicht auf ein komplettes Neuaufsetzen des Systems schreckte mich ordentlich ab, und so oft geschah das Ganze ja nicht. Daten habe ich nie verloren. Also habe ich nichts gemacht.  Ich dachte bis heute auch nicht an Malware oder ähnliches, mehr an einen RAM-Fehler. Langsamer wurde das Gerät auch erst deutlich später. Gut, ich wollte also Snapdo loswerden: Mein Virenscanner hatte keine Meldungen. Ich habe dann mitten in der Nacht MBAM laufen lassen mit positivem Ergebnis, alles in Quarantäne geschoben. Auch den Adware-Cleaner habe ich nachgeschoben und 2x laufen lassen, logs sind anbei. (ich hoffe, dass ich da nichts vertan habe ... bitte um Entschuldigung!). Erst danach habe ich das von euch vorgesehene Programm abgespult. Anbei meine Logfiles - als Anhang, Beitrag ist sonst zu groß! So, ich hoffe, ich habe alles richtig erwischt ... Bin gespannt auf eure Rückmeldung!  Liebe Grüße Barbara |
|
27.03.2014, 20:04
| #2 |
| /// Malwareteam   | Win 7: Snapdo, plötzliches System-Shutdown Hallo Eleve,
__________________ mein Name ist Jonas und ich werde dir bei deiner Bereinigung helfen. Diese kann mit viel Arbeit für dich verbunden sein. Bevor wir anfangen können, lies bitte die Bereinigungsregeln und Hinweise:  Regeln zum Ablauf der Bereinigung
Hinweise
 Logfiles bitte direkt posten. Wenn diese zu groß sind, einfach zwei/drei Posts erstellen .
__________________ |
|
27.03.2014, 22:08
| #3 |
| | Win 7: Snapdo, plötzliches System-Shutdown Hallo Sunjojo,
__________________Danke, dass du dich meines Problems annimmst. Ich hatte im Übrigen auch an die Möglichkeit gedacht, die Logs auf mehrere Posts aufzuteilen, es gab jedoch eine automatisch generierte Meldung, dass der Beitrag maximal 120000 Zeichen (ich hoffe, die Nullen stimmen) haben solle und man bei Überschreitung doch bitte die Logdateien als Anhang schicken solle. Das habe ich dann auch so gemacht. Ich schicke dir gerne nochmal die Logs: FRST.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014 Ran by proworx (ATTENTION: The logged in user is not administrator) on PROWORX-PC on 27-03-2014 15:54:54 Running from C:\Users\proworx\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Lupinho.Net) C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackupTray.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe (Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe (Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe (Microsoft Corporation) C:\Windows\splwow64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11772520 2011-01-04] (Realtek Semiconductor) HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472992 2013-03-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.) HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.) HKLM-x32\...\Run: [DBAgent] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1454216 2012-07-02] (Seagate Technology LLC) HKLM-x32\...\Run: [] - [X] HKLM-x32\...\Run: [HPUsageTrackingLEDM] - C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe [30264 2009-08-04] (Hewlett-Packard Company) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.) HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767608 2014-03-21] (AVAST Software) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.) HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation) HKLM\...\Runonce: [MSPCLOCK] - rundll32.exe streamci,StreamingDeviceSetup {97ebaacc-95bd-11d0-a3ea-00a0c9223196},{53172480-4791-11D0-A5D6-28DB04C10000},{53172480-4791-11D0-A5D6-28DB04C10000} HKLM\...\Runonce: [MSPQM] - rundll32.exe streamci,StreamingDeviceSetup {DDF4358E-BB2C-11D0-A42F-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196},{97EBAACB-95BD-11D0-A3EA-00A0C9223196} HKLM\...\Runonce: [MSKSSRV] - rundll32.exe streamci,StreamingDeviceSetup {96E080C7-143C-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196},{3C0D501A-140B-11D1-B40F-00A0C9223196} HKLM\...\Runonce: [MSTEE.CxTransform] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},{CF1DDA2C-9743-11D0-A3EE-00A0C9223196},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install HKLM\...\Runonce: [MSTEE.Splitter] - rundll32.exe streamci,StreamingDeviceSetup {cfd669f1-9bc2-11d0-8299-0000f822fe8a},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},{0A4252A0-7E70-11D0-A5D6-28DB04C10000},C:\Windows\inf\ksfilter.inf,MSTEE.Interface.Install HKLM\...\Runonce: [WDM_DRMKAUD] - rundll32.exe streamci,StreamingDeviceSetup {EEC12DB6-AD9C-4168-8658-B03DAEF417FE},{ABD61E00-9350-47e2-A632-4438B90C6641},{FFBB6E3F-CCFE-4D84-90D9-421418B03A8E},C:\Windows\inf\WDMAUDIO.inf,WDM_DRMKAUD.Interface.Install HKLM-x32\...\Runonce: [aswAhAScr.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\AhAScr.dll" [X] HKLM-x32\...\Runonce: [aswasOutExt.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr.exe" "C:\Program Files\AVAST Software\Avast\asOutExt.dll" [X] HKLM-x32\...\Runonce: [aswasOutExt64.dll] - "C:\Program Files\AVAST Software\Avast\aswRegSvr64.exe" "C:\Program Files\AVAST Software\Avast\asOutExt64.dll" [X] HKLM-x32\...\RunOnce: [20131224] - C:\Program Files\AVAST Software\Avast\setup\emupdate\d756af1a-95d1-4ff1-bf5d-84ea57abc9bf.exe /check [181136 2014-03-26] (AVAST Software) HKLM-x32\...\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] - "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \mbamdor.exe" "C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware " [54072 2014-03-05] (Malwarebytes Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\Run: [Uploader] - C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe [120496 2012-07-02] (Seagate Technology LLC) HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\Policies\system: [LogonHoursAction] 2 HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1 HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\MountPoints2: {0ec85fea-593e-11e0-a31b-806e6f6e6963} - D:\start.exe HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\MountPoints2: {313ce0da-2827-11e2-91d3-1c6f65deec0d} - E:\SISetup.exe HKU\S-1-5-21-768405528-1706932147-445367486-1000\...\MountPoints2: {ccf47943-1857-11e2-a67d-1c6f65deec0d} - K:\laucher.exe ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xC8E917F2522BCC01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) Tcpip\Parameters: [DhcpNameServer] 192.168.16.1 80.120.17.70 FireFox: ======== FF ProfilePath: C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default FF SelectedSearchEngine: Google FF Homepage: https://www.google.at/ FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll () FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF Plugin HKCU: @Google.com/GoogleEarthPlugin - C:\Users\proworx\AppData\Local\Google\Google Earth\plugin\npgeplugin.dll (Google) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: GMX MailCheck - C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default\Extensions\toolbar@gmx.net.xpi [2013-05-14] FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-09-26] Chrome: ======= Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION CHR Extension: (Google Drive) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-13] CHR Extension: (YouTube) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-13] CHR Extension: (Google Search) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-13] CHR Extension: (WhiteSmoke US New) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif [2014-03-26] CHR Extension: (Google Wallet) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22] CHR Extension: (Gmail) - C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-13] CHR HKCU\...\Chrome\Extension: [kfkcangbigakljkjeglcofaomihpejif] - C:\Users\proworx\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx [2012-10-11] CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated) R2 Asset Management Daemon; C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe [133744 2011-03-02] () R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-17] (AVAST Software) R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [113704 2014-02-17] (AVAST Software) R2 DeltaCopyService; C:\DeltaCopy\DCServce.exe [683008 2009-11-23] (Synametrics Technologies) R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe [129648 2011-03-02] (Portrait Displays, Inc.) R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2012-06-01] (Microsoft Corporation) R2 HardlinkBackupService; C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackup.Service.exe [14848 2013-11-26] (Lupinho.Net) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation) R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [14528 2012-07-02] (Seagate Technology LLC) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-14] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [464464 2011-04-24] (Protect Software GmbH) R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [229664 2011-04-24] (Protect Software GmbH) R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2013-10-22] (AVAST Software) R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-17] (AVAST Software) R1 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [440672 2014-02-21] (AVAST Software) R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-10-22] (AVAST Software) R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-22] () R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-17] (AVAST Software) R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-17] (AVAST Software) R3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-17] (AVAST Software) R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-01-07] () S3 BrSerIf; C:\Windows\System32\DRIVERS\BrSerIf.sys [97280 2006-12-12] (Brother Industries Ltd.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation) S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [27648 2007-10-11] () R3 mvusbews; C:\Windows\System32\Drivers\mvusbews.sys [20480 2012-12-24] (Marvell Semiconductor, Inc.) R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2011-02-16] (Portrait Displays, Inc.) R3 Spyder3; C:\Windows\System32\DRIVERS\Spyder3.sys [15360 2008-09-08] () S3 gdrv; \??\C:\Windows\gdrv.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-03-27 15:54 - 2014-03-27 15:55 - 00019322 _____ () C:\Users\proworx\Desktop\FRST.txt 2014-03-27 15:54 - 2014-03-27 15:54 - 00000000 ____D () C:\FRST 2014-03-27 15:53 - 2014-03-27 15:53 - 02157056 _____ (Farbar) C:\Users\proworx\Desktop\FRST64.exe 2014-03-27 15:51 - 2014-03-27 15:51 - 00000476 _____ () C:\Users\proworx\Desktop\defogger_disable.log 2014-03-27 15:51 - 2014-03-27 15:51 - 00000000 _____ () C:\Users\Barbara\defogger_reenable 2014-03-27 15:49 - 2014-03-27 15:49 - 00050477 _____ () C:\Users\proworx\Desktop\Defogger.exe 2014-03-26 12:32 - 2014-03-26 12:43 - 00000000 ____D () C:\AdwCleaner 2014-03-26 12:22 - 2014-03-26 12:27 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-26 12:22 - 2014-03-26 12:22 - 00001086 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-03-26 12:22 - 2014-03-26 12:22 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-26 12:22 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL 2014-03-26 12:21 - 2014-03-26 12:21 - 04095448 _____ (BrightFort LLC ) C:\Users\proworx\Downloads\spywareblastersetup50.exe 2014-03-26 00:15 - 2014-03-26 00:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 00:14 - 2014-03-26 00:14 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-26 00:14 - 2014-03-26 00:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 00:14 - 2014-03-05 09:26 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-26 00:14 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-26 00:14 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-26 00:12 - 2014-03-26 00:13 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\proworx\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-25 14:49 - 2014-03-27 06:15 - 00001064 _____ () C:\Windows\setupact.log 2014-03-25 14:49 - 2014-03-25 14:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-15 17:09 - 2014-03-15 17:09 - 00000108 _____ () C:\Users\proworx\Downloads\playlist.pls 2014-03-13 10:10 - 2014-03-13 10:10 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\GalileoPress 2014-03-13 06:29 - 2014-03-01 07:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-13 06:29 - 2014-03-01 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-13 06:29 - 2014-03-01 06:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-13 06:29 - 2014-03-01 05:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-13 06:29 - 2014-03-01 05:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-13 06:29 - 2014-03-01 05:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-13 06:29 - 2014-03-01 05:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-13 06:29 - 2014-03-01 05:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-13 06:29 - 2014-03-01 05:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-13 06:29 - 2014-03-01 05:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-13 06:29 - 2014-03-01 05:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-13 06:29 - 2014-03-01 05:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-13 06:29 - 2014-03-01 05:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-13 06:29 - 2014-03-01 05:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-13 06:29 - 2014-03-01 05:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-13 06:29 - 2014-03-01 05:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-13 06:29 - 2014-03-01 05:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-13 06:29 - 2014-03-01 04:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-13 06:29 - 2014-03-01 04:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-13 06:29 - 2014-03-01 04:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-13 06:29 - 2014-03-01 04:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-13 06:29 - 2014-03-01 04:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-13 06:29 - 2014-03-01 04:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-13 06:29 - 2014-03-01 04:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-13 06:29 - 2014-03-01 04:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-13 06:29 - 2014-03-01 04:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-13 06:29 - 2014-03-01 04:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-13 06:29 - 2014-03-01 04:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-13 06:29 - 2014-03-01 04:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-13 06:29 - 2014-03-01 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-13 06:29 - 2014-03-01 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-13 06:29 - 2014-03-01 04:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-13 06:29 - 2014-03-01 04:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-13 06:29 - 2014-03-01 04:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-13 06:29 - 2014-03-01 03:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-13 06:29 - 2014-03-01 03:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-13 06:29 - 2014-03-01 03:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-13 06:29 - 2014-03-01 03:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-13 06:29 - 2014-03-01 03:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-13 06:29 - 2014-03-01 03:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-03-13 06:28 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2014-03-13 06:28 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll 2014-03-13 06:28 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll 2014-03-13 06:28 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll 2014-03-13 06:28 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll 2014-03-13 06:28 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll 2014-03-13 06:27 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll 2014-03-13 06:27 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2014-03-11 15:06 - 2014-03-12 09:29 - 00000168 _____ () C:\Users\proworx\AppData\Roaming\PLGComp.ini 2014-03-11 15:04 - 2014-03-11 15:04 - 00001045 _____ () C:\Users\Public\Desktop\Focus Magic.lnk 2014-03-11 15:04 - 2014-03-11 15:04 - 00000053 _____ () C:\Users\Barbara\AppData\Roaming\PLGComp.ini 2014-03-11 15:04 - 2014-03-11 15:04 - 00000000 ____D () C:\Program Files (x86)\Focus Magic 2014-03-11 15:04 - 2013-04-27 16:09 - 03600896 _____ (Acclaim Software Ltd) C:\Windows\system32\FocusMag64.dll 2014-03-11 15:04 - 2013-04-19 11:32 - 08880128 _____ (Acclaim Software Ltd) C:\Windows\SysWOW64\FocusMag.dll 2014-03-11 15:04 - 2012-10-28 04:05 - 02790912 _____ (FreeImage) C:\Windows\SysWOW64\FreeImage.dll 2014-03-11 15:03 - 2014-03-11 15:04 - 02972360 _____ (Acclaim Software Ltd ) C:\Users\proworx\Downloads\FocusMagic401.exe 2014-03-09 12:21 - 2014-03-09 12:21 - 00000732 _____ () C:\Users\proworx\Documents\Unbekannte Ruinen am Nil.kmz 2014-02-28 16:05 - 2014-02-28 16:06 - 00000000 ____D () C:\Program Files (x86)\XMind 2014-02-28 16:01 - 2014-02-28 16:03 - 100610688 _____ (XMind Ltd. ) C:\Users\proworx\Downloads\xmind-windows-3.4.1.201401221918.exe 2014-02-25 12:12 - 2014-02-25 12:12 - 00000801 _____ () C:\Users\proworx\Documents\Mosque of Qurquma.kmz 2014-02-25 11:49 - 2014-02-25 11:49 - 00000797 _____ () C:\Users\proworx\Documents\Archnet IMG11085.kmz 2014-02-25 09:53 - 2014-02-25 09:53 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\PanoramaStudio2 ==================== One Month Modified Files and Folders ======= 2014-03-27 15:55 - 2014-03-27 15:54 - 00019322 _____ () C:\Users\proworx\Desktop\FRST.txt 2014-03-27 15:54 - 2014-03-27 15:54 - 00000000 ____D () C:\FRST 2014-03-27 15:53 - 2014-03-27 15:53 - 02157056 _____ (Farbar) C:\Users\proworx\Desktop\FRST64.exe 2014-03-27 15:53 - 2013-12-27 15:38 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor 2014-03-27 15:51 - 2014-03-27 15:51 - 00000476 _____ () C:\Users\proworx\Desktop\defogger_disable.log 2014-03-27 15:51 - 2014-03-27 15:51 - 00000000 _____ () C:\Users\Barbara\defogger_reenable 2014-03-27 15:51 - 2012-10-17 14:19 - 00000000 ____D () C:\Users\Barbara 2014-03-27 15:49 - 2014-03-27 15:49 - 00050477 _____ () C:\Users\proworx\Desktop\Defogger.exe 2014-03-27 15:49 - 2012-09-18 07:45 - 00000000 ____D () C:\Users\proworx\Documents\Outlook-Dateien 2014-03-27 15:42 - 2011-06-15 19:34 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2014-03-27 15:14 - 2013-12-11 15:25 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-03-27 12:31 - 2011-03-22 08:26 - 01779815 _____ () C:\Windows\WindowsUpdate.log 2014-03-27 11:42 - 2011-06-15 19:34 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2014-03-27 11:09 - 2012-09-07 12:24 - 00000000 ____D () C:\Users\proworx\AppData\Local\CrashDumps 2014-03-27 06:25 - 2011-06-15 19:41 - 00000000 ____D () C:\Users\proworx\AppData\Local\Adobe 2014-03-27 06:25 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-03-27 06:25 - 2009-07-14 05:45 - 00014416 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-03-27 06:17 - 2012-11-15 11:35 - 00001908 _____ () C:\Users\proworx\Desktop\SafeZone-Browser.lnk 2014-03-27 06:17 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-03-27 06:15 - 2014-03-25 14:49 - 00001064 _____ () C:\Windows\setupact.log 2014-03-27 06:15 - 2011-06-15 17:35 - 00165202 _____ () C:\Windows\SysWOW64\DTSSL.log 2014-03-27 06:15 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-03-26 16:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache 2014-03-26 12:43 - 2014-03-26 12:32 - 00000000 ____D () C:\AdwCleaner 2014-03-26 12:27 - 2014-03-26 12:22 - 00000000 ____D () C:\Program Files (x86)\SpywareBlaster 2014-03-26 12:22 - 2014-03-26 12:22 - 00001086 _____ () C:\Users\Public\Desktop\SpywareBlaster.lnk 2014-03-26 12:22 - 2014-03-26 12:22 - 00000000 ____D () C:\ProgramData\Licenses 2014-03-26 12:21 - 2014-03-26 12:21 - 04095448 _____ (BrightFort LLC ) C:\Users\proworx\Downloads\spywareblastersetup50.exe 2014-03-26 00:46 - 2011-06-15 17:34 - 00495542 _____ () C:\Windows\PFRO.log 2014-03-26 00:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions 2014-03-26 00:16 - 2014-03-26 00:15 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-03-26 00:14 - 2014-03-26 00:14 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-03-26 00:14 - 2014-03-26 00:14 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-03-26 00:14 - 2012-10-23 16:45 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-03-26 00:13 - 2014-03-26 00:12 - 17523384 _____ (Malwarebytes Corporation ) C:\Users\proworx\Downloads\mbam-setup-2.0.0.1000.exe 2014-03-25 17:49 - 2012-10-25 13:50 - 00000000 ____D () C:\Users\Judith\AppData\Local\Mozilla 2014-03-25 17:43 - 2014-02-22 09:50 - 07294194 _____ () C:\Users\Judith\Documents\tirol_fuer_geographie.pptx 2014-03-25 16:40 - 2012-10-26 09:09 - 00000000 ____D () C:\Users\Judith\AppData\Local\CrashDumps 2014-03-25 14:57 - 2012-11-17 11:48 - 00001908 _____ () C:\Users\Judith\Desktop\SafeZone-Browser.lnk 2014-03-25 14:54 - 2011-04-13 19:21 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\SoftGrid Client 2014-03-25 14:49 - 2014-03-25 14:49 - 00000000 _____ () C:\Windows\setuperr.log 2014-03-24 23:52 - 2011-09-20 05:19 - 00000000 ____D () C:\Windows\Minidump 2014-03-18 23:46 - 2013-08-20 23:08 - 00000000 ____D () C:\Windows\system32\MRT 2014-03-18 23:44 - 2011-03-22 09:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-03-15 17:09 - 2014-03-15 17:09 - 00000108 _____ () C:\Users\proworx\Downloads\playlist.pls 2014-03-15 09:47 - 2013-02-16 09:54 - 00002182 _____ () C:\Users\Public\Desktop\Google Chrome.lnk 2014-03-15 09:40 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-03-14 06:18 - 2009-07-14 05:45 - 00348784 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-03-14 06:17 - 2013-03-14 23:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight 2014-03-14 06:17 - 2013-03-14 23:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight 2014-03-13 22:01 - 2012-01-15 15:19 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-03-13 10:10 - 2014-03-13 10:10 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\GalileoPress 2014-03-12 09:29 - 2014-03-11 15:06 - 00000168 _____ () C:\Users\proworx\AppData\Roaming\PLGComp.ini 2014-03-12 08:14 - 2013-12-11 15:25 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-03-12 08:14 - 2013-12-11 15:25 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-03-11 15:04 - 2014-03-11 15:04 - 00001045 _____ () C:\Users\Public\Desktop\Focus Magic.lnk 2014-03-11 15:04 - 2014-03-11 15:04 - 00000053 _____ () C:\Users\Barbara\AppData\Roaming\PLGComp.ini 2014-03-11 15:04 - 2014-03-11 15:04 - 00000000 ____D () C:\Program Files (x86)\Focus Magic 2014-03-11 15:04 - 2014-03-11 15:03 - 02972360 _____ (Acclaim Software Ltd ) C:\Users\proworx\Downloads\FocusMagic401.exe 2014-03-09 12:21 - 2014-03-09 12:21 - 00000732 _____ () C:\Users\proworx\Documents\Unbekannte Ruinen am Nil.kmz 2014-03-08 11:40 - 2011-11-04 12:59 - 00000000 ____D () C:\Users\DefaultAppPool 2014-03-07 19:16 - 2009-07-14 18:58 - 00786842 _____ () C:\Windows\system32\perfh007.dat 2014-03-07 19:16 - 2009-07-14 18:58 - 00181742 _____ () C:\Windows\system32\perfc007.dat 2014-03-07 19:16 - 2009-07-14 06:13 - 01843980 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-03-05 09:26 - 2014-03-26 00:14 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-03-05 09:26 - 2014-03-26 00:14 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-03-05 09:26 - 2014-03-26 00:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-03-02 21:04 - 2011-09-19 08:32 - 00000000 ____D () C:\VueScan 2014-03-01 07:05 - 2014-03-13 06:29 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-03-01 06:17 - 2014-03-13 06:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-03-01 06:16 - 2014-03-13 06:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-03-01 05:58 - 2014-03-13 06:29 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-03-01 05:52 - 2014-03-13 06:29 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-03-01 05:51 - 2014-03-13 06:29 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-03-01 05:42 - 2014-03-13 06:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-03-01 05:40 - 2014-03-13 06:29 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-03-01 05:37 - 2014-03-13 06:29 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-03-01 05:33 - 2014-03-13 06:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-03-01 05:33 - 2014-03-13 06:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-03-01 05:32 - 2014-03-13 06:29 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-03-01 05:30 - 2014-03-13 06:29 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-03-01 05:23 - 2014-03-13 06:29 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-03-01 05:17 - 2014-03-13 06:29 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-03-01 05:11 - 2014-03-13 06:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-03-01 05:02 - 2014-03-13 06:29 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-03-01 04:54 - 2014-03-13 06:29 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-03-01 04:52 - 2014-03-13 06:29 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-03-01 04:51 - 2014-03-13 06:29 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-03-01 04:47 - 2014-03-13 06:29 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-03-01 04:43 - 2014-03-13 06:29 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-03-01 04:43 - 2014-03-13 06:29 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-03-01 04:42 - 2014-03-13 06:29 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-03-01 04:40 - 2014-03-13 06:29 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-03-01 04:38 - 2014-03-13 06:29 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-03-01 04:37 - 2014-03-13 06:29 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-03-01 04:35 - 2014-03-13 06:29 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-03-01 04:18 - 2014-03-13 06:29 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-03-01 04:16 - 2014-03-13 06:29 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-03-01 04:14 - 2014-03-13 06:29 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-03-01 04:10 - 2014-03-13 06:29 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-03-01 04:03 - 2014-03-13 06:29 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-03-01 04:00 - 2014-03-13 06:29 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-03-01 03:57 - 2014-03-13 06:29 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-03-01 03:38 - 2014-03-13 06:29 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-03-01 03:32 - 2014-03-13 06:29 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-03-01 03:27 - 2014-03-13 06:29 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-03-01 03:25 - 2014-03-13 06:29 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-03-01 03:25 - 2014-03-13 06:29 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-02-28 16:06 - 2014-02-28 16:05 - 00000000 ____D () C:\Program Files (x86)\XMind 2014-02-28 16:06 - 2011-04-11 19:07 - 00000000 ____D () C:\Users\proworx 2014-02-28 16:03 - 2014-02-28 16:01 - 100610688 _____ (XMind Ltd. ) C:\Users\proworx\Downloads\xmind-windows-3.4.1.201401221918.exe 2014-02-28 03:06 - 2011-04-13 19:20 - 01817324 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI 2014-02-25 12:12 - 2014-02-25 12:12 - 00000801 _____ () C:\Users\proworx\Documents\Mosque of Qurquma.kmz 2014-02-25 11:49 - 2014-02-25 11:49 - 00000797 _____ () C:\Users\proworx\Documents\Archnet IMG11085.kmz 2014-02-25 09:53 - 2014-02-25 09:53 - 00000000 ____D () C:\Users\proworx\AppData\Roaming\PanoramaStudio2 Files to move or delete: ==================== C:\Users\Barbara\AppData\Roaming\PLGComp.ini C:\Users\proworx\AppData\Roaming\PLGComp.ini Some content of TEMP: ==================== C:\Users\proworx\AppData\Local\Temp\AskSLib.dll C:\Users\proworx\AppData\Local\Temp\contentDATs.exe C:\Users\proworx\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\proworx\AppData\Local\Temp\fp_pl_pfs_installer-2.exe C:\Users\proworx\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\proworx\AppData\Local\Temp\i4jdel0.exe C:\Users\proworx\AppData\Local\Temp\install_flashplayer11x32au_mssd_aaa_aih.exe C:\Users\proworx\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe C:\Users\proworx\AppData\Local\Temp\jre-6u32-windows-i586-iftw.exe C:\Users\proworx\AppData\Local\Temp\jre-7u9-windows-i586-iftw.exe C:\Users\proworx\AppData\Local\Temp\readSTILog.dll C:\Users\proworx\AppData\Local\Temp\SecurityScan_Release.exe C:\Users\proworx\AppData\Local\Temp\siinst.exe C:\Users\proworx\AppData\Local\Temp\strings.dll C:\Users\proworx\AppData\Local\Temp\UpdaterCopy.exe C:\Users\proworx\AppData\Local\Temp\vlc-2.0.7-win64.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== End Of Log ============================ --- --- --- Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by proworx at 2014-03-27 15:55:29
Running from C:\Users\proworx\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
==================== Installed Programs ======================
A.F.5 Rename your files 1.1 (HKLM-x32\...\{A725C340-77EE-11D6-BBC2-0000CB591583}) (Version: 1.1.0.0 - Alex Fauland)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.9.0.1380 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.9.0.1380 - Adobe Systems Incorporated) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Community Help (x32 Version: 3.2.1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 9 (x32 Version: 9.0.3.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop Lightroom 3.5 64-bit (HKLM\...\{44713725-8CC8-4710-B727-DC13A3665F9C}) (Version: 3.5.1 - Adobe)
Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - ATI Technologies Inc.) Hidden
Apple Application Support (HKLM-x32\...\{21FC2093-6E43-460B-B9B0-5F5AA35BBB0F}) (Version: 3.0 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{FE86CB0C-FCB3-4358-B4B0-B0A41E33B3DD}) (Version: 7.1.0.32 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI AVIVO64 Codecs (Version: 11.6.0.50527 - ATI Technologies Inc.) Hidden
ATI Catalyst Install Manager (HKLM\...\{F3FEB53B-0BD3-F481-A8F9-51BA46466A6A}) (Version: 3.0.800.0 - ATI Technologies, Inc.)
ATI Catalyst Registration (x32 Version: 3.00.0000 - ATI Technologies Inc.) Hidden
avast! Internet Security (HKLM-x32\...\avast) (Version: 9.0.2013 - Avast Software)
Avery Wizard 4.0 (HKLM-x32\...\{F5D84887-8A6F-4993-8560-B3AA44CB620D}) (Version: 4.0.201 - Avery)
Banana Buchhaltung 7.0 (HKLM-x32\...\Banana70_is1) (Version: 7.0.4.0 - Banana.ch SA)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother MFL-Pro Suite MFC-790CW (HKLM-x32\...\{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2010.1026.2246.39002 - ATI) Hidden
Catalyst Control Center Graphics Previews Vista (x32 Version: 2010.1026.2246.39002 - ATI) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2010.1026.2246.39002 - ATI Technologies, Inc.) Hidden
CCC Help English (x32 Version: 2010.1026.2245.39002 - ATI) Hidden
ccc-core-static (x32 Version: 2010.1026.2246.39002 - Ihr Firmenname) Hidden
ccc-utility64 (Version: 2010.1026.2246.39002 - ATI) Hidden
CDCheck (HKLM-x32\...\CDCheck) (Version: - )
Creative Photos FUJISHOP-PBM (HKLM-x32\...\Creative Photos FUJISHOP-PBM) (Version: 2.2.0.359 - Imaxel Lab S.L)
CrystalDiskInfo 5.0.5 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 5.0.5 - Crystal Dew World)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
DeltaCopy (HKLM-x32\...\{D6E5F58F-C879-4EC1-90F7-BA31BABF10C9}) (Version: 1.40.0000 - Synametrics Technologies)
Deutschstunde 1 SBL (HKLM-x32\...\Deutschstunde1SBL.0FB2569A2AD22E022B247A739500DB6BDEE69FAC.1) (Version: 1.00 - VERITAS Verlags- und Handelsges.m.b.H. u. Co. OHG)
Deutschstunde 1 SBL (x32 Version: 1.00 - VERITAS Verlags- und Handelsges.m.b.H. u. Co. OHG) Hidden
DigitalPrintLab3 (HKLM-x32\...\printeriaDigitalPrintLab3) (Version: - printeria)
Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Ihr Firmenname) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
File Type Advisor 1.3 (HKLM-x32\...\File Type Advisor_is1) (Version: - filetypeadvisor.com)
FM PDF To JPG Converter Free 2.5 (HKLM-x32\...\FM PDF To JPG Converter Free_is1) (Version: 2.5 - )
Focus Magic 4.01 (HKLM-x32\...\Focus Magic_is1) (Version: 4.01 - Acclaim Software Ltd)
FormsForWeb® Filler 3.2.3 (HKLM-x32\...\{18815D2C-C62D-4066-94F3-55966581D2A5}) (Version: 3.2.3 - Lucom GmbH)
Fotobuchexpress24 Bestellsoftware (HKLM-x32\...\Fotobuchexpress24) (Version: 3.1.26 - SSW Software GmbH)
Fotobuchexpress24 Bestellsoftware (x32 Version: 3.1.26 - SSW Software GmbH) Hidden
fotokasten comfort 4.2 (HKLM-x32\...\fotokasten comfort_is1) (Version: - )
Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com)
FreeFileSync 5.8 (HKLM-x32\...\FreeFileSync) (Version: 5.8 - Zenju)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Earth (HKLM-x32\...\{28E82311-8616-11E1-BEB0-B8AC6F97B88E}) (Version: 6.2.2.6613 - Google)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPL Ghostscript (HKLM-x32\...\GPL Ghostscript 9.07) (Version: 9.07 - Artifex Software Inc.)
HappyFoto-Designer 4.5 (HKLM-x32\...\HappyFoto-Designer_is1) (Version: - )
HardlinkBackup (64 bit) (HKLM\...\{3B4F43A9-459C-45D4-A565-C7249A0AB598}) (Version: 2.1.4 - Lupinho.Net)
HD Tune Pro 4.60 (HKLM-x32\...\HD Tune Pro_is1) (Version: - EFD Software)
HP Display Assistant (HKLM-x32\...\{17B371B7-740F-4C83-BDFE-0C3A2C585103}) (Version: 2.00.055 - Portrait Displays, Inc.)
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version: - )
hppLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppP1100P1560P1600SeriesLaserJetService (x32 Version: 001.001.0.0 - Hewlett-Packard) Hidden
hppusgP1100P1560P1600Series (x32 Version: 1.0.0.1 - Hewlett-Packard) Hidden
HPSSupply (HKLM-x32\...\{7902E313-FF0F-4493-ACB1-A8147B78DCD0}) (Version: 2.1.1.0000 - Hewlett Packard Development Company L.P.)
Hugin 2013.0.0 (HKLM-x32\...\Hugin) (Version: 2013.0.0 hg_0d404a7088e6 - The Hugin Development Team)
HydraVision (x32 Version: 4.2.166.0 - ATI Technologies Inc.) Hidden
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
iDevice Manager (HKLM-x32\...\FE5AE7DC-7B01-4263-A94C-B4526C276550_is1) (Version: 3.1.0.0 - Marx Software)
iExplorer 2.2.1.3 (HKLM-x32\...\{7FD8B0C1-CDDA-4B4D-A577-B2E3570EA3A3}_is1) (Version: - Macroplant, LLC)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
iTunes (HKLM\...\{96B53CA8-5ABB-49D8-96F1-F6C0D73A76C6}) (Version: 11.1.4.62 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Baseline Security Analyzer 2.2 (HKLM\...\{08C3441C-4FAF-48D3-A551-70DD6031734F}) (Version: 2.2.2170 - Microsoft Corporation)
Microsoft Choice Guard (x32 Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
MobileMe Control Panel (HKLM\...\{41BC9E31-0D39-462E-8E4C-767B21A3B1C3}) (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 14.0.1468.721 - Microsoft) Hidden
Naim Desktop Client (HKLM-x32\...\{47DDBB74-9326-4D79-9FF1-304D2119AD9A}) (Version: 2.0.2 - Naim Limited)
Naim Streamer Updater 3.21.3(7006) (HKLM-x32\...\{F3609C43-8931-4711-8969-964684223038}_is1) (Version: 3.21.3(7006) - Naim Audio Ltd)
Nikon Scan (HKLM-x32\...\{9AE4AC96-A5F4-4F19-9D13-066C8B3CE034}) (Version: 4.0 - )
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}) (Version: 3.60.0 - dotPDN LLC)
PanoramaStudio 2.5 ((deinstallieren)) (HKLM\...\PanoramaStudio2) (Version: - )
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
Pivot Pro Plugin (x32 Version: 9.50.110 - Portrait Displays, Inc.) Hidden
Polar ProTrainer (HKLM-x32\...\{DF7DBA84-0A55-11D6-A0A6-6A7573736972}) (Version: 5.35.160 - )
Polar ProTrainer Trial (HKLM-x32\...\{B116E95E-01B1-420A-AECB-B2B330B9BD97}) (Version: 5.35.161 - )
ProtectDisc Helper Driver 10 (HKLM-x32\...\ProtectDisc Driver 10) (Version: 10.0.0.5 - )
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
RAIDar 4.3.8 (HKLM-x32\...\1381-5408-0515-7060) (Version: 4.3.8 - Netgear Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.36.1224.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6282 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.46 - Piriform)
Revo Uninstaller 1.94 (HKLM-x32\...\Revo Uninstaller) (Version: 1.94 - VS Revo Group)
Saal Design Software (HKLM-x32\...\SaalDesignSoftware) (Version: 2.9.2 - SSW Software GmbH)
Saal Design Software (x32 Version: 2.9.2 - SSW Software GmbH) Hidden
Safari (HKLM-x32\...\{C779648B-410E-4BBA-B75B-5815BCEFE71D}) (Version: 5.34.57.2 - Apple Inc.)
SDK (x32 Version: 2.25.004 - Portrait Displays, Inc.) Hidden
Seagate Dashboard 2.0 (HKLM-x32\...\{43C423D9-E6D6-4607-ADC9-EBB54F690C57}) (Version: 2.0.3602.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
ShiftN 3.6.1 (HKLM-x32\...\ShiftN_is1) (Version: 3.6.1 - Marcus Hebel)
SilverFast HDRStudio 6.6.2r4a (HKLM-x32\...\SilverFast HDRStudio) (Version: - LaserSoft Imaging AG)
SilverFast NikonM 6.6.2r4a (HKLM-x32\...\SilverFast NikonM) (Version: - LaserSoft Imaging AG)
Snapform Viewer 1.7.33 (HKLM\...\2841-5017-1617-4151) (Version: 1.7.33 - Ringler Informatik AG)
Spyder3Elite (HKLM-x32\...\Spyder3Elite) (Version: - )
Spyder3Pro (HKLM-x32\...\Spyder3Pro) (Version: - )
SpywareBlaster 5.0 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.0.0 - BrightFort LLC)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
SyncBack (HKLM-x32\...\SyncBack_is1) (Version: - 2BrightSparks)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.25942 - TeamViewer)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{81812245-FC84-426A-BC02-6659C88CC7B2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
USB-Ir Adapter (HKLM-x32\...\{76AD2AAC-14EE-4CE3-958A-BB3DF65E7F06}) (Version: 1.03.0000 - )
Versteckt - Entdeckt! Fantasy (HKLM-x32\...\{FD2A02A5-C285-11DC-AA69-00E07DDCAF19}) (Version: 1.00.0000 - Terzio Verlag)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Voyages 1 Vokabeltrainer (HKLM-x32\...\de.klett.vokabeltrainer.voyages1.CE0E3A60A72FE7E3EB57F417A8115A03D988FEF4.1) (Version: 1.0 - Ernst Klett Sprachen GmbH)
Voyages 1 Vokabeltrainer (x32 Version: 1.0 - Ernst Klett Sprachen GmbH) Hidden
VueScan (HKLM\...\VueScan) (Version: - )
VueScan x64 (HKLM\...\VueScan x64) (Version: - )
Windows Live Anmelde-Assistent (HKLM-x32\...\{52B97218-98CB-4B8B-9283-D213C85E1AA4}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (x32 Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (HKLM-x32\...\{586509F0-350D-48B5-B763-9CC2F8D96C4C}) (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live Writer (x32 Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows-Treiberpaket - Leaf Imaging Ltd. Image (02/11/2010 ) (HKLM\...\A35BD68D4A1B3E191138E3C9AA417190A9468F7E) (Version: 02/11/2010 - Leaf Imaging Ltd.)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
XMind 2013 (v3.4.1) (HKLM-x32\...\XMind_is1) (Version: 3.4.1.201401221918 - XMind Ltd.)
Zoner Photo Studio 14 (HKLM\...\ZonerPhotoStudio14_DE_is1) (Version: 14.0.1.4 - ZONER software)
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2010-06-04 12:32 - 2010-07-07 15:00 - 07667970 _____ () C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe
2012-11-06 16:32 - 2012-08-31 15:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2012-11-06 16:32 - 2012-08-31 15:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2012-11-06 16:32 - 2012-08-31 15:03 - 00373760 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100sd.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
==================== Safe Mode (whitelisted) ===================
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:54:24.668]: [00004904]: Don't Create FileMapping!!!!
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:54:24.668]: [00004904]: FrendlyName : Brother MFC-790CW LAN Printer
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:54:24.667]: [00004904]: Error : ExecMonitor()
Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:52:24.670]: [00004904]: Don't Create FileMapping!!!!
Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:52:24.670]: [00004904]: FrendlyName : Brother MFC-790CW LAN Printer
Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:52:24.670]: [00004904]: Error : ExecMonitor()
Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:50:24.647]: [00004904]: Don't Create FileMapping!!!!
Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:50:24.647]: [00004904]: FrendlyName : Brother MFC-790CW LAN Printer
Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:50:24.646]: [00004904]: Error : ExecMonitor()
Error: (03/27/2014 03:48:24 PM) (Source: Brother BrLog) (User: )
Description: STMON BrtSTMON: [2014/03/27 15:48:24.634]: [00004904]: Don't Create FileMapping!!!!
System errors:
=============
Error: (03/27/2014 11:08:59 AM) (Source: DCOM) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}
Error: (03/27/2014 06:16:39 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/26/2014 04:49:59 PM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (03/26/2014 03:02:18 PM) (Source: DCOM) (User: )
Description: {D3F6D4DB-A482-4648-8DBB-3565EBCB7A6B}
Error: (03/26/2014 00:46:21 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/26/2014 00:11:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/26/2014 01:02:43 AM) (Source: DCOM) (User: )
Description: {752073A1-23F2-4396-85F0-8FDB879ED0ED}
Error: (03/26/2014 00:53:37 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/26/2014 00:49:02 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (03/25/2014 03:04:01 PM) (Source: DCOM) (User: proworx-PC)
Description: AnwendungsspezifischLokalAktivierung{D3DCB472-7261-43CE-924B-0704BD730D5F}{D3DCB472-7261-43CE-924B-0704BD730D5F}proworx-PCJudithS-1-5-21-768405528-1706932147-445367486-1003LocalHost (unter Verwendung von LRPC)
Microsoft Office Sessions:
=========================
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:54:24.668]: [00004904]: Don't Create FileMapping!!!!
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:54:24.668]: [00004904]: FrendlyName : Brother MFC-790CW LAN Printer
Error: (03/27/2014 03:54:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:54:24.667]: [00004904]: Error : ExecMonitor()
Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:52:24.670]: [00004904]: Don't Create FileMapping!!!!
Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:52:24.670]: [00004904]: FrendlyName : Brother MFC-790CW LAN Printer
Error: (03/27/2014 03:52:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:52:24.670]: [00004904]: Error : ExecMonitor()
Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:50:24.647]: [00004904]: Don't Create FileMapping!!!!
Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:50:24.647]: [00004904]: FrendlyName : Brother MFC-790CW LAN Printer
Error: (03/27/2014 03:50:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:50:24.646]: [00004904]: Error : ExecMonitor()
Error: (03/27/2014 03:48:24 PM) (Source: Brother BrLog)(User: )
Description: STMONBrtSTMON: [2014/03/27 15:48:24.634]: [00004904]: Don't Create FileMapping!!!!
==================== Memory info ===========================
Percentage of memory in use: 30%
Total physical RAM: 6127.49 MB
Available physical RAM: 4231.35 MB
Total Pagefile: 12253.16 MB
Available Pagefile: 9224.91 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:930.97 GB) (Free:230.43 GB) NTFS
Drive d: (Video-Training) (CDROM) (Total:5.4 GB) (Free:0 GB) CDFS
Drive e: () (Removable) (Total:0.99 GB) (Free:0.98 GB) FAT
Drive s: (Fotos) (Network) (Total:3692.27 GB) (Free:1888.16 GB) NTFS
Drive u: (Dokumente) (Network) (Total:3692.27 GB) (Free:1888.16 GB) NTFS
==================== MBR & Partition Table ==================
==================== End Of Log ============================
|
|
27.03.2014, 22:12
| #4 |
| | Win 7: Snapdo, plötzliches System-Shutdown Und weiter gehts: GMER: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-03-27 18:27:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 WDC_WD10EARS-00Y5B1 rev.80.00A80 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\Barbara\AppData\Local\Temp\uxtiyfob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035f8000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545 fffff800035f8011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\wininit.exe[644] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\services.exe[704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\winlogon.exe[796] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[988] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\atiesrxx.exe[140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[392] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\System32\svchost.exe[468] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[600] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[656] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1180] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\afwServ.exe[1496] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1868] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[1896] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe[2008] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[2020] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[1204] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[2044] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Plugins\AM\dtsslsrv.exe[2076] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\DeltaCopy\DCServce.exe[2188] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\DeltaCopy\rsync.exe[2236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe[2260] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[2288] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackup.Service.exe[2404] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\taskhost.exe[2544] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\inetsrv\inetinfo.exe[2920] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\Explorer.EXE[3000] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cf1465 2 bytes [CF, 76]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cf14bb 2 bytes [CF, 76]
.text ... * 2
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe[2812] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe[3096] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe[3384] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.Uploader.exe[3464] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3492] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cf1465 2 bytes [CF, 76]
.text C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe[3620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cf14bb 2 bytes [CF, 76]
.text ... * 2
.text C:\Program Files\Lupinho.Net\HardlinkBackup\HardlinkBackupTray.exe[3628] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe[3676] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe[3796] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cf1465 2 bytes [CF, 76]
.text C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cf14bb 2 bytes [CF, 76]
.text ... * 2
.text C:\Program Files (x86)\Datacolor\Spyder3Elite\Utility\Spyder3Utility.exe[3844] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe[3948] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3236] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[4040] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3176] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Brother\Brmfcmon\BrMfimon.exe[3296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe[4516] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Windows\system32\svchost.exe[4608] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[4908] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe[4984] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
? C:\Windows\system32\mssprxy.dll [4984] entry point in ".rdata" section 00000000622e71e6
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5504] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076cf1465 2 bytes [CF, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[5504] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076cf14bb 2 bytes [CF, 76]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[5264] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files\iPod\bin\iPodService.exe[6096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Windows\system32\svchost.exe[6728] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[6528] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe[1392] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[3264] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5184] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[6164] C:\Windows\System32\kernel32.dll!GetBinaryTypeW + 189 000000007718eecd 1 byte [62]
.text C:\Users\proworx\Desktop\Gmer-19357.exe[4092] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 000000007521a2ba 1 byte [62]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [6028:3348] 000007fee4a49688
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 26.03.2014 Scan Time: 00:42:50 Logfile: Malwarebytes_log.txt Administrator: Yes Version: 2.00.0.1000 Malware Database: v2014.03.25.09 Rootkit Database: v2014.03.18.01 License: Trial Malware Protection: Enabled Malicious Website Protection: Enabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: Barbara Scan Type: Threat Scan Result: Completed Objects Scanned: 473223 Time Elapsed: 26 min, 43 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 1 PUP.Optional.SnapDo.A, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarantined, [a9d458af7ffc24127cf76ef3a260ab55], Registry Values: 1 PUP.Optional.SnapDo.A, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, Quarantined, [a9d458af7ffc24127cf76ef3a260ab55] Registry Data: 9 PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[4c31ed1a3744c274eba78182709418e8] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[a5d8798e83f8c373830e50b3788c8977] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[f28b16f1750604322470e122c4406e92] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[592416f1126977bf266f847f040044bc] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[314c996e6c0fdf572b6790733fc51be5] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013),Replaced,[e39abe49fe7d12242370fb08a95b857b] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[e994df28166571c59ff207fc8a7ac53b] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[57263acd4d2e082e1a7a08fbd92b52ae] PUP.Optional.Snapdo, HKU\S-1-5-21-768405528-1706932147-445367486-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013, Good: (hxxp://www.google.com), Bad: (hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013),Replaced,[afce7790502b83b3dbba0003c63e629e] Folders: 19 PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy, Quarantined, [631a42c5f88395a19d806ede09f9639d], PUP.Optional.OpenCandy, C:\Users\Barbara\AppData\Roaming\OpenCandy\B4C79BD4279644F4A0111551124D3A10, Quarantined, [631a42c5f88395a19d806ede09f9639d], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\FE30E2B520264DF8B6D59FEB193B05D1, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\en, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\es, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], Files: 96 PUP.Optional.Linkury.A, C:\Users\Barbara\AppData\Roaming\OpenCandy\B4C79BD4279644F4A0111551124D3A10\Installer.exe, Quarantined, [6914c2453f3c6acc80a41cbebd46f10f], PUP.Optional.OpenCandy, C:\Users\proworx\Downloads\FreeFileSync_5.8_setup.exe, Quarantined, [681552b57605f244f62759ceb84c5ba5], PUP.Optional.WebSearch.A, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\ao5y6bz5.default\searchplugins\Web Search.xml, Quarantined, [6a134abdea91b086c77284d325ddd030], PUP.Optional.WebSearch.A, C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\aaqcgp11.default\searchplugins\Web Search.xml, Quarantined, [7c01ea1d8eed3df9a2978bcc877b847c], PUP.Optional.WebSearch.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\65yiqvla.default\searchplugins\Web Search.xml, Quarantined, [4f2ebf48a1da7bbbc9707cdb52b0619f], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\3975.ico, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\EBB77268-338F-4C6A-8590-AD88FED26F4A, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\OCBrowserHelper_1.0.3.85.dll, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\F134FC2B51F8487E8BCEF1962409489A\setup_759.exe, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.OpenCandy, C:\Users\proworx\AppData\Roaming\OpenCandy\FE30E2B520264DF8B6D59FEB193B05D1\TuneUpUtilities2013_2200213_de-DE.exe, Quarantined, [bebf6e991f5c3600ff1eae9e4bb732ce], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\chLogic.exe, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\CT3244149.txt, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\dtime.csf, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\initData.json, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\manifest.json, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.Conduit.A, C:\Users\proworx\AppData\Local\Temp\ct3244149\statisticsStub.exe, Quarantined, [ed903acd077458de0a8b95b7c63c08f8], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.html, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\bg.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\GoogleChromeRemotePlugin.dll, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\manifest.json, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.htm, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\options.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.html, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\popup.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.html, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\redirect.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\CSS\border.css, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\down.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fb.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\fblike.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\gmail.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\google.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\googleplus.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\hide-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\left.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\maximize-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\mgsplusvideo.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\minimize-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\pinit.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\right.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\searchBox.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\show-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\twitter.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-1.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-2.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up-3.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\images\up.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\BackPageRemove.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\defaultBlockList.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\documentEvents.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\externalJS.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\FBImagePreview.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\InternalJS.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\jquery-1.9.0.min.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\PluginWrapper.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\publisherDefinitions.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\tabReload.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\JS\TopFrameJS.js, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\homePage.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo128.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo16.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl\1.4_0\PublisherImages\SnapDo48.png, Quarantined, [136ae126f685a98d0866ec63f11133cd], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\manifest.json, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\ajax.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\background.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\common.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\content.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\notifier.js, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\notify.css, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\back.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\bitty.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\close.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\logo-sm.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\tinyurl\images\logo.png, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\en\messages.json, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.SnapDo.A, C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\eehfnepnmclpcobedfhlofbalebekkaj\1.4_0\_locales\es\messages.json, Quarantined, [c2bbde29c5b60e2850f97cd442c0837d], PUP.Optional.Snapdo.A, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\ao5y6bz5.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013");), Replaced,[59240403eb9081b5706c59d454b022de] PUP.Optional.Snapdo.A, C:\Users\Jakob\AppData\Roaming\Mozilla\Firefox\Profiles\ao5y6bz5.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[720b92754338bf778755a08d1ce8d729] PUP.Optional.Snapdo.A, C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\aaqcgp11.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013");), Replaced,[88f5d334651688aea53756d722e2ed13] PUP.Optional.Snapdo.A, C:\Users\Judith\AppData\Roaming\Mozilla\Firefox\Profiles\aaqcgp11.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[3746b750304b42f42ab2d459fa0ad32d] PUP.Optional.Snapdo.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\65yiqvla.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=hp&installDate=27/12/2013");), Replaced,[7b0250b73447a294716b0924f11343bd] PUP.Optional.Snapdo.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\65yiqvla.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[dca1b255e19ada5cf9e3959861a302fe] PUP.Optional.Snapdo.A, C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=nt&installDate=27/12/2013");), Replaced,[671638cfbcbf95a1528a51dca26220e0] PUP.Optional.Snapdo.A, C:\Users\proworx\AppData\Roaming\Mozilla\Firefox\Profiles\vsts9pc7.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&installDate=27/12/2013&q=");), Replaced,[3d4032d58bf0ed499745220b39cbff01] Physical Sectors: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 12:43:08
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Barbara - PROWORX-PC
# Gestartet von : C:\Users\Barbara\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\FreeRIP
Ordner Gelöscht : C:\Program Files (x86)\software4u
Ordner Gelöscht : C:\Users\proworx\AppData\Local\apn
Ordner Gelöscht : C:\Users\proworx\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\proworx\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\proworx\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\proworx\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Barbara\AppData\Roaming\software4u
Ordner Gelöscht : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gelöscht : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
[!] Ordner Gelöscht : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
[!] Ordner Gelöscht : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Datei Gelöscht : \END
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Judith\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
[ Datei : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
[ Datei : C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
[ Datei : C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
*************************
AdwCleaner[R0].txt - [5285 octets] - [26/03/2014 12:32:45]
AdwCleaner[S0].txt - [4690 octets] - [26/03/2014 12:43:08]
########## EOF - \AdwCleaner\AdwCleaner[S0].txt - [4750 octets] ##########
Code:
ATTFilter # AdwCleaner v3.022 - Bericht erstellt am 26/03/2014 um 12:32:45
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Barbara - PROWORX-PC
# Gestartet von : C:\Users\Barbara\Downloads\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : \END
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\Extensions\kfkcangbigakljkjeglcofaomihpejif
Ordner Gefunden C:\Program Files (x86)\FreeRIP
Ordner Gefunden C:\Program Files (x86)\software4u
Ordner Gefunden C:\Users\Barbara\AppData\Roaming\software4u
Ordner Gefunden C:\Users\proworx\AppData\Local\apn
Ordner Gefunden C:\Users\proworx\AppData\Local\PackageAware
Ordner Gefunden C:\Users\proworx\AppData\Local\Temp\AskSearch
Ordner Gefunden C:\Users\proworx\AppData\Local\Temp\boost_interprocess
Ordner Gefunden C:\Users\proworx\AppData\LocalLow\Conduit
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\kfkcangbigakljkjeglcofaomihpejif
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{501451DE-5808-4599-B544-8BD0915B6B24}_is1
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16521
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default] - hxxp://feed.snapdo.com/?publisher=SnapdoOCYB&dpid=SnapdoOCYBTU&co=AT&userid=b81a5864-4c22-9f83-8f58-75a990013416&searchtype=ds&q={searchTerms}&installDate=27/12/2013
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\proworx\AppData\Local\Google\Chrome\User Data\Default\preferences ]
[ Datei : C:\Users\Judith\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
[ Datei : C:\Users\Barbara\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
[ Datei : C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
[ Datei : C:\Users\Jakob\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : homepage
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
*************************
AdwCleaner[R0].txt - [5135 octets] - [26/03/2014 12:32:45]
########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [5195 octets] ##########
Liebe Grüße Barbara |
|
28.03.2014, 17:42
| #5 |
| /// Malwareteam | Win 7: Snapdo, plötzliches System-Shutdown Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Hast du noch Probleme mit irgendwelchen veränderten Startseiten, Suchseiten oder ständigen Popus/Werbungen (wenn ja, in welchem Browser)? Gibt es noch weitere Probleme mit dem Rechner (z.B. die Abstürze, wenn ja, wie häufig kommen diese vor? Wie ist die Performance von deinem Rechner, immernoch langsam oder besser?
__________________ Gruß, Jonas |
|
31.03.2014, 11:03
| #6 |
| | Win 7: Snapdo, plötzliches System-Shutdown Hallo Jonas, Entschuldige bitte die späte Rückmeldung - am Wochenende geht es bei uns gerne rund und ich komme nicht zum Computer. Ich wollte gerade die Anleitung von dir in Ruhe durchgehen, vorher wollte ich noch ein paar Dinge erledigen und musste dazu ins Internet - Firmenwebseiten wg. Telefonnummern aufrufen. Plötzlich bekomme ich folgende Meldung von Firefox: Server Error in '/' Application. Cannot open database "mediamanager" requested by the login. The login failed. Login failed for user 'aspnet'. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Data.SqlClient.SqlException: Cannot open database "mediamanager" requested by the login. The login failed. Login failed for user 'aspnet'. Source Error: Line 2: <%@ Import NameSpace="MMDelivery" %><% Line 3: Line 4: using(Delivery delivery = Delivery.Current) Line 5: { Line 6: switch(delivery.OutCome) Source File: D:\websites\mmdelivery\Default.aspx Line: 4 Stack Trace: [SqlException: Cannot open database "mediamanager" requested by the login. The login failed. Login failed for user 'aspnet'.] System.Data.SqlClient.ConnectionPool.GetConnection(Boolean& isInTransaction) +552 System.Data.SqlClient.SqlConnectionPoolManager.GetPooledConnection(SqlConnectionString options, Boolean& isInTransaction) +372 System.Data.SqlClient.SqlConnection.Open() +384 MMDelivery.SqlHelper.PrepareCommand(SqlCommand command, SqlConnection connection, SqlTransaction transaction, CommandType commandType, String commandText, SqlParameter[] commandParameters, Boolean& mustCloseConnection) +73 MMDelivery.SqlHelper.ExecuteReader(SqlConnection connection, SqlTransaction transaction, CommandType commandType, String commandText, SqlParameter[] commandParameters, SqlConnectionOwnership connectionOwnership) +384 MMDelivery.Delivery.LoadClip(Guid gClipId, Boolean isSyndicated) +1205 MMDelivery.DeliveryStream..ctor() +100 MMDelivery.Delivery.get_Current() +204 ASP.Default_aspx.__Render__control1(HtmlTextWriter __output, Control parameterContainer) in D:\websites\mmdelivery\Default.aspx:4 System.Web.UI.Control.RenderChildren(HtmlTextWriter writer) +27 System.Web.UI.Control.Render(HtmlTextWriter writer) +7 System.Web.UI.Control.RenderControl(HtmlTextWriter writer) +243 System.Web.UI.Page.ProcessRequestMain() +1926 Version Information: Microsoft .NET Framework Version:1.1.4322.2407; ASP.NET Version:1.1.4322.2407 Wie du ja weißt, gibt es bei mir eigentlich keinen User "aspnet" ... Soll ich deine Anordnungen noch ausführen oder hat sich die Situation wesentlich geändert? Vielen Dank nochmals! Barbara |
|
31.03.2014, 18:02
| #7 | |
| /// Malwareteam | Win 7: Snapdo, plötzliches System-ShutdownZitat:
:Schritt 1 ESET Online Scanner
Schritt 2 Starte noch einmal FRST.
Hast du noch Probleme mit irgendwelchen veränderten Startseiten, Suchseiten oder ständigen Popus/Werbungen (wenn ja, in welchem Browser)? Gibt es noch weitere Probleme mit dem Rechner? Poste folgende Logfiles in deiner nächsten Antwort:
__________________ Gruß, Jonas |
|
31.03.2014, 18:13
| #8 |
| | Win 7: Snapdo, plötzliches System-Shutdown Gut, ich lege gleich los. Eine Frage aber noch: ich habe genau genommen einen ganzen Haufen Speichermedien, jedenfalls mehr, als ich während des Scans anschließen kann. Wie soll ich da verfahren? |
|
31.03.2014, 18:18
| #9 | |
| /// Malwareteam | Win 7: Snapdo, plötzliches System-ShutdownZitat:
__________________ Gruß, Jonas |
|
31.03.2014, 18:34
| #10 |
| | Win 7: Snapdo, plötzliches System-Shutdown Naja, auch das sind leider 2 USB-Sticks und drei externe Festplatten (in Summe habe ich mehr, die Fotos ... und das Vater-Großvater-Sohn-Prinzip der Sicherung ...) und ich habe nur 3 USB-Buchsen zur Verfügung. Kann ich den Scan mehrmals machen, sodass mir auch keine Festplatte durch die Lappen geht? Und: ich habe eine NAS dranhängen, ist die auch zu scannen (und wie mach ich das dann?) DAAANKE! |
|
31.03.2014, 18:55
| #11 | ||
| /// Malwareteam | Win 7: Snapdo, plötzliches System-ShutdownZitat:
.Zitat:
__________________ Gruß, Jonas |
|
31.03.2014, 19:00
| #12 |
| | Win 7: Snapdo, plötzliches System-Shutdown Hier noch die Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by proworx at 2014-03-31 19:47:33 Run:1
Running from C:\Users\proworx\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Error deleting key
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value deleted successfully.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Policies\Google => Error deleting key
Could not move "C:\Users\Barbara\AppData\Roaming\PLGComp.ini" => Scheduled to move on reboot.
C:\Users\proworx\AppData\Roaming\PLGComp.ini => Moved successfully.
"C:\ProgramData\TEMP" => ":5C321E34" ADS not found.
"C:\ProgramData\TEMP" => ":8C35AEA7" ADS not found.
|
|
31.03.2014, 19:03
| #13 |
| /// Malwareteam | Win 7: Snapdo, plötzliches System-Shutdown Du hast FRST nicht als Administrator gestartet, bitte den Fix nochmal als Administrator wiederholen und später den FRST Scan auch als Administrator ausführen .
__________________ Gruß, Jonas |
|
31.03.2014, 19:48
| #14 |
| | Win 7: Snapdo, plötzliches System-Shutdown Sorry, auf den Administrator habe ich gar nicht geachtet ... Und deine Antwort habe ich zuerst auch nicht gesehen, da der Thread damit länger als eine Seite wurde (ich habe sozusagen nicht umgeblättert ...). Also: zunächst einmal den Fix als Administrator: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by Barbara at 2014-03-31 20:42:50 Run:2
Running from C:\Users\proworx\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
C:\Users\Barbara\AppData\Roaming\PLGComp.ini
C:\Users\proworx\AppData\Roaming\PLGComp.ini
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
*****************
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Value not found.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKLM\SOFTWARE\Policies\Google => Key deleted successfully.
"C:\Users\Barbara\AppData\Roaming\PLGComp.ini" => File/Directory not found.
"C:\Users\proworx\AppData\Roaming\PLGComp.ini" => File/Directory not found.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":8C35AEA7" ADS removed successfully.
==== End of Fixlog ====
|
|
31.03.2014, 20:00
| #15 | |
| /// Malwareteam | Win 7: Snapdo, plötzliches System-ShutdownZitat:
 ).
__________________ Gruß, Jonas |
|
| Themen zu Win 7: Snapdo, plötzliches System-Shutdown |
| bildschirm, blauer bildschirm, computer, down, entfernen, frage, langsamer, loswerden, malware, programm, pup.optional.conduit.a, pup.optional.linkury.a, pup.optional.opencandy, pup.optional.snapdo, pup.optional.snapdo.a, pup.optional.websearch.a, rückmeldung, seite, systemadministrator, virenscanner, win |
Linear-Darstellung
