| |
| |||||||
Log-Analyse und Auswertung: Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
22.04.2014, 23:08
| #1 |
| |  Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Guten Abend, Diese 3 Schaddateien tauchen auch dann wieder auf nachdem ich sie in Quarantäne gesteckt habe. Hier habe ich den Logfile nach einem volllständigen Scan, auch Bedrohungs Suchlauf genannt, von Malwarebytes Anti-Malware. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 23.04.2014 Suchlauf-Zeit: 00:01:35 Logdatei: Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.22.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: xxx Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 383485 Verstrichene Zeit: 41 Min, 3 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.Delta.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), ,[4fb138c805fb9c64f7f36ee8778d28d8] PUP.Optional.Delta.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), ,[f709f30d728eb05006e405511ee6b848] PUP.Optional.Delta.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), ,[01ffca36d62af907c22880d6b054e41c] Physische Sektoren: 0 (No malicious items detected) (end) LG |
|
22.04.2014, 23:37
| #2 | |
| Ruhe in Frieden † 2019     | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Mein Name ist Sandra und ich werde Dir bei Deinem Problem behilflich sein.
Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der schnellere und bei einem Befall durch Malware immer der sicherste Weg. Adware lässt sich in den allermeisten Fällen problemlos entfernen. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis Dir jemand vom Team sagt, dass Du clean bist. Posten in Code Tags Bitte füge die Logs immer in Code-Tags ein. Wenn Du das nicht machst, erschwert es mir sehr das Auswerten. Danke. Dazu:
Zitat:
 Die schädlichen Erweiterungen stehen daneben  Schritt 1 Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
23.04.2014, 00:28
| #3 |
| | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Hier die FRST.txt
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by xxxx (administrator) on xxx on 23-04-2014 01:21:30 Running from C:\Users\xxx\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Windows\system32\mqsvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_182.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\S-1-5-21-607351777-2867948930-3298667437-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated) HKU\S-1-5-21-607351777-2867948930-3298667437-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3713032 2012-11-13] (Safer-Networking Ltd.) IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\images2pdf.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\imfrmwrk.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\pdf architect.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\shell.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\vaiocare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\vaioupdt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope value is missing. SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=DE3800231405E615 SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_deDE472 BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GmbH) BHO-x32: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) Toolbar: HKLM-x32 - PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GmbH) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) FireFox: ======== FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\user.js FF Homepage: google.de FF NetworkProxy: "http", "129.194.36.231" FF NetworkProxy: "http_port", 8080 FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\soft Xpansion\np-sxpdf.dll (soft-Xpansion) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-22] FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-04] FF HKLM-x32\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt FF Extension: PDF Architect Converter For Firefox - C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2014-03-25] FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi FF Extension: No Name - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-02-24] ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) S4 PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH) S4 PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1103392 2012-11-13] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1369624 2012-11-13] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [168384 2012-11-13] (Safer-Networking Ltd.) R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation) S4 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43616 2012-09-21] (IVT Corporation.) S3 btwampfl; No ImagePath S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-31] (Broadcom Corporation.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-23] (GFI Software) S1 GLogin; No ImagePath R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-10-07] (Intel Corporation) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-22] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation) R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-09-21] (PenMount) U5 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-09-21] (Synaptics Incorporated) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\DRIVERS\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 TMAgent; S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 01:21 - 2014-04-23 01:21 - 00016992 _____ () C:\Users\xxx\Downloads\FRST.txt 2014-04-23 01:20 - 2014-04-23 01:21 - 00000000 ____D () C:\FRST 2014-04-23 01:20 - 2014-04-23 01:20 - 02061312 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe 2014-04-22 22:27 - 2014-04-22 22:27 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-22 22:27 - 2014-04-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-21 00:19 - 2014-04-21 00:19 - 00125480 _____ () C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 14:24 - 2014-04-22 21:52 - 00000616 _____ () C:\Windows\setupact.log 2014-04-20 14:24 - 2014-04-20 14:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-20 14:23 - 2014-04-20 14:24 - 00469744 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-20 00:41 - 2014-04-22 22:43 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 00:40 - 2014-04-20 00:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 00:40 - 2014-04-20 00:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 00:40 - 2014-04-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 00:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-20 00:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-12 18:28 - 2014-04-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Browser Guard 2014-04-12 18:27 - 2014-04-12 18:27 - 00636776 _____ () C:\Users\xxx\Downloads\FreeYouTubeToMP3Converter.exe 2014-04-09 15:41 - 2014-03-08 06:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 15:41 - 2014-03-08 06:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-09 15:41 - 2014-03-08 05:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-09 15:41 - 2014-03-08 05:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-09 15:41 - 2014-03-08 05:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-09 15:41 - 2014-03-08 05:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-09 15:41 - 2014-03-08 05:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-09 15:41 - 2014-03-08 05:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-09 15:41 - 2014-03-08 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-09 15:41 - 2014-03-08 05:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-09 15:41 - 2014-03-08 05:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-09 15:41 - 2014-03-08 05:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-09 15:41 - 2014-03-08 05:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-09 15:41 - 2014-03-08 05:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-09 15:41 - 2014-03-08 05:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 15:41 - 2014-03-08 05:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-09 15:41 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 15:41 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-09 15:41 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-09 15:41 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 15:41 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-09 15:41 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-09 15:41 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-09 15:41 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 15:41 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-09 15:41 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 15:41 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-09 15:41 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 15:41 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-09 15:41 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 15:41 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-09 15:41 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 15:38 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 15:38 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 15:38 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 15:38 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 15:38 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 15:38 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 15:38 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 15:38 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 15:38 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 15:38 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 15:38 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 15:35 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-02 17:00 - 2014-04-02 17:00 - 25032080 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup 28.0.exe 2014-04-02 16:59 - 2014-04-02 16:59 - 00283192 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup Stub 28.0.exe 2014-03-30 21:01 - 2014-03-30 21:01 - 00000000 ____D () C:\Users\Surfen\AppData\Local\TuneUp Software 2014-03-25 18:30 - 2014-03-25 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\TuneUp Software 2014-03-25 18:30 - 2014-03-20 15:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-03-25 18:30 - 2014-03-20 15:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-03-25 18:22 - 2014-03-25 18:22 - 00000000 ____D () C:\Users\xxx\Documents\PDF Architect Files 2014-03-25 18:21 - 2014-03-25 18:24 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-25 18:21 - 2014-03-25 18:22 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-25 18:21 - 2014-03-25 18:21 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-03-25 18:21 - 2014-03-25 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\pdfforge 2014-03-25 18:21 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-03-25 18:21 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-03-25 18:21 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-03-25 18:21 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-03-25 18:21 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-03-25 18:21 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-03-25 18:18 - 2014-03-25 18:18 - 00000000 ____D () C:\Users\xxx\AppData\Local\PDFCreator 2014-03-25 18:16 - 2014-03-25 18:16 - 69734576 _____ (pdfforge ) C:\Users\xxx\Downloads\PDFCreator-1_7_2_setup_offline.exe ==================== One Month Modified Files and Folders ======= 2014-04-23 01:21 - 2014-04-23 01:21 - 00016992 _____ () C:\Users\xxx\Downloads\FRST.txt 2014-04-23 01:21 - 2014-04-23 01:20 - 00000000 ____D () C:\FRST 2014-04-23 01:20 - 2014-04-23 01:20 - 02061312 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe 2014-04-23 01:18 - 2012-02-11 17:13 - 00776262 _____ () C:\Windows\system32\perfh007.dat 2014-04-23 01:18 - 2012-02-11 17:13 - 00176940 _____ () C:\Windows\system32\perfc007.dat 2014-04-23 01:18 - 2009-07-14 07:13 - 01813874 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-23 01:16 - 2012-02-11 17:20 - 01661530 _____ () C:\Windows\WindowsUpdate.log 2014-04-23 01:15 - 2012-11-30 22:10 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\vlc 2014-04-23 00:35 - 2012-05-06 20:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-22 23:35 - 2012-09-22 14:36 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-22 22:43 - 2014-04-20 00:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-22 22:27 - 2014-04-22 22:27 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-22 22:27 - 2014-04-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-22 22:27 - 2013-06-27 21:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-22 22:00 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-22 22:00 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-22 21:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-04-22 21:52 - 2014-04-20 14:24 - 00000616 _____ () C:\Windows\setupact.log 2014-04-22 21:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-22 18:58 - 2012-02-15 22:06 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\SoftGrid Client 2014-04-22 03:27 - 2012-02-11 18:01 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B8681BAA-8C0C-462E-A0E8-3936F77F0D1F} 2014-04-21 00:19 - 2014-04-21 00:19 - 00125480 _____ () C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 22:18 - 2012-05-20 17:03 - 00000000 ____D () C:\Users\xxx\Desktop\xxx 2014-04-20 14:24 - 2014-04-20 14:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-20 14:24 - 2014-04-20 14:23 - 00469744 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-20 00:40 - 2014-04-20 00:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 00:40 - 2014-04-20 00:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 00:40 - 2014-04-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 00:40 - 2012-03-31 09:26 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Malwarebytes 2014-04-20 00:40 - 2012-03-31 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 14:11 - 2012-05-06 20:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 14:11 - 2012-04-28 15:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 14:11 - 2012-02-19 19:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 14:11 - 2012-02-15 23:07 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe 2014-04-12 18:28 - 2014-04-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Browser Guard 2014-04-12 18:27 - 2014-04-12 18:27 - 00636776 _____ () C:\Users\xxx\Downloads\FreeYouTubeToMP3Converter.exe 2014-04-12 01:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-09 15:49 - 2012-02-11 17:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 15:47 - 2013-07-28 14:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 15:44 - 2012-02-15 23:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-03 10:51 - 2012-02-11 17:57 - 00000000 ____D () C:\Users\xxx 2014-04-03 09:51 - 2014-04-20 00:40 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-20 00:40 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2013-01-27 12:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 19:18 - 2009-07-14 04:34 - 90439680 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old 2014-04-02 19:18 - 2009-07-14 04:34 - 25165824 _____ () C:\Windows\system32\config\SYSTEM_tureg_old 2014-04-02 19:18 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old 2014-04-02 19:10 - 2009-07-14 04:34 - 01572864 _____ () C:\Windows\system32\config\DEFAULT_tureg_old 2014-04-02 19:10 - 2009-07-14 04:34 - 00098304 _____ () C:\Windows\system32\config\SAM_tureg_old 2014-04-02 17:00 - 2014-04-02 17:00 - 25032080 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup 28.0.exe 2014-04-02 16:59 - 2014-04-02 16:59 - 00283192 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup Stub 28.0.exe 2014-04-02 16:37 - 2009-07-14 04:34 - 47185920 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old 2014-03-30 21:01 - 2014-03-30 21:01 - 00000000 ____D () C:\Users\Surfen\AppData\Local\TuneUp Software 2014-03-25 18:31 - 2013-09-17 23:29 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-25 18:30 - 2014-03-25 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\TuneUp Software 2014-03-25 18:24 - 2014-03-25 18:21 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-25 18:22 - 2014-03-25 18:22 - 00000000 ____D () C:\Users\xxx\Documents\PDF Architect Files 2014-03-25 18:22 - 2014-03-25 18:21 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2014-03-25 18:21 - 2014-03-25 18:21 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-03-25 18:21 - 2014-03-25 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\pdfforge 2014-03-25 18:18 - 2014-03-25 18:18 - 00000000 ____D () C:\Users\xxx\AppData\Local\PDFCreator 2014-03-25 18:16 - 2014-03-25 18:16 - 69734576 _____ (pdfforge ) C:\Users\xxx\Downloads\PDFCreator-1_7_2_setup_offline.exe Some content of TEMP: ==================== C:\Users\Surfen\AppData\Local\Temp\msvcp100.dll C:\Users\Surfen\AppData\Local\Temp\msvcr100.dll C:\Users\xxx\AppData\Local\Temp\drm_dyndata_7330017.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-20 20:07 ==================== End Of Log ============================ und hier noch die Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-04-2014
Ran by xxx at 2014-04-23 01:22:11
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: AVG Internet Security 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: AVG Internet Security 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
FW: AVG Internet Security 2014 (Enabled) {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
==================== Installed Programs ======================
Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.182 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\Adobe Shockwave Player) (Version: 10.2.0.22 - Adobe Systems, Inc.)
AIDA64 Extreme Edition v2.85 (HKLM-x32\...\AIDA64 Extreme Edition_is1) (Version: 2.85 - FinalWire Ltd.)
Aiseesoft Total Video Converter Platinum 7.1.10 (HKLM-x32\...\{3661F243-518C-4d05-8BDF-7B10CC22689F}_is1) (Version: 7.1.10 - Aiseesoft Studio)
ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.109.2020.209 - Alps Electric)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Magic-i Visual Effects 2 (HKLM-x32\...\{7BB90344-0647-468E-925A-7F69F7983421}) (Version: 2.0.1.85 - ArcSoft)
ArcSoft WebCam Companion 3 (HKLM-x32\...\{DE8AAC73-6D8D-483E-96EA-CAEDDADB9079}) (Version: 3.0.21.193 - ArcSoft)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3882 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Browser Guard (HKLM-x32\...\Browser Guard) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
Einstellungen für VAIO-Inhaltsüberwachung (HKLM-x32\...\{06C05B90-2127-4933-8ABA-61833BDE13FA}) (Version: 2.6.0.13120 - Sony Corporation)
HP Deskjet 3050 J610 series - Grundlegende Software für das Gerät (HKLM\...\{4E863B34-E4A3-40E0-B6F1-35CF372A3CFF}) (Version: 22.50.231.0 - Hewlett-Packard Co.)
HP Deskjet 3050 J610 series Hilfe (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
HP Update (HKLM-x32\...\{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}) (Version: 5.002.006.003 - Hewlett-Packard)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{CCAFF072-4DDB-4846-963D-15F02A8E9472}) (Version: 13.00.0000 - Intel Corporation)
Intel(R) Turbo Boost Technology Driver (HKLM-x32\...\{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}) (Version: 01.02.00.1002 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Magic DVD Ripper V8.0.0 (HKLM-x32\...\Magic DVD Ripper_is1) (Version: - Magic DVD Software, Inc.)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.45.4.3 - Marvell)
Medieval II Total War (HKLM-x32\...\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Americas (HKLM-x32\...\{75983B66-804C-40D1-BA13-64DAF652A6F1}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Britannia (HKLM-x32\...\{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Crusades (HKLM-x32\...\{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}) (Version: 1.03.000 - SEGA)
Medieval II Total War : Kingdoms : Teutonic (HKLM-x32\...\{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}) (Version: 1.03.000 - SEGA)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (x32 Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.0 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.0 Language Pack - DEU) (Version: 1.0.30319 - Microsoft Corporation)
Microsoft Help Viewer 1.0 Language Pack - DEU (Version: 1.0.30319 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Help Viewer 1.1 Language Pack - DEU (HKLM\...\Microsoft Help Viewer 1.1 Language Pack - DEU) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 1.1 Language Pack - DEU (Version: 1.1.40219 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 - Deutsch (HKLM-x32\...\{90140011-0061-0407-0000-0000000FF1CE}) (Version: 14.0.6114.5002 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 DEU (HKLM-x32\...\{0125D081-30D0-4A97-82A8-C28D444B6256}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 DEU (HKLM\...\{C3EAE456-7E7A-451F-80EF-F34C7A13C558}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft Visual C++ Compilers 2010 Standard - enu - x86 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU (HKLM\...\{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (x32 Version: 10.0.40219 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU (Version: 10.0.40303 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{62F7DA7E-CCCB-439C-A760-00C3926E761F}) (Version: 9.7.0621 - Microsoft Corporation)
MKVToolNix 6.3.0 (HKLM-x32\...\MKVToolNix) (Version: 6.3.0 - Moritz Bunkus)
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT Redists (Version: 1.0 - Sony Creative Software Inc.) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML4 Parser (HKLM-x32\...\{01501EBA-EC35-4F9F-8889-3BE346E5DA13}) (Version: 1.0.0 - Microsoft Game Studios)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Install Application (Version: 2.1002.133.889 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.0213 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.12.0213 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.12.0213 - NVIDIA Corporation)
NVIDIA Systemsteuerung 327.23 (Version: 327.23 - NVIDIA Corporation) Hidden
NVIDIA Update 1.8.15 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.8.15 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.8.15 - NVIDIA Corporation) Hidden
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PlayMemories Home Plug-in (Version: 2.0.00.14170 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in 3D Theme Data (x32 Version: 1.0.00.16130 - Sony Corporation) Hidden
PlayMemories Home/PMB VAIO Edition Plug-in Ver.2.2 Upgrade Program (x32 Version: 2.2.00.18250 - Sony Corporation) Hidden
PMB VAIO Edition Guide (x32 Version: 1.5.00.03020 - Sony Corporation) Hidden
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6045 - Realtek Semiconductor Corp.)
RICOH Media Driver v2.15.17.02 (HKLM-x32\...\{FE041B02-234C-4AAA-9511-80DF6482A458}) (Version: 2.15.17.02 - RICOH)
RICOH R5U230 Media Driver ver.2.06.03.02 (HKLM-x32\...\{022CBB38-CEF0-42BA-906A-A49BEFAE0BEE}) (Version: 2.06.03.02 - RICOH)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Setting Utility Series (HKLM-x32\...\{A7DA438C-2E43-4C20-BFDA-C1F4A6208558}) (Version: 5.1.0.11200 - Sony Corporation)
Setup_msm_VCMS_x64 (Version: 2.6.0.06040 - Sony Corporation) Hidden
Setup_msm_VOFS_x64 (Version: 2.4.0.16010 - Sony Corporation) Hidden
Setup_VEP_x64_Contain_SSDB (Version: 3.9.30.19080 - Sony Corporation) Hidden
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SOHLib Merge Module (x32 Version: 2.2.0.11240 - Sony Corporation) Hidden
Sony Home Network Library (HKLM-x32\...\{A6B90666-2A1F-49E8-A40E-27EAAD11C096}) (Version: 2.2.0.13270 - Sony Corporation)
Sony Home Network Library (x32 Version: 2.0.1.10160 - Sony Corporation) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.0.12 - Safer-Networking Ltd.)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities) (Version: 14.0.1000.275 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.275 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 12.0.3600.73 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (x32 Version: 13.0.2020.4 - TuneUp Software) Hidden
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VAIO - PlayMemories Home Plug-in (HKLM-x32\...\InstallShield_{F9395F3D-4198-476C-8C41-63D0B5B51E35}) (Version: 2.2.00.18250 - Sony Corporation)
VAIO - PMB VAIO Edition Guide (HKLM-x32\...\InstallShield_{339F9B4D-00CB-4C1C-BED8-EC86A9AB602A}) (Version: 1.5.00.03020 - Sony Corporation)
VAIO Care (HKLM\...\{EC635BC0-0D7C-4CA2-9B87-2A330C298CB2}) (Version: 8.1.0.10120 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (HKLM\...\{F8B40DB4-FD07-4368-AA57-34F2B0839683}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Metadata Intelligent Analyzing Manager (x32 Version: 3.6.0.09250 - Sony Corporation) Hidden
VAIO Content Metadata Intelligent Network Service Manager (HKLM\...\{725D5BA4-E9FA-452B-8CF5-D7E5F8055C71}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Metadata Manager Settings (HKLM\...\{8FE3CF66-4484-4D39-B47D-DEBBA173619D}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Content Metadata XML Interface Library (HKLM\...\{97C58294-36D8-4594-8A49-7AB4AE096504}) (Version: 3.9.20.08110 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{72042FA6-5609-489F-A8EA-3C2DD650F667}) (Version: 4.1.1.07160 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.2.0.09150 - Sony Corporation)
VAIO Data Restore Tool (x32 Version: 1.2.0.09150 - Sony Corporation) Hidden
VAIO DVD Menu Data (HKLM-x32\...\{596BED91-A1D8-4DF1-8CD1-1C777F7588AC}) (Version: 3.1.00.16130 - Sony Corporation)
VAIO Energie Verwaltung (HKLM-x32\...\{803E4FA5-A940-4420-B89D-A8BC2E160247}) (Version: 5.0.0.11300 - Sony Corporation)
VAIO Entertainment Platform (HKLM-x32\...\{0489D044-6386-4BDF-9F98-577D60CF79DD}) (Version: 3.9.30.19080 - Sony Corporation)
VAIO Event Service (HKLM-x32\...\{C7477742-DDB4-43E5-AC8D-0259E1E661B1}) (Version: 5.1.0.11300 - Sony Corporation)
VAIO Gate Default (HKLM-x32\...\{B7546697-2A80-4256-A24B-1C33163F535B}) (Version: 1.0.0.10290 - Sony Corporation)
VAIO Hardware Diagnostics (x32 Version: 3.9.1 - Sony Corporation) Hidden
VAIO Media plus (HKLM-x32\...\{8DE50158-80AA-4FF2-9E9F-0A7C46F71FCD}) (Version: 2.0.1.10160 - Sony Corporation)
VAIO Media plus Opening Movie (HKLM-x32\...\{9238E8A4-BEBA-43A3-B926-769BDBF194C5}) (Version: 1.2.0.09100 - Sony Corporation)
VAIO Movie Story Template Data (HKLM-x32\...\InstallShield_{6FA8BA2C-052B-4072-B8E2-2302C268BE9E}) (Version: 3.1.00.16130 - Sony Corporation)
VAIO Movie Story Template Data (x32 Version: 2.0.00.09240 - Sony Corporation) Hidden
VAIO Original Funktion Einstellungen (HKLM-x32\...\{04EAE65A-CDCF-480F-B754-5C3A9364239C}) (Version: 2.4.0.19040 - Sony Corporation)
VAIO Personalization Manager (HKLM\...\{BAD9A7B0-FA18-4247-A6F5-BDCF64B40C4C}) (Version: 3.0.2.05260 - Sony Corporation)
VAIO Premium Partners (HKLM-x32\...\VAIO Premium Partners) (Version: 1.0 - Sony Europe)
VAIO screensaver (HKLM-x32\...\VAIO screensaver) (Version: 1.0.0.0 - Sony Europe)
VAIO Smart Network (HKLM-x32\...\{0899D75A-C2FC-42EA-A702-5B9A5F24EAD5}) (Version: 3.3.1.08110 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 6.3.0.08010 - Sony Corporation)
VAIO Wallpaper Contents (HKLM-x32\...\{D60F97EC-EF06-4E1E-B0D1-C2CBABA62FA3}) (Version: 2.0.0.06010 - Sony Corporation)
VAIO Window Organizer (HKLM-x32\...\{6D320CE8-79EB-4D45-8C6D-DEF74D84B49A}) (Version: 2.0.0.08280 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.1.2.06030 - Sony Corporation)
Visual C++ 9.0 CRT (x86) WinSXS MSM (x32 Version: 9.0 - Microsoft Corporation) Hidden
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.4 (HKLM\...\VLC media player) (Version: 2.0.4 - VideoLAN)
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) (HKLM\...\930E4792BDAEAFB62A9514EE7578775658A5D07C) (Version: 09/09/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (HKLM\...\3BA80AB4C7E9F8497C115C844953A3D4BEB84D21) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
==================== Restore Points =========================
20-04-2014 18:14:33 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2013-01-27 12:06 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: {02976A11-107B-4E28-9544-0E330CCE655F} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {02D85917-6D6D-4CB8-AF12-8F65D769773C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {08DF5CEC-4128-4F46-98C7-D118275C9C0C} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {0F57A781-7FE0-4047-8246-AD567203E2B3} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-607351777-2867948930-3298667437-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {178703F9-69FB-48C3-83EF-3C60CEC67B8A} - System32\Tasks\SONY\VAIO Power Management\VPM Logon Start => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation)
Task: {1A7058CC-BAD1-4853-B990-360067B3A216} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {26928551-26A2-4166-9E32-879AA751681A} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {2777775D-A2D5-4BB9-932D-624AC26B93E2} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2013-08-01] (Sony Corporation)
Task: {2C7ACEAA-9A86-4D87-9383-F3A7279774EE} - System32\Tasks\SONY\SUS-BCF\Level4Month => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe
Task: {3AB9F4BB-C35D-4467-8593-0E043A13C426} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2013-08-01] (Sony Corporation)
Task: {40E7E056-ED9D-48D1-888C-F048BCC2D504} - System32\Tasks\Sony Corporation\VAIO Care\CRMReminder => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {4609CD5F-375D-416B-A79A-2471F702C2C9} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {6ECA5D0F-CBE4-4F9F-85C9-97C00152F2F8} - System32\Tasks\SONY\VAIO Power Management\VPM Session Change => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation)
Task: {6F2F05D4-0BD3-4E67-86F4-D3831BAF43E8} - System32\Tasks\SONY\VAIO Power Management\VPM Unlock => C:\Program Files\Sony\VAIO Power Management\SPMgr.exe [2009-11-30] (Sony Corporation)
Task: {820F3BD9-538E-4F4E-9CB6-E51C3E054809} - System32\Tasks\HP-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [2010-06-09] (Hewlett-Packard)
Task: {8DD9936A-2451-4F6A-8F75-48F48BC30366} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {94BB5301-0EEE-4EEA-AE59-AA4FFFE4984A} - System32\Tasks\SONY\SUS-BCF\Level4Daily => C:\Program Files (x86)\Sony\Setting Utility Series\WBCBatteryCare.exe
Task: {A11B09B1-8428-4389-A9A2-7FE8CF2D99A2} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2012-10-12] (Sony Corporation)
Task: {AD2991DA-B803-442C-B44D-9A903BA6A6AD} - System32\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-607351777-2867948930-3298667437-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
Task: {BC0147B6-5C3A-4F0B-AB57-3F039B9E6A89} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-11-21] (Adobe Systems Incorporated)
Task: {D9D91B2B-93D0-47CD-9967-ABBB91D08B06} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {DBF45F52-B8E1-4B67-9771-A24DACACC752} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2014-03-20] (TuneUp Software)
Task: {DDB22276-8412-458D-8387-6B951DB72F38} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-607351777-2867948930-3298667437-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {E7F92F23-2C5E-42E4-A48B-A68CBC6E856D} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {F05C6BDA-A9F9-44D2-B27F-4FE02E4123E6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-14] (Adobe Systems Incorporated)
Task: {F2DCF8F1-420C-4CED-8152-738081E94DE1} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F6451E97-BF47-42AD-A5C7-88A68949F6BC} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-607351777-2867948930-3298667437-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {FC649AA8-2F9A-4EB8-91BA-A5BD7CD2760C} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-607351777-2867948930-3298667437-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2012-04-06 12:09 - 2013-09-12 09:25 - 00097568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-09-21 16:04 - 2009-09-21 16:04 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-03-20 15:44 - 2014-03-20 15:44 - 00675640 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-01-27 14:15 - 2012-11-13 15:06 - 00108960 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-01-27 14:15 - 2012-11-13 15:06 - 00416160 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-01-27 14:15 - 2012-11-13 15:06 - 00158624 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-01-27 14:15 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-01-27 14:15 - 2012-11-13 15:06 - 00528288 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl
2013-01-27 14:15 - 2012-11-13 15:06 - 00554400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl
2014-04-22 22:27 - 2014-03-15 10:40 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-04-14 14:11 - 2014-04-14 14:11 - 16351920 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
==================== Disabled items from MSCONFIG ==============
MSCONFIG\Services: ACDaemon => 3
MSCONFIG\Services: bthserv => 3
MSCONFIG\Services: btwdins => 2
MSCONFIG\Services: Fax => 3
MSCONFIG\Services: IviRegMgr => 2
MSCONFIG\Services: SharedAccess => 2
MSCONFIG\Services: SOHCImp => 3
MSCONFIG\Services: SOHDms => 3
MSCONFIG\Services: SOHDs => 3
MSCONFIG\Services: SpfService => 3
MSCONFIG\Services: uCamMonitor => 2
MSCONFIG\Services: VAIO Entertainment TV Device Arbitration Service => 3
MSCONFIG\Services: VCFw => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk => C:\Windows\pss\Bluetooth.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher =>
MSCONFIG\startupreg: Apoint => %ProgramFiles%\Apoint\Apoint.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: IAAnotif => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MarketingTools => C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe
MSCONFIG\startupreg: MobileDocuments =>
MSCONFIG\startupreg: QuickTime Task =>
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
MSCONFIG\startupreg: Skype =>
MSCONFIG\startupreg: SpybotSnD =>
MSCONFIG\startupreg: SunJavaUpdateSched =>
MSCONFIG\startupreg: TomTomHOME.exe =>
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (04/22/2014 07:57:50 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/22/2014 04:58:00 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: firefox.exe, Version: 28.0.0.5186, Zeitstempel: 0x53240e37
Name des fehlerhaften Moduls: xul.dll, Version: 28.0.0.5186, Zeitstempel: 0x53240e04
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00184729
ID des fehlerhaften Prozesses: 0xf78
Startzeit der fehlerhaften Anwendung: 0xfirefox.exe0
Pfad der fehlerhaften Anwendung: firefox.exe1
Pfad des fehlerhaften Moduls: firefox.exe2
Berichtskennung: firefox.exe3
Error: (04/21/2014 02:15:34 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "H:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (04/20/2014 00:41:12 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Name des fehlerhaften Moduls: mbamservice.exe, Version: 2.1.9.0, Zeitstempel: 0x530619b7
Ausnahmecode: 0x40000015
Fehleroffset: 0x0007d28a
ID des fehlerhaften Prozesses: 0x1228
Startzeit der fehlerhaften Anwendung: 0xmbamservice.exe0
Pfad der fehlerhaften Anwendung: mbamservice.exe1
Pfad des fehlerhaften Moduls: mbamservice.exe2
Berichtskennung: mbamservice.exe3
Error: (04/19/2014 11:11:14 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/19/2014 03:51:40 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/18/2014 10:56:16 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/18/2014 07:20:28 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/17/2014 07:49:11 PM) (Source: CVHSVC) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
System errors:
=============
Error: (04/22/2014 09:55:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/22/2014 09:55:18 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/22/2014 09:53:59 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/22/2014 09:53:17 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GLogin
Error: (04/22/2014 09:52:13 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 22.04.2014 um 20:33:01 unerwartet heruntergefahren.
Error: (04/22/2014 07:49:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (04/22/2014 07:49:51 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%1330
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (04/22/2014 07:48:34 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (04/22/2014 07:47:50 PM) (Source: Service Control Manager) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
GLogin
Error: (04/22/2014 03:39:29 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (04/22/2014 07:57:50 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/22/2014 04:58:00 PM) (Source: Application Error)(User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c000000500184729f7801cf5e2fde97cd3eC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Mozilla Firefox\xul.dll7e81c6a7-ca2e-11e3-8dbd-0024beb515cf
Error: (04/21/2014 02:15:34 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/20/2014 07:00:02 PM) (Source: Windows Backup)(User: )
Description: H:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (04/20/2014 00:41:12 AM) (Source: Application Error)(User: )
Description: mbamservice.exe2.1.9.0530619b7mbamservice.exe2.1.9.0530619b7400000150007d28a122801cf5c20738017d3C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeC:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exeb49ba73b-c813-11e3-8a36-0024beb515cf
Error: (04/19/2014 11:11:14 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/19/2014 03:51:40 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/18/2014 10:56:16 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/18/2014 07:20:28 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
Error: (04/17/2014 07:49:11 PM) (Source: CVHSVC)(User: )
Description: (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Zurzeit sind keine aktiven Netzwerkverbindungen verfügbar. Der Vorgang wird von BITS wiederholt, sobald der Adapter über eine Verbindung verfügt.
CodeIntegrity Errors:
===================================
Date: 2013-07-27 22:04:10.084
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Config.Msi\10c347c.rbf" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-27 22:04:09.346
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Config.Msi\10c347c.rbf" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-27 21:53:43.870
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-07-27 21:53:43.700
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-27 11:01:24.904
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-01-27 11:01:24.842
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2012-12-23 16:03:09.248
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-23 15:46:54.236
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-23 08:55:34.830
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2012-12-22 23:59:47.577
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00172_002\avcuf64.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 62%
Total physical RAM: 4014.09 MB
Available physical RAM: 1504.74 MB
Total Pagefile: 8026.36 MB
Available Pagefile: 5019.43 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:455.66 GB) (Free:105.75 GB) NTFS
Drive d: (MED2_GOLD_DISK1) (CDROM) (Total:6.41 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 06CF34C5)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=456 GB) - (Type=07 NTFS)
==================== End Of Log ============================
LG |
|
23.04.2014, 15:57
| #4 | ||
| Ruhe in Frieden † 2019 | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Hallo king_james, ja, da ist ein wenig adware. Du hast drei Antispyprogrammme auf deinem Rechner am laufen, eins reicht völlig Zitat:
Ist der Proxy im Firefox absichtlich gesetzt worden? Zitat:
Falls du den PDF Architect nicht in der Vollversion besitzt, deinstalliere diesen bitte, dazu: Gehe auf den Windowsbutton in der Taskleiste --> Systemsteuerung --> Programme (Unterpunkt Programme deinstallieren) --> Programm auswählen --> entfernen Schritt 2 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=DE3800231405E615
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 3 Da der Scan mit Eset sehr gründlich ist, kann er unter Umständen mehrere Stunden dauern  ESET Online Scanner
Schritt 4 Starte noch einmal FRST.
|
|
24.04.2014, 02:16
| #5 |
| | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Guten Abend, nein das mit dem proxy ist nicht absichtlich so und ich habe es schon geändert glaub ich. Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-04-2014
Ran by xxx at 2014-04-23 19:59:51 Run:1
Running from C:\Users\xxx\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.delta-search.com/?q={searchTerms}&affID=121845&tt=gc_&babsrc=SP_ss&mntrId=DE3800231405E615
*****************
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=bf27c73a77ed004299c9d02df4a8eba5
# engine=17997
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-04-24 12:39:36
# local_time=2014-04-24 02:39:36 (+0100, Mitteleuropäische Sommerzeit)
# country="xxx"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 19148576 149929826 0 0
# scanned=218161
# found=2
# cleaned=0
# scan_time=23336
sh=A2B1AC21A23CF527CD213A07BECE9A1061FCF3BE ft=1 fh=4f8079cc975c2534 vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Surfen\AppData\Local\temp\+kUlwnhA.exe.part"
sh=5593FA24B8DD51AB4CEF6014313E163732E73B58 ft=1 fh=88824cfcc6121b6b vn="Win32/Adware.1ClickDownload.AE application" ac=I fn="C:\Users\Surfen\AppData\Local\temp\M2fEZRqn.exe.part"
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-04-2014 Ran by xxx (administrator) on xxx on 24-04-2014 03:13:15 Running from C:\Users\xxx\Downloads Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 9 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Microsoft Corporation) C:\Windows\system32\WLANExt.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgfws.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe (Microsoft Corporation) C:\Windows\system32\inetsrv\inetinfo.exe (Microsoft Corporation) C:\Windows\system32\mqsvc.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe (Microsoft Corporation) C:\Windows\system32\mqtgsvc.exe (TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe (Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe (Microsoft Corporation) C:\Windows\System32\vds.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [576376 2012-02-02] (Alps Electric Co., Ltd.) HKLM\...\Run: [MsmqIntCert] => regsvr32 /s mqrt.dll HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060320 2010-02-09] (Realtek Semiconductor) HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X] HKU\S-1-5-21-607351777-2867948930-3298667437-1001\...\Run: [Adobe Reader Synchronizer] => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe [698760 2013-12-21] (Adobe Systems Incorporated) IFEO\AcroRd32.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\dropbox.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\imfrmwrk.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\shell.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\uninstall.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\vaiocare.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" IFEO\vaioupdt.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe" Startup: C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ADFA_deDE472 BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://active.macromedia.com/flash2/cabs/swflash.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 FireFox: ======== FF ProfilePath: C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default FF user.js: detected! => C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\user.js FF Homepage: google.de FF NetworkProxy: "no_proxies_on", "" FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_182.dll () FF Plugin: @java.com/DTPlugin,version=10.7.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @soft-xpansion/npsxpdf - C:\Program Files (x86)\Common Files\soft Xpansion\np-sxpdf.dll (soft-Xpansion) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: DownloadHelper - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-04-23] FF Extension: Adblock Plus - C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-04] FF HKLM-x32\...\Firefox\Extensions: [{20d1f7b3-7721-4da0-b6f3-78bb4d7248f4}] - C:\Program Files (x86)\Browser Guard\browserguard.xpi FF Extension: Browser Guard - C:\Program Files (x86)\Browser Guard\browserguard.xpi [2014-02-24] ==================== Services (Whitelisted) ================= S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.) R2 avgfws; C:\Program Files (x86)\AVG\AVG2014\avgfws.exe [1358944 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.) R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.) R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.0.271\McCHSvc.exe [237328 2012-03-30] (McAfee, Inc.) R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation) R2 MSMQTriggers; C:\Windows\system32\mqtgsvc.exe [189440 2010-11-20] (Microsoft Corporation) S4 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [156672 2012-08-06] () R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2138936 2014-03-20] (TuneUp Software) S4 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.) S4 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [74496 2010-09-27] (Sony Corporation) S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [960160 2011-12-29] (Sony Corporation) S4 VUAgent; C:\Program Files\Sony\VAIO Update\VUAgent.exe [1368624 2013-08-01] (Sony Corporation) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation) R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.) R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [57144 2013-09-26] (AVG Technologies CZ, s.r.o.) R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.) R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.) R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-11-01] (AVG Technologies CZ, s.r.o.) R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.) R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.) R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.) R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.) S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [43616 2012-09-21] (IVT Corporation.) S3 btwampfl; No ImagePath S3 BTWDPAN; C:\Windows\System32\DRIVERS\btwdpan.sys [89640 2011-08-31] (Broadcom Corporation.) R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2012-12-23] (GFI Software) S1 GLogin; No ImagePath R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-10-07] (Intel Corporation) R2 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [88280 2014-04-03] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-24] (Malwarebytes Corporation) R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation) R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-09-21] (PenMount) U5 regi; C:\Windows\System32\Drivers\regi.sys [14112 2007-04-17] (InterVideo) R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [27960 2012-09-21] (Synaptics Incorporated) R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software) S3 btwaudio; system32\drivers\btwaudio.sys [X] S3 btwavdt; system32\DRIVERS\btwavdt.sys [X] S3 btwl2cap; system32\DRIVERS\btwl2cap.sys [X] S3 btwrchid; system32\DRIVERS\btwrchid.sys [X] S3 catchme; \??\C:\ComboFix\catchme.sys [X] U2 TMAgent; S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-04-23 20:01 - 2014-04-23 20:01 - 02347384 _____ (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe 2014-04-23 20:01 - 2014-04-23 20:01 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-23 14:25 - 2014-04-23 14:25 - 06158429 _____ (Magic DVD Software, Inc. ) C:\Users\xxx\Downloads\MagicDVDRipper820.exe 2014-04-23 14:21 - 2014-04-23 14:21 - 00001175 _____ () C:\Users\xxx\Desktop\AIDA64 Extreme.lnk 2014-04-23 14:20 - 2014-04-23 18:05 - 00064454 _____ () C:\Users\xxx\Documents\British India.pptx 2014-04-23 14:20 - 2014-04-23 14:20 - 15871712 _____ (FinalWire Ltd. ) C:\Users\xxx\Downloads\aida64extreme430.exe 2014-04-23 12:03 - 2014-04-23 12:03 - 00000334 _____ () C:\Windows\PFRO.log 2014-04-23 01:22 - 2014-04-23 01:23 - 00050049 _____ () C:\Users\xxx\Downloads\Addition.txt 2014-04-23 01:21 - 2014-04-24 03:13 - 00014243 _____ () C:\Users\xxx\Downloads\FRST.txt 2014-04-23 01:20 - 2014-04-24 03:13 - 00000000 ____D () C:\FRST 2014-04-23 01:20 - 2014-04-23 01:20 - 02061312 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe 2014-04-22 22:27 - 2014-04-22 22:27 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-22 22:27 - 2014-04-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-21 00:19 - 2014-04-21 00:19 - 00125480 _____ () C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 14:24 - 2014-04-23 19:30 - 00001064 _____ () C:\Windows\setupact.log 2014-04-20 14:24 - 2014-04-20 14:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-20 14:23 - 2014-04-20 14:24 - 00469744 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-20 00:41 - 2014-04-24 03:07 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-20 00:40 - 2014-04-20 00:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 00:40 - 2014-04-20 00:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 00:40 - 2014-04-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 00:40 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-20 00:40 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-12 18:28 - 2014-04-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Browser Guard 2014-04-12 18:27 - 2014-04-12 18:27 - 00636776 _____ () C:\Users\xxx\Downloads\FreeYouTubeToMP3Converter.exe 2014-04-09 15:41 - 2014-03-08 06:54 - 17848832 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-04-09 15:41 - 2014-03-08 06:06 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-09 15:41 - 2014-03-08 05:49 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-09 15:41 - 2014-03-08 05:41 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-09 15:41 - 2014-03-08 05:40 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-09 15:41 - 2014-03-08 05:39 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-09 15:41 - 2014-03-08 05:38 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2014-04-09 15:41 - 2014-03-08 05:37 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-09 15:41 - 2014-03-08 05:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2014-04-09 15:41 - 2014-03-08 05:34 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-09 15:41 - 2014-03-08 05:33 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-09 15:41 - 2014-03-08 05:32 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-09 15:41 - 2014-03-08 05:32 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-09 15:41 - 2014-03-08 05:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2014-04-09 15:41 - 2014-03-08 05:29 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-09 15:41 - 2014-03-08 05:24 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-09 15:41 - 2014-03-08 01:51 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-04-09 15:41 - 2014-03-08 01:20 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-09 15:41 - 2014-03-08 01:12 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-09 15:41 - 2014-03-08 01:03 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-09 15:41 - 2014-03-08 01:02 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-09 15:41 - 2014-03-08 01:02 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-09 15:41 - 2014-03-08 01:00 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2014-04-09 15:41 - 2014-03-08 00:59 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-09 15:41 - 2014-03-08 00:57 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2014-04-09 15:41 - 2014-03-08 00:57 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-09 15:41 - 2014-03-08 00:56 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-09 15:41 - 2014-03-08 00:54 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-09 15:41 - 2014-03-08 00:53 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-09 15:41 - 2014-03-08 00:52 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-04-09 15:41 - 2014-03-08 00:52 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2014-04-09 15:41 - 2014-03-08 00:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 15:38 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 15:38 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 15:38 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 15:38 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 15:38 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 15:38 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 15:38 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 15:38 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys 2014-04-09 15:38 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 15:38 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 15:38 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 15:38 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 15:35 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-02 17:00 - 2014-04-02 17:00 - 25032080 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup 28.0.exe 2014-04-02 16:59 - 2014-04-02 16:59 - 00283192 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup Stub 28.0.exe 2014-03-30 21:01 - 2014-03-30 21:01 - 00000000 ____D () C:\Users\xxx\AppData\Local\TuneUp Software 2014-03-25 18:30 - 2014-03-25 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\TuneUp Software 2014-03-25 18:30 - 2014-03-20 15:44 - 00029496 _____ (TuneUp Software) C:\Windows\system32\authuitu.dll 2014-03-25 18:30 - 2014-03-20 15:44 - 00025400 _____ (TuneUp Software) C:\Windows\SysWOW64\authuitu.dll 2014-03-25 18:21 - 2014-03-25 18:24 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-25 18:21 - 2014-03-25 18:21 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-03-25 18:21 - 2014-03-25 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\pdfforge 2014-03-25 18:21 - 2013-04-09 15:13 - 00110264 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll 2014-03-25 18:21 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMAPI32.OCX 2014-03-25 18:21 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPIDE.DLL 2014-03-25 18:21 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VB6DE.DLL 2014-03-25 18:21 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCMCDE.DLL 2014-03-25 18:21 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSCC2DE.DLL 2014-03-25 18:18 - 2014-03-25 18:18 - 00000000 ____D () C:\Users\xxx\AppData\Local\PDFCreator 2014-03-25 18:16 - 2014-03-25 18:16 - 69734576 _____ (pdfforge ) C:\Users\xxx\Downloads\PDFCreator-1_7_2_setup_offline.exe ==================== One Month Modified Files and Folders ======= 2014-04-24 03:13 - 2014-04-23 01:21 - 00014243 _____ () C:\Users\xxx\Downloads\FRST.txt 2014-04-24 03:13 - 2014-04-23 01:20 - 00000000 ____D () C:\FRST 2014-04-24 03:11 - 2012-09-22 14:36 - 00000000 ____D () C:\ProgramData\MFAData 2014-04-24 03:07 - 2014-04-20 00:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-04-24 02:35 - 2012-05-06 20:01 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-04-23 20:11 - 2012-02-11 17:20 - 01711176 _____ () C:\Windows\WindowsUpdate.log 2014-04-23 20:10 - 2012-02-11 17:13 - 00776262 _____ () C:\Windows\system32\perfh007.dat 2014-04-23 20:10 - 2012-02-11 17:13 - 00176940 _____ () C:\Windows\system32\perfc007.dat 2014-04-23 20:10 - 2009-07-14 07:13 - 01813874 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-04-23 20:01 - 2014-04-23 20:01 - 02347384 _____ (ESET) C:\Users\xxx\Downloads\esetsmartinstaller_enu.exe 2014-04-23 20:01 - 2014-04-23 20:01 - 00000000 ____D () C:\Program Files (x86)\ESET 2014-04-23 19:49 - 2012-12-23 17:07 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-04-23 19:37 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-04-23 19:37 - 2009-07-14 06:45 - 00009888 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-04-23 19:30 - 2014-04-20 14:24 - 00001064 _____ () C:\Windows\setupact.log 2014-04-23 19:30 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\inetsrv 2014-04-23 19:28 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-04-23 18:05 - 2014-04-23 14:20 - 00064454 _____ () C:\Users\xxx\Documents\British India.pptx 2014-04-23 14:51 - 2012-02-15 22:06 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\SoftGrid Client 2014-04-23 14:26 - 2013-07-25 18:55 - 00001905 _____ () C:\Users\xxx\Desktop\Magic DVD Ripper.lnk 2014-04-23 14:26 - 2013-07-25 18:55 - 00000000 ____D () C:\Program Files (x86)\MagicDVDRipper 2014-04-23 14:25 - 2014-04-23 14:25 - 06158429 _____ (Magic DVD Software, Inc. ) C:\Users\xxx\Downloads\MagicDVDRipper820.exe 2014-04-23 14:21 - 2014-04-23 14:21 - 00001175 _____ () C:\Users\xxx\Desktop\AIDA64 Extreme.lnk 2014-04-23 14:21 - 2013-01-19 15:05 - 00000000 ____D () C:\Program Files (x86)\FinalWire 2014-04-23 14:20 - 2014-04-23 14:20 - 15871712 _____ (FinalWire Ltd. ) C:\Users\xxxDownloads\aida64extreme430.exe 2014-04-23 12:24 - 2012-05-20 17:03 - 00000000 ____D () C:\Users\xxx\Desktop\xxx 2014-04-23 12:08 - 2012-02-11 18:01 - 00003970 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B8681BAA-8C0C-462E-A0E8-3936F77F0D1F} 2014-04-23 12:03 - 2014-04-23 12:03 - 00000334 _____ () C:\Windows\PFRO.log 2014-04-23 01:23 - 2014-04-23 01:22 - 00050049 _____ () C:\Users\xxx\Downloads\Addition.txt 2014-04-23 01:20 - 2014-04-23 01:20 - 02061312 _____ (Farbar) C:\Users\xxx\Downloads\FRST64.exe 2014-04-23 01:15 - 2012-11-30 22:10 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\vlc 2014-04-22 22:27 - 2014-04-22 22:27 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk 2014-04-22 22:27 - 2014-04-22 22:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-22 22:27 - 2013-06-27 21:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-04-21 00:19 - 2014-04-21 00:19 - 00125480 _____ () C:\Users\xxx\AppData\Local\GDIPFONTCACHEV1.DAT 2014-04-20 14:24 - 2014-04-20 14:24 - 00000000 _____ () C:\Windows\setuperr.log 2014-04-20 14:24 - 2014-04-20 14:23 - 00469744 _____ () C:\Windows\system32\FNTCACHE.DAT 2014-04-20 00:40 - 2014-04-20 00:40 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\xxx\Downloads\mbam-setup-2.0.1.1004.exe 2014-04-20 00:40 - 2014-04-20 00:40 - 00001102 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-04-20 00:40 - 2014-04-20 00:40 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-04-20 00:40 - 2012-03-31 09:26 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\Malwarebytes 2014-04-20 00:40 - 2012-03-31 09:26 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-04-14 14:11 - 2012-05-06 20:01 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-14 14:11 - 2012-04-28 15:24 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-14 14:11 - 2012-02-19 19:20 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-14 14:11 - 2012-02-15 23:07 - 00000000 ____D () C:\Users\xxx\AppData\Local\Adobe 2014-04-12 18:28 - 2014-04-12 18:28 - 00000000 ____D () C:\Program Files (x86)\Browser Guard 2014-04-12 18:27 - 2014-04-12 18:27 - 00636776 _____ () C:\Users\xxx\Downloads\FreeYouTubeToMP3Converter.exe 2014-04-12 01:27 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-09 15:49 - 2012-02-11 17:31 - 00000000 ____D () C:\ProgramData\Microsoft Help 2014-04-09 15:47 - 2013-07-28 14:46 - 00000000 ____D () C:\Windows\system32\MRT 2014-04-09 15:44 - 2012-02-15 23:04 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-03 10:51 - 2012-02-11 17:57 - 00000000 ____D () C:\Users\xxx 2014-04-03 09:51 - 2014-04-20 00:40 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-04-03 09:51 - 2014-04-20 00:40 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-04-03 09:50 - 2013-01-27 12:46 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-04-02 19:18 - 2009-07-14 04:34 - 90439680 _____ () C:\Windows\system32\config\SOFTWARE_tureg_old 2014-04-02 19:18 - 2009-07-14 04:34 - 25165824 _____ () C:\Windows\system32\config\SYSTEM_tureg_old 2014-04-02 19:18 - 2009-07-14 04:34 - 00024576 _____ () C:\Windows\system32\config\SECURITY_tureg_old 2014-04-02 19:10 - 2009-07-14 04:34 - 01572864 _____ () C:\Windows\system32\config\DEFAULT_tureg_old 2014-04-02 19:10 - 2009-07-14 04:34 - 00098304 _____ () C:\Windows\system32\config\SAM_tureg_old 2014-04-02 17:00 - 2014-04-02 17:00 - 25032080 _____ (Mozilla) C:\Users\xxxDownloads\Firefox Setup 28.0.exe 2014-04-02 16:59 - 2014-04-02 16:59 - 00283192 _____ (Mozilla) C:\Users\xxx\Downloads\Firefox Setup Stub 28.0.exe 2014-04-02 16:37 - 2009-07-14 04:34 - 47185920 _____ () C:\Windows\system32\config\COMPONENTS_tureg_old 2014-03-30 21:01 - 2014-03-30 21:01 - 00000000 ____D () C:\Users\Surfen\AppData\Local\TuneUp Software 2014-03-25 18:31 - 2013-09-17 23:29 - 00000000 ____D () C:\Program Files (x86)\TuneUp Utilities 2014 2014-03-25 18:30 - 2014-03-25 18:30 - 00000000 ____D () C:\Users\xxx\AppData\Local\TuneUp Software 2014-03-25 18:24 - 2014-03-25 18:21 - 00000000 ____D () C:\Program Files (x86)\PDFCreator 2014-03-25 18:21 - 2014-03-25 18:21 - 00001031 _____ () C:\Users\Public\Desktop\PDFCreator.lnk 2014-03-25 18:21 - 2014-03-25 18:21 - 00000000 ____D () C:\Users\xxx\AppData\Roaming\pdfforge 2014-03-25 18:18 - 2014-03-25 18:18 - 00000000 ____D () C:\Users\xxx\AppData\Local\PDFCreator 2014-03-25 18:16 - 2014-03-25 18:16 - 69734576 _____ (pdfforge ) C:\Users\xxx\Downloads\PDFCreator-1_7_2_setup_offline.exe Some content of TEMP: ==================== C:\Users\xxx\AppData\Local\Temp\msvcp100.dll C:\Users\xxx\AppData\Local\Temp\msvcr100.dll C:\Users\xxx\AppData\Local\Temp\drm_dyndata_7330017.dll ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-20 20:07 ==================== End Of Log ============================ So bitte schön und danke jetzt schon für deine Mühe |
|
24.04.2014, 13:33
| #6 |
| Ruhe in Frieden † 2019 | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Funde von Eset sind nur Adware, die löschen wir jetzt Schritt 1 Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
>OK< So wie ich es sehe, haben wir damit alles Schadhafte entfernt. Deine Logs sind sauber. Abschließend räumen wir noch etwas auf, führen Updates durch und dann bekommst du noch etwas Lesestoff von mir. Schritt 1 Falls Du Malwarebytes-Antimalware und den ESET-Onlinescan nicht mehr benötigst, kannst Du beide Programme einfach über die Programmdeinstallation deinstallieren. Ich empfehle Dir aber zumindest Malwarebytes zu behalten, und damit einmal die Woche einen Kontrollscan zu machen. Schritt 2 Downloade dir bitte delfix auf deinen Desktop.
Falls nun noch Tools aus der Bereinigung auf deinem PC sind, kannst du diese besorgtlos selbst löschen. Updates / Programme aktualisieren
Stelle sicher, dass dein FlashPlayer nach Updates sucht. Den FlashPlayer kann man direkt bei der Installation so konfigurieren, dass er nach Updates automatisch sucht, nachträglich kann man das über folgenden Link machen: Adobe - Flash Player: Einstellungsmanager - Globale Benachrichtigungseinstellungen
Nun zum Schluss noch ein paar Tipps zur Absicherung deines Systems. Aktualität des Systems Es ist extrem wichtig, dass sowohl dein System als auch die darauf installierte sicherheitsrelevante Software (Flash Player, PDF-Reader und besonders Java, sofern vorhanden) aktuell sind.
Antivirensoftware
Zusätzlicher Schutz
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der Internet Explorer, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Systemleistung Lösche regelmäßig deine temporären Dateien. Ich empfehle hierzu TFC Halte dich fern von jeglichen Registry Cleanern. Diese schaden deinem System mehr als dass sie es schneller machen. Verhaltensregeln zum sichereren Surfen
Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind. Falls Du Lob oder Kritik abgeben möchtest, kannst Du das sehr gerne hier tun. Wenn Du etwas für das Forum und unsere Arbeit spenden möchtest, so kannst Du das hier tun.
__________________ --> Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) |
|
24.04.2014, 15:56
| #7 |
| | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Naja ich habe gerade einen Quick scan mit Malwarebytes gemacht und die 3 Schaddateien vom Anfang sind immer noch da. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.04.2014 Suchlauf-Zeit: 16:58:04 Logdatei: Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.04.24.06 Rootkit Datenbank: v2014.03.27.01 Lizenz: Premium Malware Schutz: Aktiviert Bösartiger Webseiten Schutz: Aktiviert Chameleon: Aktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: xxx Suchlauf-Art: Hyper-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 322426 Verstrichene Zeit: 9 Min, 44 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Deaktiviert Archive: Aktiviert Rootkits: Aktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 3 PUP.Optional.Delta.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), ,[cd3324dcae525da34126fd5caf5558a8] PUP.Optional.Delta.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), ,[0ef20bf502fe8d733b2cdc7d699b629e] PUP.Optional.Delta.A, C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), ,[13ed709001ff0bf511569cbd9b69cf31] Physische Sektoren: 0 (No malicious items detected) (end) |
|
24.04.2014, 20:59
| #8 |
| Ruhe in Frieden † 2019 | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Dann musst du dein Firefoxprofil löschen und ein neues anlegen. Hier findest du eine ausführliche Anleitung dazu. Wähle auch Daten des Profils löschen aus, wenn du Lesezeichen hast, die du sichern möchtest, dann exportiere diese vorher. |
|
28.04.2014, 16:12
| #9 |
| | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) So nun läuft wieder alles !! Vielen Dank für deine Hilfe LG |
|
28.04.2014, 21:00
| #10 |
| Ruhe in Frieden † 2019 | Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) Hallo king_james, sehr gern geschehen. Alles Gute dir. Somit ist dieses Thema erledigt, falls du noch Fragen haben solltest oder es Probleme gibt, so schicke mir bitte eine PN |
|
| Themen zu Diese 3 Schaddateien tauchen immer wieder auf (C:\Users\xxx\AppData\Roaming\Mozilla\Firefox\Profiles\sced2vv7.default\prefs.js) |
| appdata, code, datenbank, datum, detected, false, firefox, genannt, guten, logfile, malicious, malwarebytes, mozilla, quarantäne, roaming, scan, schlecht, schutz, service, tauchen, users, webseite, webseiten, windows, windows 7 |
Linear-Darstellung
