| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: WIN 7 Crypt.ZPACK.80380 laut Avira gefundenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.05.2014, 19:19
| #1 |
| |  WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Hi barauche bitte eure Hilfe: habe auf einen Laptop einen TR/crypt.ZPACK.80380 laut Avira! Habe schon vor einiger Zeit einiges unternommen, das aber leider nicht erfolgreich war, darum bitte ich um Eure hilfe! Danke lg EmZet |
|
26.05.2014, 19:56
| #2 |
| /// the machine /// TB-Ausbilder    | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Hi,
__________________Logfile von Avira? Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
27.05.2014, 20:43
| #3 |
| | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Danke für die Hilfe: FRST log
__________________FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Christian Harold (administrator) on LAPTOPCHRISTIAN on 26-05-2014 21:02:10
Running from C:\Users\Christian Harold\Downloads
Platform: Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Panasonic Corporation) C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Dropbox, Inc.) C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfupd.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avscan.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [SoundMAX] => C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [iPrint Tray] => C:\windows\system32\iprntctl.exe [69304 2013-12-13] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\windows\system32\iprntlgn.exe [73400 2013-12-13] (Novell, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\runonceex: [ContentMerger] - c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-06-13] (Sonic Solutions)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [Skype] => C:\Program Files\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144 2010-05-07] (TomTom)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [975800 2012-07-16] (Samsung)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [mjwsgqw] => regsvr32.exe "C:\ProgramData\mjwsgqw.dat"
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [wcwtuc] => regsvr32.exe "
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [hrdboot.exe] => C:\Users\Christian Harold\AppData\Roaming\Microsoft\hrdboot.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {31cb6a64-d993-11de-9776-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {31cb6a66-d993-11de-9776-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {31cb6a6c-d993-11de-9776-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {31cb6a6e-d993-11de-9776-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {584c0acf-b6c0-11e1-8f28-00247ef61c0f} - D:\laucher.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {6900b6f9-e09c-11de-95c6-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {7c1f471e-de50-11de-9599-00247ef61c0f} - D:\Autorun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {9aed441f-d46a-11de-afb4-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {9aed4423-d46a-11de-afb4-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {a325eff8-ef9a-11de-9596-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {a325effb-ef9a-11de-9596-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {a325effd-ef9a-11de-9596-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {cedc64b8-df52-11de-af2e-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {d11d3fb5-cc13-11e2-9ea6-00247ef61c0f} - D:\LaunchU3.exe -a
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {dc1a3db0-d4d4-11de-af02-00247ef61c0f} - D:\AutoRun.exe
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\MountPoints2: {dc1a3db2-d4d4-11de-af02-00247ef61c0f} - D:\AutoRun.exe
IFEO\bitguard.exe: [Debugger] tasklist.exe
IFEO\bprotect.exe: [Debugger] tasklist.exe
IFEO\browserdefender.exe: [Debugger] tasklist.exe
IFEO\browserprotect.exe: [Debugger] tasklist.exe
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiNQ.lnk
ShortcutTarget: LiNQ.lnk -> QNiL.dll,work (No File)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\romqmq0h.lnk
ShortcutTarget: romqmq0h.lnk -> C:\PROGRA~2\299219~1\h0qmqmor.cpp (No File)
HKLM\...\AppCertDlls: [x64] -> c:\program files\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer: :
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_AT&c=92&bd=all&pf=cmnb
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=4C63001E645DD4A2&affID=119557&tt=160913_m2&tsp=5014
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}
BHO: No Name - {2EECD738-5844-4a99-B4B6-146BF802613B} - No File
BHO: No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - No File
BHO: No Name - {F2BC2878-7212-484E-9131-384D48B2C090} - No File
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll ()
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM - No Name - {377e5d4d-77e5-476a-8716-7e70a9272da0} - No File
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SearchEngineOrder.1: Amazon
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.google.at/
FF Keyword.URL: hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint - C:\windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [info@bflix.info] - C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\extensions\info@bflix.info
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 iprntsrv; C:\windows\system32\iprntsrv.exe [57344 2013-12-13] (Novell, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)
S3 Winmgmt; C:\PROGRA~2\2992199F9A\6PCI.dll [X]
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 cdrbsdrv; C:\windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 NETw1v32; C:\windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-21] (Intel Corporation)
R1 nipplpt2; C:\windows\system32\drivers\nipplpt.sys [42464 2013-12-13] ()
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-26 21:02 - 2014-05-26 21:03 - 00022926 _____ () C:\Users\Christian Harold\Downloads\FRST.txt
2014-05-26 21:02 - 2014-05-26 21:02 - 00000000 ____D () C:\FRST
2014-05-26 21:01 - 2014-05-26 21:01 - 01056256 _____ (Farbar) C:\Users\Christian Harold\Downloads\FRST.exe
2014-05-26 19:10 - 2014-05-26 19:12 - 00000090 _____ () C:\windows\setupact.log
2014-05-26 19:10 - 2014-05-26 19:10 - 00000000 _____ () C:\windows\setuperr.log
2014-05-26 13:54 - 2014-05-26 13:54 - 13825649 _____ () C:\Users\Christian Harold\Downloads\Papierherstellung.zip
2014-05-22 09:53 - 2014-05-22 09:53 - 00052332 _____ () C:\Users\Christian Harold\Downloads\Prüfungseinteilung2014.xlsx
2014-05-22 09:39 - 2014-05-22 13:11 - 00012693 ____H () C:\Users\Christian Harold\AppData\Roaming\telekom.html
2014-05-20 15:50 - 2014-05-20 15:50 - 00057518 _____ () C:\Users\Christian Harold\Downloads\DSC_8358.jpeg
2014-05-14 21:55 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:45 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-14 21:45 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-14 21:45 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-14 20:44 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-14 20:44 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-14 20:44 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:44 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-14 20:44 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-14 20:44 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-14 20:44 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-14 20:44 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-14 20:44 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-14 20:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-14 20:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-05-14 20:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-14 20:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-14 20:44 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-14 08:22 - 2014-05-26 19:23 - 00886543 _____ () C:\windows\WindowsUpdate.log
2014-05-13 17:41 - 2014-05-19 10:44 - 00268920 _____ (Microsoft Corporation) C:\ProgramData\mjwsgqw.dat
2014-05-13 17:40 - 2014-05-15 10:04 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-08 11:28 - 2014-05-08 11:28 - 00027136 _____ () C:\Users\Christian Harold\Downloads\CLIL_Leerformular 2013-14.xls
2014-05-07 07:34 - 2014-05-26 19:12 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-06 21:02 - 2014-05-15 09:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-04-30 10:28 - 2014-04-30 11:20 - 00000000 ____D () C:\Users\Christian Harold\Documents\Semianr _ Litti _Steyr
2014-04-29 13:42 - 2014-04-29 13:42 - 00012831 _____ () C:\Users\Christian Harold\Downloads\U10 Final Day 01.Mai.2014.xlsx
==================== One Month Modified Files and Folders =======
2014-05-26 21:03 - 2014-05-26 21:02 - 00022926 _____ () C:\Users\Christian Harold\Downloads\FRST.txt
2014-05-26 21:02 - 2014-05-26 21:02 - 00000000 ____D () C:\FRST
2014-05-26 21:01 - 2014-05-26 21:01 - 01056256 _____ (Farbar) C:\Users\Christian Harold\Downloads\FRST.exe
2014-05-26 19:23 - 2014-05-14 08:22 - 00886543 _____ () C:\windows\WindowsUpdate.log
2014-05-26 19:19 - 2009-07-14 06:34 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-26 19:19 - 2009-07-14 06:34 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-26 19:12 - 2014-05-26 19:10 - 00000090 _____ () C:\windows\setupact.log
2014-05-26 19:12 - 2014-05-07 07:34 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-26 19:12 - 2012-09-17 17:58 - 00000000 ___RD () C:\Users\Christian Harold\Dropbox
2014-05-26 19:12 - 2012-09-17 17:56 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\Dropbox
2014-05-26 19:12 - 2012-07-02 17:40 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-05-26 19:12 - 2012-07-02 17:40 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 19:10 - 2014-05-26 19:10 - 00000000 _____ () C:\windows\setuperr.log
2014-05-26 19:10 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-26 17:56 - 2013-05-07 13:09 - 00000000 ____D () C:\NDPS
2014-05-26 16:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-05-26 13:54 - 2014-05-26 13:54 - 13825649 _____ () C:\Users\Christian Harold\Downloads\Papierherstellung.zip
2014-05-25 15:39 - 2009-11-18 16:26 - 00000000 ___RD () C:\Users\Christian Harold\Documents\Christian
2014-05-25 14:59 - 2012-09-17 17:58 - 00001057 _____ () C:\Users\Christian Harold\Desktop\Dropbox.lnk
2014-05-25 14:59 - 2012-09-17 17:56 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 13:11 - 2014-05-22 09:39 - 00012693 ____H () C:\Users\Christian Harold\AppData\Roaming\telekom.html
2014-05-22 09:53 - 2014-05-22 09:53 - 00052332 _____ () C:\Users\Christian Harold\Downloads\Prüfungseinteilung2014.xlsx
2014-05-22 09:43 - 2013-08-11 15:37 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-22 09:43 - 2013-08-11 15:37 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-20 15:50 - 2014-05-20 15:50 - 00057518 _____ () C:\Users\Christian Harold\Downloads\DSC_8358.jpeg
2014-05-19 10:44 - 2014-05-13 17:41 - 00268920 _____ (Microsoft Corporation) C:\ProgramData\mjwsgqw.dat
2014-05-19 10:16 - 2009-11-18 15:20 - 00000000 ____D () C:\Users\Christian Harold\AppData\Local\VirtualStore
2014-05-15 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-05-15 10:04 - 2014-05-13 17:40 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 09:58 - 2014-05-06 21:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 09:58 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-05-14 21:57 - 2009-09-17 05:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 21:55 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:54 - 2013-08-15 18:07 - 00000000 ____D () C:\windows\system32\MRT
2014-05-14 21:50 - 2010-08-12 16:42 - 90547776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-14 18:33 - 2013-09-28 14:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-11 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-05-09 09:06 - 2014-05-14 20:44 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:44 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 16:00 - 2009-11-18 20:56 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-08 11:28 - 2014-05-08 11:28 - 00027136 _____ () C:\Users\Christian Harold\Downloads\CLIL_Leerformular 2013-14.xls
2014-05-06 05:25 - 2014-05-14 21:45 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 21:45 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 21:45 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 11:05 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-30 11:20 - 2014-04-30 10:28 - 00000000 ____D () C:\Users\Christian Harold\Documents\Semianr _ Litti _Steyr
2014-04-29 13:42 - 2014-04-29 13:42 - 00012831 _____ () C:\Users\Christian Harold\Downloads\U10 Final Day 01.Mai.2014.xlsx
2014-04-27 18:44 - 2010-01-05 17:27 - 00000000 ____D () C:\windows\Minidump
Files to move or delete:
====================
C:\ProgramData\mjwsgqw.dat
C:\ProgramData\PKP_DLdu.DAT
C:\Users\Public\AlexaNSISPlugin.9476.dll
Some content of TEMP:
====================
C:\Users\Christian Harold\AppData\Local\Temp\avgnt.exe
C:\Users\Christian Harold\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgjbj0r.dll
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe
[2014-05-14 20:44] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-20 08:34
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Additional Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014 02
Ran by Christian Harold at 2014-05-26 21:03:37
Running from C:\Users\Christian Harold\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
==================== Installed Programs ======================
ActiveCheck component for HP Active Support Library (Version: 3.0.0.1 - Hewlett-Packard) Hidden
Adobe Bridge 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Common File Installer (Version: 1.00.0000 - Adobe System Incorporated) Hidden
Adobe Flash Player 11 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 11.8.800.168 - Adobe Systems Incorporated)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Help Center 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
Adobe Photoshop CS2 (HKLM\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.)
Adobe Photoshop CS2 (Version: 9.0 - Adobe Systems, Inc.) Hidden
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Adobe Stock Photos 1.0 (Version: 001.000.000 - Adobe Systems) Hidden
aonUpdate (HKLM\...\aonUpdate) (Version: - Telekom Austria TA AG)
aonUpdate (Version: 1.3 - Telekom Austria TA AG) Hidden
Apple Application Support (HKLM\...\{F5266D28-E0B2-4130-BFC5-EE155AD514DC}) (Version: 2.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C23CD6DA-1958-43A5-ADD0-59396572E02E}) (Version: 3.4.1.2 - Apple Inc.)
Apple Software Update (HKLM\...\{C6579A65-9CAE-4B31-8B6B-3306E0630A66}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Panorama Maker 4 (HKLM\...\{D45E8C45-B601-4A80-AFD8-E16338744DE1}) (Version: - ArcSoft)
ArcSoft Software Suite (HKLM\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
ATI Catalyst Install Manager (HKLM\...\{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}) (Version: 3.0.732.0 - ATI Technologies, Inc.)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.4.642 - Avira)
Bilder-CD Chemietechnik, 10. Aufl. - Einzellizenz (HKLM\...\Bilder-CD Chemietechnik_is1) (Version: - Verlag Europa-Lehrmittel)
Bonjour (HKLM\...\{C2E4B5BD-32DB-4817-A060-341AB17C3F90}) (Version: 2.0.5.0 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version: - )
Canon Easy-WebPrint EX (HKLM\...\Easy-WebPrint EX) (Version: - )
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM\...\CANONIJPLM100) (Version: - )
Canon iP4200 (HKLM\...\CANONBJ_Deinstall_CNMCP78.DLL) (Version: - )
Canon Kurzwahlprogramm (HKLM\...\Speed Dial Utility) (Version: - )
Canon MP Navigator EX 1.0 (HKLM\...\MP Navigator EX 1.0) (Version: - )
Canon MP Navigator EX 5.1 (HKLM\...\MP Navigator EX 5.1) (Version: - )
Canon MX310 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX310_series) (Version: - )
Canon MX310 series Benutzerregistrierung (HKLM\...\Canon MX310 series Benutzerregistrierung) (Version: - )
Canon MX510 series Benutzerregistrierung (HKLM\...\Canon MX510 series Benutzerregistrierung) (Version: - )
Canon MX510 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX510_series) (Version: - )
Canon MX510 series On-screen Manual (HKLM\...\Canon MX510 series On-screen Manual) (Version: - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version: - )
Canon Setup Utility 2.0 (HKLM\...\Canon Setup Utility 2.0) (Version: - )
Canon Solution Menu EX (HKLM\...\CanonSolutionMenuEX) (Version: - )
Canon Utilities Easy-PhotoPrint (HKLM\...\Easy-PhotoPrint) (Version: - )
Canon Utilities Easy-PrintToolBox (HKLM\...\Easy-PrintToolBox) (Version: - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version: - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2009.0804.1118.18368 - ATI) Hidden
Catalyst Control Center InstallProxy (Version: 2009.0804.1118.18368 - ATI Technologies, Inc.) Hidden
Catalyst Control Center Localization All (Version: 2009.0804.1118.18368 - ATI) Hidden
CCC Help Chinese Standard (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Czech (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Danish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Dutch (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help English (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Finnish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help French (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help German (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Greek (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Hungarian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Italian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Japanese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Korean (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Norwegian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Polish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Portuguese (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Russian (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Spanish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Swedish (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Thai (Version: 2009.0804.1117.18368 - ATI) Hidden
CCC Help Turkish (Version: 2009.0804.1117.18368 - ATI) Hidden
ccc-core-static (Version: 2009.0804.1118.18368 - ATI) Hidden
ccc-utility (Version: 2009.0804.1118.18368 - ATI) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.06 - Piriform)
CD-LabelPrint (HKLM\...\MediaNavigation.CDLabelPrint) (Version: - )
Choice Guard (Version: 1.2.87.0 - Microsoft Corporation) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{349F73CA-653A-43A6-AE77-970B07D6EDA0}) (Version: - Microsoft)
Delta Chrome Toolbar (HKLM\...\Delta Chrome Toolbar) (Version: - Visual Tools) <==== ATTENTION
DirectX 9 Runtime (Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy-WebPrint (HKLM\...\Easy-WebPrint) (Version: - )
Foxit Reader (HKLM\...\Foxit Reader) (Version: 3.1.4.1125 - Foxit Software Company)
Highspeed-Internet-Installation (HKLM\...\Highspeed-Internet-Installation) (Version: - Telekom Austria TA AG)
Highspeed-Internet-Installation (Version: 1.0.0.2 - Telekom Austria TA AG) Hidden
HP 3D DriveGuard (HKLM\...\{85A42FF0-F0D0-44A3-B226-C124D6E8B1D5}) (Version: 4.0.3.1 - Hewlett-Packard)
HP Common Access Service Library (HKLM\...\{87CA636B-85B8-4611-A81D-F97E71024AFD}) (Version: 3.0.28.1 - Hewlett-Packard)
HP Customer Experience Enhancements (HKLM\...\{5B295588-59C1-4386-9F85-BB4BEDCB0D22}) (Version: 5.7.0.3036 - Hewlett-Packard)
hp deskjet 940c series (nur entfernen) (HKLM\...\hp deskjet 940c series) (Version: - )
HP ESU for Microsoft Windows 7 (HKLM\...\{511376F5-7E5A-4EC9-B603-193B1D425BC3}) (Version: 1.0.1.1 - Hewlett-Packard)
HP Integrated Module with Bluetooth wireless technology (HKLM\...\{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}) (Version: 6.2.0.9602 - Broadcom Corporation)
HP Quick Launch Buttons (HKLM\...\{34D2AB40-150D-475D-AE32-BD23FB5EE355}) (Version: 6.50.4.2 - Hewlett-Packard)
HP QuickLook (HKLM\...\{6B11BCAC-CE60-418E-A0BD-F773EC1194E5}) (Version: 3.0.0.17 - Hewlett-Packard)
HP Setup (HKLM\...\{D0BFE65D-C320-4FC9-88D2-B9C32FB95DA0}) (Version: 1.2.3215.3078 - Hewlett-Packard)
HP Software Setup (HKLM\...\{76AF1F61-BB44-4694-A0EA-C6830C8BEF41}) (Version: 1.0.0.15 - Hewlett-Packard)
HP Support Assistant (HKLM\...\{4F46FDB9-B906-47BF-B3D5-C62E01B3C5EE}) (Version: 4.1.11.3 - Hewlett-Packard)
HP User Guides 0136 (HKLM\...\{004739E9-9BBF-4A8B-9FAC-EB7CA5B7A9D9}) (Version: 1.03.0002 - Hewlett-Packard)
HP Wallpaper (HKLM\...\{F173C2B3-296F-458C-98FF-1676A42EBA02}) (Version: 1.0.1.11 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (HKLM\...\{1D61E881-43CD-447B-9E6B-D2C6138B2862}) (Version: 1.0 - Roxio)
HP Webcam Driver (HKLM\...\{399C37FB-08AF-493B-BFED-20FBD85EDF7F}) (Version: 5.8.50008.0 - Sonix)
HP Wireless Assistant (HKLM\...\{54CC7901-804D-4155-B353-21F0CC9112AB}) (Version: 3.50.9.1 - Hewlett-Packard)
HPAsset component for HP Active Support Library (Version: 3.0.0.2 - Hewlett-Packard) Hidden
iLivid (HKLM\...\iLivid) (Version: 4.0.0.2624 - Bandoo Media Inc) <==== ATTENTION
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
ISIS Draw 2.1.4 Standalone (HKLM\...\ISIS Draw 2.1.4 Standalone) (Version: - )
iTunes (HKLM\...\{7E6066E6-8B5B-4100-B0FA-1D9E9B663CBA}) (Version: 10.3.1.55 - Apple Inc.)
IZArc 4.1 (HKLM\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1 - Ivan Zahariev)
LightScribe System Software (HKLM\...\{82EF29B1-9B60-4142-A155-0599216DD053}) (Version: 1.18.6.1 - LightScribe)
LohnSteuer-Experte 2013 - NEWS-Edition (HKLM\...\LohnSteuer-Experte 2013_is1) (Version: 19.2.0 - haude electronica verlag)
LSI HDA Modem (HKLM\...\LSI Soft Modem) (Version: 2.1.94 - LSI Corporation)
Marvell Miniport Driver (HKLM\...\Marvell Miniport Driver) (Version: 10.70.5.3 - Marvell)
MedChem Designer (HKLM\...\{A800576A-AFDB-406D-9CBC-892B4E7F49AA}) (Version: 1.0.1.15 - Simulations Plus, Inc)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Student 2010 (HKLM\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Suite Activation Assistant (HKLM\...\{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}) (Version: 2.7 - Microsoft Corporation)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (HKLM\...\Microsoft Visual J# 2.0 Redistributable Package) (Version: - Microsoft Corporation)
Microsoft Visual J# 2.0 Redistributable Package (Version: 2.0.50727 - Microsoft Corporation) Hidden
MobileMe Control Panel (HKLM\...\{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}) (Version: 3.1.6.0 - Apple Inc.)
Mobiles Internet für unterwegs (HKLM\...\Mobiles Internet für unterwegs) (Version: - Telekom Austria TA AG)
Mobiles Internet für unterwegs (Version: 1.6.0.25 - Telekom Austria TA AG) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
Nikon Message Center (HKLM\...\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}) (Version: 0.92.000 - Nikon)
Nikon Transfer (HKLM\...\{E9757890-7EC5-46C8-99AB-B00F07B6525C}) (Version: 1.0.2 - Nikon)
Novell iPrint Client v05.94.00 (HKLM\...\Novell iPrint Client) (Version: - Novell, Inc.)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0 - Microsoft Corporation) Hidden
PDF Complete Special Edition (HKLM\...\PDF Complete) (Version: 3.5.108 - PDF Complete, Inc)
PHOTOfunSTUDIO HD Edition (HKLM\...\{9A9DBEBC-C800-4776-A970-D76D6AA405B1}) (Version: 3.00.126 - Panasonic)
QLBCASL (Version: 6.40.17.2 - Hewlett-Packard) Hidden
QuickTime (HKLM\...\{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}) (Version: 7.73.80.64 - Apple Inc.)
Roxio Activation Module (Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (HKLM\...\{537BF16E-7412-448C-95D8-846E85A1D817}) (Version: 10.3 - Roxio)
Roxio Creator Business v10 (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (Version: 10.3.349 - Roxio) Hidden
Safari (HKLM\...\{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}) (Version: 5.33.21.1 - Apple Inc.)
Samsung Kies (HKLM\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (Version: 2.3.2.12064_10 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.6.0 - SAMSUNG Electronics Co., Ltd.)
SCR3xxx Smart Card Reader (HKLM\...\{E045FAC9-0B70-4796-AD3A-7035E89CE536}) (Version: 8.35 - SCM Microsystems)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (Version: - Microsoft) Hidden
Sigel Label- und Barcode Software (HKLM\...\Sigel Label- und Barcode Software) (Version: - )
Sigel NameBadges Software (HKLM\...\Sigel NameBadges Software) (Version: - )
Sigel Professional Label Software SE (HKLM\...\Sigel Professional Label Software SE) (Version: - )
Skype™ 6.11 (HKLM\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (Version: 4.3.0 - Sonic Solutions) Hidden
SoundMAX (HKLM\...\{F0A37341-D692-11D4-A984-009027EC0A9C}) (Version: 6.10.1.7255 - Analog Devices)
SP C240SF/C242SF USB (HKLM\...\SP C240SF/C242SF USB) (Version: 1.02.0.0 - )
Symyx Draw (HKLM\...\{BECEF2E4-0B0B-461A-AE80-CC569F028303}) (Version: 3.2.200 - Symyx Technologies, Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 13.2.6.2 - Synaptics Incorporated)
TomTom HOME 2.7.4.1962 (HKLM\...\TomTom HOME) (Version: 2.7.4.1962 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
TUGZip 3.5 (HKLM\...\TUGZip_is1) (Version: - Christian Kindahl)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
Visitenkarten in 2 Minuten (HKLM\...\Visitenkarten in 2 Minuten) (Version: - )
VLC media player 2.1.0 (HKLM\...\VLC media player) (Version: 2.1.0 - VideoLAN)
web'n'walk Manager 1.6 (HKLM\...\web'n'walk Manager 1.6) (Version: 1.0 - Huawei Technologies Co.,Ltd)
Windows 7 Default Setting (HKLM\...\{E70E6183-F6EC-45B4-AFA4-0C3C36D4B664}) (Version: 1.0.0.6 - Hewlett-Packard)
Windows Live Anmelde-Assistent (HKLM\...\{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}) (Version: 5.000.818.6 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite_Wave3) (Version: 14.0.8050.1202 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8050.1202 - Microsoft Corporation) Hidden
Windows Live-Uploadtool (HKLM\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
WinZip 12.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240B7}) (Version: 12.0.8252 - WinZip Computing, S.L. )
==================== Restore Points =========================
Could not list Restore Points. Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {483402B5-CF86-418E-9F8F-632118CDC40E} - System32\Tasks\FGRun => C:\Users\Christian
Task: {4BB3491F-C81C-4F9E-9364-19699FDEA9C9} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Health Analysis => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard)
Task: {64D19ECF-27FF-41C8-B35B-5E98BEA28ED3} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {661F6C1B-2909-4AEB-B032-97C7EC5B3140} - System32\Tasks\LaunchApp => C:\Program Files\MyPC Backup\MyPC Backup.exe <==== ATTENTION
Task: {81A16E9A-54A8-4509-BA11-C645B7FA0D7F} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-09-19] (Piriform Ltd)
Task: {87852A1F-7ED9-4C1A-A00D-876E95F72D3D} - System32\Tasks\YourFile DownloaderUpdate => C:\Program Files\YourFileDownloader\YourFileUpdater.exe <==== ATTENTION
Task: {B8C77312-B192-4212-855B-82F9ADF63C2B} - System32\Tasks\Hewlett-Packard\HP Assistant\PC Tuneup => C:\Program Files\Hewlett-Packard\HP Support Framework\HPSF.exe [2009-07-10] (Hewlett-Packard)
==================== Loaded Modules (whitelisted) =============
2009-11-18 16:01 - 2009-11-05 09:39 - 00087552 _____ () C:\windows\System32\cpwmon2k.dll
2009-11-18 20:56 - 2011-09-06 13:32 - 00140456 _____ () C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
2009-11-18 16:05 - 2006-05-14 14:03 - 00655360 _____ () C:\Program Files\TUGZip\TzShell.dll
2009-11-18 16:05 - 2008-02-03 00:08 - 01722368 _____ () C:\Program Files\TUGZip\Plugins\TzArchive10.tgp
2009-11-18 16:05 - 2007-03-13 00:34 - 00162304 _____ () C:\windows\system32\ztvunrar36.dll
2009-11-18 16:05 - 2005-02-18 00:15 - 00077824 _____ () C:\Program Files\TUGZip\Plugins\TzImage10.tgp
2010-01-29 09:21 - 2009-09-04 09:19 - 00644096 _____ () C:\Program Files\IZArc\IZArcCM.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 00087952 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-10-11 22:56 - 2012-10-11 22:56 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-07-30 17:49 - 2009-07-30 17:49 - 00132384 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 02121728 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 07745536 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-06-17 20:40 - 2009-06-17 20:40 - 00135168 _____ () C:\Program Files\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-02-28 08:29 - 2014-02-28 08:29 - 00180736 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Commonc65c5a95#\f01e28dff66555278938ce7965171bcc\Kies.Common.DeviceServiceLib.Interface.ni.dll
2014-02-28 08:29 - 2014-02-28 08:29 - 14334464 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.Theme\a85bd518299a12925f2e83ddb1afbf84\Kies.Theme.ni.dll
2014-02-28 08:28 - 2014-02-28 08:28 - 01590272 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.UI\876009610b95d744743f8e044f1b55c6\Kies.UI.ni.dll
2014-02-28 08:28 - 2014-02-28 08:28 - 00081920 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\Kies.MVVM\579b59d0382792ac93c5e5bff3e3eb06\Kies.MVVM.ni.dll
2014-02-28 08:29 - 2014-02-28 08:29 - 00197120 _____ () C:\windows\assembly\NativeImages_v4.0.30319_32\ASF_cSharpAPI\b24630c1ccbdfa553711e289b0bb8815\ASF_cSharpAPI.ni.dll
2012-07-16 13:24 - 2012-07-16 13:24 - 00021432 _____ () C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
2014-05-26 19:10 - 2014-05-26 19:10 - 00115137 _____ () C:\Users\Christian Harold\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
2014-05-26 19:11 - 2014-05-26 19:11 - 00043008 _____ () C:\Users\Christian Harold\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgjbj0r.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\libcef.dll
2008-12-19 01:03 - 2008-12-19 01:03 - 00020480 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2009-11-18 23:09 - 2009-11-18 23:09 - 00270336 _____ () C:\windows\assembly\GAC_MSIL\CLI.Aspect.CrossDisplay.Graphics.Dashboard\1.0.0.0__90ba9c70f846762e\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2013-09-19 22:22 - 2013-09-19 22:22 - 00039424 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-03-27 21:30 - 2014-04-22 16:30 - 03642480 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-09-28 14:32 - 2013-09-28 14:32 - 16177544 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Could not list Devices. Check "winmgmt" service or repair WMI.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: Vom Suchdienst wurden beschädigte Datendateien im Index {id=4700} erkannt. Vom Dienst wird versucht, dieses Problem durch Neuerstellung des Indexes automatisch zu beheben.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description: Der Jet-Eigenschaftenspeicher kann von Windows Search nicht geöffnet werden.
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (05/26/2014 07:11:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows (3680) Windows: Fehler -1811 beim Öffnen von Protokolldatei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003FE.log.
System errors:
=============
Error: (05/26/2014 09:07:09 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 09:05:11 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 09:04:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 09:04:07 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 09:03:37 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 09:00:24 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 08:59:08 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 08:55:35 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 08:15:41 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Error: (05/26/2014 07:36:40 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet:
%%126
Microsoft Office Sessions:
=========================
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
4700
Error: (05/26/2014 07:11:16 PM) (Source: Windows Search Service) (EventID: 9000) (User: )
Description:
Details:
0x%08x (0xc0041800 - Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800))
Error: (05/26/2014 07:11:16 PM) (Source: ESENT) (EventID: 455) (User: )
Description: Windows3680Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS003FE.log-1811
==================== Memory info ===========================
Percentage of memory in use: 61%
Total physical RAM: 3036.27 MB
Available physical RAM: 1166.13 MB
Total Pagefile: 9178.55 MB
Available Pagefile: 7025.19 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.66 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.8 GB) (Free:100.94 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:1.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: BA193EFF)
Partition 1: (Active) - (Size=300 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=281 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=2 GB) - (Type=0C)
==================== End Of Log ============================
Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Montag, 26. Mai 2014 19:13
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : LAPTOPCHRISTIAN
Versionsinformationen:
BUILD.DAT : 14.0.4.642 57086 Bytes 09.05.2014 11:16:00
AVSCAN.EXE : 14.0.4.632 1030736 Bytes 22.05.2014 07:43:23
AVSCANRC.DLL : 14.0.4.620 62032 Bytes 22.05.2014 07:43:23
LUKE.DLL : 14.0.4.620 57936 Bytes 22.05.2014 07:43:41
AVSCPLR.DLL : 14.0.4.620 89680 Bytes 22.05.2014 07:43:24
AVREG.DLL : 14.0.4.632 261200 Bytes 22.05.2014 07:43:21
avlode.dll : 14.0.4.638 583760 Bytes 22.05.2014 07:43:21
avlode.rdf : 14.0.4.22 64276 Bytes 16.05.2014 11:15:51
VBASE000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 11:41:44
VBASE001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 19:21:23
VBASE002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 16:11:35
VBASE003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 05:11:03
VBASE004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 11:58:13
VBASE005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 18:57:32
VBASE006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 12:08:43
VBASE007.VDF : 7.11.145.136 2117120 Bytes 28.04.2014 14:32:51
VBASE008.VDF : 7.11.145.137 2048 Bytes 28.04.2014 14:32:51
VBASE009.VDF : 7.11.145.138 2048 Bytes 28.04.2014 14:32:51
VBASE010.VDF : 7.11.145.139 2048 Bytes 28.04.2014 14:32:51
VBASE011.VDF : 7.11.145.140 2048 Bytes 28.04.2014 14:32:51
VBASE012.VDF : 7.11.145.141 2048 Bytes 28.04.2014 14:32:51
VBASE013.VDF : 7.11.146.20 166912 Bytes 29.04.2014 18:53:31
VBASE014.VDF : 7.11.146.131 194048 Bytes 01.05.2014 06:53:34
VBASE015.VDF : 7.11.146.243 167936 Bytes 03.05.2014 06:53:34
VBASE016.VDF : 7.11.147.97 122368 Bytes 05.05.2014 12:53:31
VBASE017.VDF : 7.11.147.207 169472 Bytes 06.05.2014 17:13:45
VBASE018.VDF : 7.11.148.61 174080 Bytes 08.05.2014 05:12:29
VBASE019.VDF : 7.11.148.149 257024 Bytes 09.05.2014 19:33:26
VBASE020.VDF : 7.11.148.241 135168 Bytes 12.05.2014 08:43:39
VBASE021.VDF : 7.11.149.61 139264 Bytes 13.05.2014 11:21:31
VBASE022.VDF : 7.11.149.169 160256 Bytes 15.05.2014 08:06:26
VBASE023.VDF : 7.11.150.31 189440 Bytes 17.05.2014 14:11:23
VBASE024.VDF : 7.11.150.119 157696 Bytes 20.05.2014 11:37:03
VBASE025.VDF : 7.11.151.25 219648 Bytes 23.05.2014 07:12:03
VBASE026.VDF : 7.11.151.117 175104 Bytes 26.05.2014 14:08:20
VBASE027.VDF : 7.11.151.118 2048 Bytes 26.05.2014 14:08:20
VBASE028.VDF : 7.11.151.119 2048 Bytes 26.05.2014 14:08:20
VBASE029.VDF : 7.11.151.120 2048 Bytes 26.05.2014 14:08:20
VBASE030.VDF : 7.11.151.121 2048 Bytes 26.05.2014 14:08:20
VBASE031.VDF : 7.11.151.142 162816 Bytes 26.05.2014 14:08:20
Engineversion : 8.3.18.32
AEVDF.DLL : 8.3.0.4 118976 Bytes 20.03.2014 16:03:06
AESCRIPT.DLL : 8.1.4.204 528584 Bytes 16.05.2014 11:15:51
AESCN.DLL : 8.3.0.4 135360 Bytes 24.05.2014 07:12:02
AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 05:12:29
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 18:27:04
AEPACK.DLL : 8.4.0.24 778440 Bytes 14.05.2014 16:33:24
AEOFFICE.DLL : 8.3.0.4 205000 Bytes 17.04.2014 19:02:30
AEHEUR.DLL : 8.1.4.1084 6705352 Bytes 24.05.2014 07:12:02
AEHELP.DLL : 8.3.0.0 274808 Bytes 11.03.2014 18:12:05
AEGEN.DLL : 8.1.7.26 450752 Bytes 17.04.2014 19:02:30
AEEXP.DLL : 8.4.1.342 594120 Bytes 24.05.2014 07:12:02
AEEMU.DLL : 8.1.3.2 393587 Bytes 10.07.2012 12:41:47
AECORE.DLL : 8.3.0.6 241864 Bytes 19.03.2014 13:33:10
AEBB.DLL : 8.1.1.4 53619 Bytes 06.11.2012 09:12:33
AVWINLL.DLL : 14.0.4.620 24144 Bytes 22.05.2014 07:43:16
AVPREF.DLL : 14.0.4.632 50256 Bytes 22.05.2014 07:43:21
AVREP.DLL : 14.0.4.620 219216 Bytes 22.05.2014 07:43:22
AVARKT.DLL : 14.0.4.632 225872 Bytes 22.05.2014 07:43:17
AVEVTLOG.DLL : 14.0.4.620 182352 Bytes 22.05.2014 07:43:19
SQLITE3.DLL : 14.0.4.620 452176 Bytes 22.05.2014 07:43:44
AVSMTP.DLL : 14.0.4.620 76368 Bytes 22.05.2014 07:43:24
NETNT.DLL : 14.0.4.620 13392 Bytes 22.05.2014 07:43:41
RCIMAGE.DLL : 14.0.4.620 4979280 Bytes 22.05.2014 07:43:16
RCTEXT.DLL : 14.0.4.620 73808 Bytes 22.05.2014 07:43:16
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, E:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Montag, 26. Mai 2014 19:13
Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'HDD0(C:, E:)'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf nach versteckten Objekten wird begonnen.
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'CCleaner.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchFilterHost.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchProtocolHost.exe' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '116' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'vssvc.exe' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '93' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfupd.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '113' Modul(e) wurden durchsucht
Durchsuche Prozess 'BtStackServer.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPHelper.exe' - '17' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'CCC.exe' - '159' Modul(e) wurden durchsucht
Durchsuche Prozess 'iPodService.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'MOM.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEUPDT.EXE' - '45' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dropbox.exe' - '97' Modul(e) wurden durchsucht
Durchsuche Prozess 'WZQKPICK.EXE' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'PhAutoRun.exe' - '53' Modul(e) wurden durchsucht
Durchsuche Prozess 'NkMonitor.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'BTTray.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesPDLR.exe' - '67' Modul(e) wurden durchsucht
Durchsuche Prozess 'Kies.exe' - '94' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMERunner.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'LightScribeControlPanel.exe' - '37' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '114' Modul(e) wurden durchsucht
Durchsuche Prozess 'iprntlgn.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'iprntctl.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'CNSEMAIN.EXE' - '76' Modul(e) wurden durchsucht
Durchsuche Prozess 'BJMYPRT.EXE' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'KiesTrayAgent.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'ArcCon.ac' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'iTunesHelper.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACDaemon.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolCtrl.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '41' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '193' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskhost.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'TomTomHOMEService.exe' - '10' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'LSSrvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'iprntsrv.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'IJPLMSVC.EXE' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'btwdins.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'mDNSResponder.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'bgsvcgen.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'AppleMobileDeviceService.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '100' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'armsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'ACService.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '63' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '55' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '117' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '90' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'Hpservice.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'atieclxx.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '138' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '65' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '106' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'atiesrxx.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '36' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
C:\ProgramData\mjwsgqw.dat
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.80380
Die Registry wurde durchsucht ( '4957' Dateien ).
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
C:\ProgramData\mjwsgqw.dat
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.80380
Beginne mit der Suche in 'E:\' <HP_TOOLS>
Beginne mit der Desinfektion:
C:\ProgramData\mjwsgqw.dat
[FUND] Ist das Trojanische Pferd TR/Crypt.ZPACK.80380
[WARNUNG] Die Datei wurde ignoriert.
Ende des Suchlaufs: Montag, 26. Mai 2014 22:06
Benötigte Zeit: 2:53:03 Stunde(n)
Der Suchlauf wurde vollständig durchgeführt.
40143 Verzeichnisse wurden überprüft
964167 Dateien wurden geprüft
2 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
0 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
964165 Dateien ohne Befall
15746 Archive wurden durchsucht
1 Warnungen
0 Hinweise
1014490 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden
jetzt sind alle logs dabei, danke für die geduld. lg log files dabei so wieder online! lg bin morgen wieder online, wäre um jede hilfe dankbar! cy Geändert von EmZet (26.05.2014 um 21:07 Uhr) |
|
28.05.2014, 19:15
| #4 |
| /// the machine /// TB-Ausbilder | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.05.2014, 14:08
| #5 |
| | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden anbei das logfile: Code:
ATTFilter ComboFix 14-05-29.01 - Christian Harold 29.05.2014 14:45:28.1.2 - x86
ausgeführt von:: c:\users\Christian Harold\Desktop\ComboFix.exe
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\mjwsgqw.dat
c:\programdata\TheBflix
c:\programdata\TheBflix\background.html
c:\programdata\TheBflix\content.js
c:\programdata\TheBflix\hjakmojkcnhgipgkkbiempkfdndcnlah.crx
c:\programdata\TheBflix\settings.ini
c:\users\CHRIST~1\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Christian Harold\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll
c:\users\Public\AlexaNSISPlugin.9476.dll
c:\windows\IsUn0407.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-28 bis 2014-05-29 ))))))))))))))))))))))))))))))
.
.
2014-05-29 12:08 . 2014-05-29 12:08 62576 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF280B93-2079-4917-A798-73F17619C064}\offreg.dll
2014-05-29 12:04 . 2014-05-29 12:04 -------- d-----w- c:\program files\VS Revo Group
2014-05-26 19:02 . 2014-05-26 19:07 -------- d-----w- C:\FRST
2014-05-23 12:40 . 2014-04-30 23:37 8073384 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AF280B93-2079-4917-A798-73F17619C064}\mpengine.dll
2014-05-14 19:45 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-13 15:40 . 2014-05-15 08:04 -------- d-----w- c:\programdata\2992199F9A
2014-05-08 13:48 . 2014-05-08 13:48 227704 ----a-w- c:\program files\Internet Explorer\Plugins\nppdf32.dll
2014-05-07 05:34 . 2014-05-27 14:11 -------- d-----w- c:\users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-06 19:02 . 2014-05-15 07:58 -------- d-s---w- c:\windows\system32\CompatTel
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-26 17:12 . 2012-07-02 15:40 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 17:12 . 2012-07-02 15:40 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-22 07:43 . 2013-08-11 13:37 136216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-05-22 07:43 . 2013-08-11 13:37 93528 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-15 00:34 . 2014-04-15 00:34 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
2014-04-12 02:12 . 2014-05-14 18:44 15872 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:12 . 2014-05-14 18:44 100352 ----a-w- c:\windows\system32\sspicli.dll
2014-03-31 07:35 . 2013-09-28 12:32 231584 ------w- c:\windows\system32\MpSigStub.exe
2014-03-06 08:31 . 2014-04-11 13:01 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:02 . 2014-04-11 13:01 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:02 . 2014-04-11 13:01 455168 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:01 . 2014-04-11 13:00 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 07:46 . 2014-04-11 13:00 4254720 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 07:38 . 2014-04-11 13:01 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 07:38 . 2014-04-11 13:00 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 07:36 . 2014-04-11 13:00 592896 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 07:28 . 2014-04-11 13:00 646144 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 07:13 . 2014-04-11 13:01 32256 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 06:40 . 2014-04-11 13:00 1967104 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 05:41 . 2014-04-11 13:00 1789440 ----a-w- c:\windows\system32\wininet.dll
2014-03-04 09:17 . 2014-05-14 18:44 35328 ----a-w- c:\windows\system32\wincredprovider.dll
2014-03-04 09:17 . 2014-05-14 18:44 172032 ----a-w- c:\windows\system32\wdigest.dll
2014-03-04 09:17 . 2014-05-14 18:44 65536 ----a-w- c:\windows\system32\TSpkg.dll
2014-03-04 09:17 . 2014-05-14 18:44 304128 ----a-w- c:\windows\system32\winlogon.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Christian Harold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Christian Harold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Christian Harold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Christian Harold\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2013-11-14 20584608]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-06-17 2363392]
"TomTomHOME.exe"="c:\program files\TomTom HOME 2\TomTomHOMERunner.exe" [2010-05-07 247144]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-07-16 975800]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-07-16 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-07-27 288312]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2009-06-18 563736]
"WirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-30 1545512]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-14 644696]
"Easy-PrintToolBox"="c:\program files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 409600]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-06-07 421160]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-07-16 3524536]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2011-07-19 2567272]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2011-08-04 1637496]
"iPrint Tray"="c:\windows\system32\iprntctl.exe" [2013-12-13 69304]
"iPrint Event Monitor"="c:\windows\system32\iprntlgn.exe" [2013-12-13 73400]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-05-22 737872]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
Dropbox.lnk - c:\users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
LiNQ.lnk - c:\windows\System32\rundll32.exe QNiL.dll,work [2009-7-14 44544]
romqmq0h.lnk - c:\windows\System32\rundll32.exe c:\progra~2\299219~1\h0qmqmor.cpp,work [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-30 795936]
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
PHOTOfunSTUDIO HD Edition.lnk - c:\program files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe [2009-12-26 44176]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2009-4-3 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli iPrntWinCredMan
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2013-06-04 84248]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-03-06 108032]
R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2009-04-27 9216]
R3 NETw1v32;Intel(R) Wireless WiFi Link 1000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETw1v32.sys [2009-07-20 5958656]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-30 181344]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys [2013-02-12 15872]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-20 1343400]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2013-11-30 37352]
S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2013-12-13 42464]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 176128]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [2014-05-22 430160]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2009-07-08 26168]
S2 iprntsrv;Novell iPrint Service;c:\windows\system32\iprntsrv.exe [2013-12-13 57344]
S2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2009-06-18 635416]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-05-07 92008]
S2 yksvc;Marvell Yukon Service;c:\windows\System32\svchost.exe [2009-07-14 20992]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 NETw5s32;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 32-Bit;c:\windows\system32\DRIVERS\NETw5s32.sys [2010-01-13 6755840]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [2009-07-20 313856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
yksvcs REG_MULTI_SZ yksvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.at/
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}
IE: An OneNote s&enden - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Easy-WebPrint - Drucken - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint - Schnelldruck - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint - Vorschau - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Easy-WebPrint - Zu Druckliste hinzufügen - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.at/
FF - prefs.js: keyword.URL - hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q=
FF - ExtSQL: !HIDDEN! 2012-03-20 17:43; info@bflix.info; c:\users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\extensions\info@bflix.info
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{F2BC2878-7212-484E-9131-384D48B2C090} - (no file)
Toolbar-10 - (no file)
WebBrowser-{41564952-412D-5637-00A7-7A786E7484D7} - (no file)
HKCU-Run-mjwsgqw - c:\programdata\mjwsgqw.dat
HKCU-Run-wcwtuc - (no file)
HKCU-Run-hrdboot.exe - c:\users\Christian Harold\AppData\Roaming\Microsoft\hrdboot.exe
SafeBoot-Wdf01000.sys
AddRemove-Easy-WebPrint - c:\windows\IsUn0407.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5460)
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\System32\bgsvcgen.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\taskhost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\System32\regsvr32.exe
c:\windows\System32\regsvr32.exe
c:\users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\windows\System32\rundll32.exe
c:\windows\System32\rundll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe
c:\program files\Hewlett-Packard\Shared\hpqToaster.exe
c:\program files\Canon\Solution Menu EX\CNSEUPDT.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\avira\antivir desktop\ipmGui.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-29 15:06:06 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-29 13:06
.
Vor Suchlauf: 15 Verzeichnis(se), 108.490.158.080 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 108.497.469.440 Bytes frei
.
- - End Of File - - C31DD352531039BC784CE74B3452AD14
5C616939100B85E558DA92B899A0FC36
|
|
30.05.2014, 09:59
| #6 |
| /// the machine /// TB-Ausbilder | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> WIN 7 Crypt.ZPACK.80380 laut Avira gefunden |
|
30.05.2014, 15:48
| #7 |
| | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden hi: mbam.txt Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 30.05.2014 Suchlauf-Zeit: 15:48:31 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.05.30.06 Rootkit Datenbank: v2014.05.21.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Christian Harold Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 269168 Verstrichene Zeit: 16 Min, 56 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 51 PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\APPID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [f19dc592314a90a6acc9085ff80acf31], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{35C1605E-438B-4D64-AAB1-8885F097A9B1}, In Quarantäne, [f19dc592314a90a6acc9085ff80acf31], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [95f9f85fbac1cc6a820b006661a146ba], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4599D05A-D545-4069-BB42-5895B4EAE05B}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1231839B-064E-4788-B865-465A1B5266FD}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2DAC2231-CC35-482B-97C5-CED1D4185080}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{57C91446-8D81-4156-A70E-624551442DE9}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{97DD820D-2E20-40AD-B01E-6730B2FCE630}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B177446D-54A4-4869-BABC-8566110B4BE0}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F05B12E1-ADE8-4485-B45B-898748B53C37}, In Quarantäne, [2d610c4b13680a2ce4a877ef0af8b34d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{6E8BF012-2C85-4834-B10A-1B31AF173D70}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{706D4A4B-184A-4434-B331-296B07493D2D}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8BE10F21-185F-4CA0-B789-9921674C3993}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94C0B25D-3359-4B10-B227-F96A77DB773F}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B173667F-8395-4317-8DD6-45AD1FE00047}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B32672B3-F656-46E0-B584-FE61C0BB6037}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{BFE569F7-646C-4512-969B-9BE3E580D393}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C2996524-2187-441F-A398-CD6CB6B3D020}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E047E227-5342-4D94-80F7-CFB154BF55BD}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}, In Quarantäne, [a4eac790dd9ee353344298cf649e738d], PUP.Optional.Delta.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}, In Quarantäne, [fb93e671c4b764d22b567fe72dd50df3], PUP.Optional.SearchResults.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{377e5d4d-77e5-476a-8716-7e70a9272da0}, In Quarantäne, [bbd346110972d95dc97e37fae121837d], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}, In Quarantäne, [fc92ef682f4c300694e3fc6bf210c53b], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\esrv.deltaESrvc, In Quarantäne, [503eb0a7a2d96ec86176270cfc06748c], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\esrv.deltaESrvc.1, In Quarantäne, [a6e88ec9d6a5171fb42382b1c042946c], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc, In Quarantäne, [a5e9fd5a86f5270f62129acd738f7789], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\esrv.BabylonESrvc.1, In Quarantäne, [345aaaad1b6068ce482ca5c250b27a86], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltaHlpr, In Quarantäne, [6a24c4935b203bfb09839cc962a0659b], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltaHlpr.1, In Quarantäne, [e2ac0057c4b762d46e1e4c1923dfbd43], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltadskBnd, In Quarantäne, [424c3f184e2d71c579145015e1218977], PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\delta.deltadskBnd.1, In Quarantäne, [286647102556c96da8e5eb7a808251af], PUP.Optional.BabylonToolBar.A, HKLM\SOFTWARE\CLASSES\b, In Quarantäne, [6e2094c388f36dc970083631e81a5ca4], PUP.Optional.Babylon.A, HKLM\SOFTWARE\BabylonToolbar, In Quarantäne, [99f592c59ae1ce681107596a8380dc24], PUP.Optional.BabylonToolBar.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BabylonToolbar, Löschen bei Neustart, [fb935ef9097267cf96a1a81daf54e51b], PUP.Optional.AlexaTB.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DISTROMATIC\Toolbars, Löschen bei Neustart, [4f3fdd7acab1300650c626a2ef14a858], PUP.Optional.BProtector.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\bProtectSettings, Löschen bei Neustart, [543aa1b6314a033304b5685cbc47f40c], PUP.Optional.Softonic.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [7717ec6bc2b9cc6aa173cad04db57c84], PUP.BFlix, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{F2BC2878-7212-484E-9131-384D48B2C090}, Löschen bei Neustart, [721cb1a6047747efc703233d0ff536ca], PUP.BFlix, HKLM\SOFTWARE\CLASSES\bhoclass.BHO.bhoclass.BHO.5.0, In Quarantäne, [721cb1a6047747efc703233d0ff536ca], Registrierungswerte: 2 PUP.BProtector, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|bProtector Start Page, hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=4C63001E645DD4A2&affID=119557&tt=160913_m2&tsp=5014, Löschen bei Neustart, [c1cd89ceb6c50531ee744d74c73cf50b] PUP.BProtector, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|bProtectorDefaultScope, {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Löschen bei Neustart, [721c58ffcab11a1c92d1dbe64ab97e82] Registrierungsdaten: 5 PUP.Optional.HelperBar.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}),Löschen bei Neustart,[3559f2653b4094a2f426e17359ab55ab] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}),Löschen bei Neustart,[246aeb6ce29960d626ddf26c14f06a96] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}),Löschen bei Neustart,[b9d552051d5ede587aa1d77d0afa09f7] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}),Löschen bei Neustart,[59351d3afe7d1f1719ebfd61e81ce818] PUP.Optional.HelperBar.A, HKU\S-1-5-21-1928299361-3969093931-911318076-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q={searchTerms}),Löschen bei Neustart,[99f5cb8c641706308096a3b1986ce51b] Ordner: 0 (No malicious items detected) Dateien: 76 PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [4549c98ef98260d6f95e6fb455af31cf], PUP.Optional.BProtector.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\bProtector_extensions.sqlite, In Quarantäne, [8c029abdc2b94ceab2ca1888ce34d32d], PUP.Optional.BProtector.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\bProtector_prefs.js, In Quarantäne, [fa94f7601c5f221493ea851bcb37ce32], PUP.Optional.WebSearch.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\searchplugins\Web Search.xml, In Quarantäne, [830bd87f0675191df491cdd4cc3638c8], PUP.Optional.Searchqu.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}, In Quarantäne, [dfafa0b782f9f244a64cf1d0da2950b0], PUP.Optional.HelperBar.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2CGsbxlmGy0HMQpNJIQHdXEFNgT8HUTKqFc3s7UIEaLn-gbiEh31sbgEpGWSZw,,&q=");), Ersetzt,[454931269cdffe38cdd66426699b29d7] PUP.Optional.CrossRider.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1414a452cc07fb02e0cfb25e5af9a034");), Ersetzt,[127cbb9ce5967eb818ca2d5dc83ce61a] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[a6e8f2657605bc7a1ad81278ae56fd03] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.aflt", "babsst");), Ersetzt,[048ae077611a87afa151a8e2c143bd43] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.babExt", "");), Ersetzt,[98f6f067f18a8da931c14941768ea65a] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.babTrack", "affID=111361");), Ersetzt,[711d15427cff2e089161b9d1788cff01] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.bbDpng", 28);), Ersetzt,[deb04116740791a516dc8208d034ce32] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltLng", "en");), Ersetzt,[6529f2654833bf77bb37e7a3788cc739] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.dfltSrch", true);), Ersetzt,[ddb1e3746c0f8fa703ef3e4c13f18d73] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.hmpg", true);), Ersetzt,[d1bdbe997dfecd699f537c0e6d9756aa] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.id", "4c63584a000000000000001e645dd4a2");), Ersetzt,[17775106483384b220d2dcae43c155ab] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlDay", "15419");), Ersetzt,[6826c98e5d1e290d9f5372186d9711ef] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.instlRef", "sst");), Ersetzt,[6f1f2730cdaeb08623cf9febcb39f907] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111361&babsrc=KW_ss&mntrId=4c63584a000000000000001e645dd4a2&q=");), Ersetzt,[95f9ea6de09b5dd9c82a87037a8a9f61] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastDP", 28);), Ersetzt,[d5b944134734181e7d75cdbdf410f50b] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:44:03");), Ersetzt,[b5d9c1960972b08633bfdab0877d46ba] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "23.0");), Ersetzt,[1d71312627543afcb042503ad43034cc] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.newTab", true);), Ersetzt,[b4daf2658af1a096bf33a9e138ccb54b] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");), Ersetzt,[434baea94536da5c886a9af0b153b947] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.noFFXTlbr", false);), Ersetzt,[37574b0c8cef40f6b53d59311de7e31d] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");), Ersetzt,[8e0092c52e4da2942ec4e5a5bc48d62a] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.propectorlck", 118931556);), Ersetzt,[90fe9cbb93e846f0658d692143c1b24e] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtkDS", 1);), Ersetzt,[6c2266f1ee8db581c62cb7d36f9528d8] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtkHmpg", 1);), Ersetzt,[8b03b99e95e6360001f131596b9919e7] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.prtnrId", "babylon");), Ersetzt,[67272235d7a4f640f7fbdcaef60e2bd5] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.ptch_0717", true);), Ersetzt,[0f7fd18693e8a59116dc850517edc43c] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.smplGrp", "azb");), Ersetzt,[88064215f78494a27a78cbbf10f48878] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.srcExt", "ss");), Ersetzt,[008ea2b5681354e25c96c1c9af554db3] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.tlbrId", "base");), Ersetzt,[5935d97eb4c7132335bd602afb09748c] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");), Ersetzt,[5539471062196accfdf584060cf8a858] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:44:03");), Ersetzt,[721c8ec9720953e324cef09ad2329f61] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");), Ersetzt,[4f3fc0973e3d96a0a250c9c10ef6b947] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.aflt", "babsst");), Ersetzt,[127ce5723645fc3a6b875b2fdc28f50b] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babExt", "");), Ersetzt,[048ae86f91ea9c9ab939c3c7669ecc34] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111361");), Ersetzt,[bfcf292e91ea40f626cc9befb54fa25e] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.hardId", "4c63584a000000000000001e645dd4a2");), Ersetzt,[bbd377e0215a082eec06d6b40df76898] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.id", "4c63584a000000000000001e645dd4a2");), Ersetzt,[434b5cfb99e20036688abbcf70944ab6] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlDay", "15419");), Ersetzt,[731b75e2c2b9cc6a0de53b4f0ff511ef] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.instlRef", "sst");), Ersetzt,[f49aec6b7ffcc571eb07fe8cc2420cf4] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", false);), Ersetzt,[c6c84c0b3c3fcc6a9d5595f51ce818e8] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");), Ersetzt,[d0be9abda8d306303fb395f59f650ff1] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");), Ersetzt,[c7c7da7dfa813105faf8aedcf60e8e72] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.smplGrp", "none");), Ersetzt,[ef9fb2a512698aacf0023852d1336898] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.srcExt", "ss");), Ersetzt,[f49a68ef4b30f54131c1751514f0c838] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.tlbrId", "base");), Ersetzt,[ddb196c1c9b2989ee50dc0caea1a15eb] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");), Ersetzt,[246a4116c1ba90a6cc263555f410b848] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:44:03");), Ersetzt,[f995a3b46219b086708235555ca8a35d] PUP.Optional.Babylon.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");), Ersetzt,[b0dea7b0f784a5910ce6fc8e897ba35d] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[56387ddac9b21a1c55a47317dd27d927] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[dbb372e579028bab9465c9c1d034bd43] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[bed0d87f5e1d78be16e38ffbb54f847c] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[434b94c3bebd9b9b2acff09a61a3e818] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "de");), Ersetzt,[9ef03b1cc3b839fd7a7fd3b79c68936d] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[7816e7709ddef2446f8a2961a85cfb05] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[810d0f48413a57dfb346771334d0c63a] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "4c63584a000000000000001e645dd4a2");), Ersetzt,[bdd1f661d3a845f140b9444658acdc24] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15971");), Ersetzt,[315d4710dba0ff379f5a57335ea6768a] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[36584e091d5e7abc6e8b92f8788c09f7] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[bdd1e7701a61dd599d5cb1d964a03cc4] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[c9c50b4c314ab87e33c6424858aceb15] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[2569e275f3881521b44589017b898e72] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[711d8ec9423951e5bc3d3258768e17e9] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[692560f7ee8de74fae4bdcaedb2941bf] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[4f3f6dea8bf0f73f45b4622844c0db25] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[e3ab91c6b3c8003628d1aedc9c689b65] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Ersetzt,[eda13423a3d8d660f603e8a2a262d729] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.24.612:00:29");), Ersetzt,[5a345601cead4fe700f9fc8e3ec6ec14] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Ersetzt,[29655cfb2b50b185ce2b7c0ec73d4eb2] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babExt", "");), Ersetzt,[a9e516410774e551c435f99110f423dd] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.babTrack", "affID=119557&tt=160913_m2&tsp=5014");), Ersetzt,[b5d9f562b3c847ef25d48a007a8ac53b] PUP.Optional.Delta.A, C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta_i.srcExt", "ss");), Ersetzt,[4b431245cab1d75f33c6315920e47b85] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.211 - Bericht erstellt am 30/05/2014 um 16:24:03
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : Christian Harold - LAPTOPCHRISTIAN
# Gestartet von : C:\Users\Christian Harold\Downloads\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DSearchLink
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Program Files\BabylonToolbar
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Users\Christian Harold\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Christian Harold\AppData\LocalLow\DataMngr
Ordner Gelöscht : C:\Users\Christian Harold\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Christian Harold\AppData\LocalLow\TheBflix
Ordner Gelöscht : C:\Users\Christian Harold\AppData\Roaming\BabSolution
Ordner Gelöscht : C:\Users\Christian Harold\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Christian Harold\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Christian Harold\AppData\Roaming\YourFileDownloader
Ordner Gelöscht : C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Datei Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}
Datei Gelöscht : C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Program Files\Mozilla Firefox\browser\searchplugins\Ask.xml
Datei Gelöscht : C:\windows\System32\Tasks\LaunchApp
Datei Gelöscht : C:\windows\System32\Tasks\YourFile DownloaderUpdate
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{661F6C1B-2909-4AEB-B032-97C7EC5B3140}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{661F6C1B-2909-4AEB-B032-97C7EC5B3140}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{87852A1F-7ED9-4C1A-A00D-876E95F72D3D}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{87852A1F-7ED9-4C1A-A00D-876E95F72D3D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\toolband.useroptions.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyPC Backup_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5f55d8dab134e810
Schlüssel Gelöscht : HKLM\SOFTWARE\5f55d8dab134e810
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_samsung-kies_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{0B79C149-3B19-40DE-92BF-1A3AD9C1DA9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{229C56BB-A36A-4323-8C82-B136DF45697D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{33E2B3CB-322E-4CBE-89F2-C06F5A35DB46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{51080E66-F357-4F2A-9BFC-2456695883B5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{537AD3CF-DE2B-4A1C-8279-C946B7E490D4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5BF7365D-25FF-40F3-8DEE-06ABEDF177CC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A10A1344-B533-4C9E-BE4E-4C5BC4953047}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA94BCE1-7E60-422D-9E7D-B853BC03FE78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BDCE611F-FDAA-4B10-A8E8-220A7897A69F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D0F1E414-1FAE-466C-B122-DE735B7BFF9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E458510C-1DD5-4A05-8C4C-53BEF69C05E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BBA74401-6D6F-4BBD-9F65-E8623814F3BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2F39980-399F-492E-8D88-5FF7CCB3B47F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2CF0D01-7657-48AA-98C9-AE5E64757FCC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\iLividSRTB
Schlüssel Gelöscht : HKLM\Software\InstalledThirdPartyPrograms
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\YourFileDownloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - :
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default\prefs.js ]
Zeile gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
Zeile gelöscht : user_pref("extensions.3499ur3ur4hfsudfs.scode", "(function(){try{if('aol.com,mail.google.com,mystart.incredibar.com,premiumreports.info,search.babylon.com,search.funmoods.com,search.gboxapp.com,search[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.babTrack", "affID=111361");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 28);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hmpg", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "4c63584a000000000000001e645dd4a2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15419");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111361&babsrc=KW_ss&mntrId=4c63584a000000000000001e645dd4a2&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 28);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1717:44:03");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "23.0");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTab", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.propectorlck", 118931556);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1717:44:03");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111361");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.hardId", "4c63584a000000000000001e645dd4a2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.id", "4c63584a000000000000001e645dd4a2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlDay", "15419");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:44:03");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.babylon.com/?affID=111361&babsrc=KW_ss&mntrId=4c63584a000000000000001e645dd4a2&q=");
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1414a452cc07fb02e0cfb25e5af9a034");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "4c63584a000000000000001e645dd4a2");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15971");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.612:00:29");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=119557&tt=160913_m2&tsp=5014");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.enabledItems", "{b8320f56-59fe-380a-9df9-98eb57879629}:1.0,ffxtlbr@babylon.com:1.2.0,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18");
Zeile gelöscht : user_pref("extensions.helperbar.BackPageActive", true);
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 11);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1394349973228");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "769");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "at");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "quickobrw");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/i.linkuryjs.info\\\\\\/kury\\\\\\[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "true");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "b8320f56-59fe-380a-9df9-98eb57879629");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "23/09/2013");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1394522766");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1397997641304");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "quickobrw");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?p=mKO_AwFzXIpYRZtakQ4j8nRC9pSLLJR98GAGvZ--sx9HMMckaq-YAVaKiMC-AT0Yqxk48PhzU_MliLxjG_pKw-KXE5zgxRLeCcL8Wuu4P6eZ6EEoSVk9s8h5Fm0MvU2z-HTeV0ECks8hjeIb2[...]
*************************
AdwCleaner[R0].txt - [20104 octets] - [30/05/2014 16:18:25]
AdwCleaner[S0].txt - [20083 octets] - [30/05/2014 16:24:03]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20144 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Professional x86
Ran by Christian Harold on 30.05.2014 at 16:36:03,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1928299361-3969093931-911318076-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup (1)_RASMANCS
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
~~~ FireFox
Successfully deleted: [File] C:\user.js
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\info@bflix.info
Emptied folder: C:\Users\Christian Harold\AppData\Roaming\mozilla\firefox\profiles\yodyg31q.default\minidumps [20 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30.05.2014 at 16:39:42,49
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Christian Harold (administrator) on LAPTOPCHRISTIAN on 30-05-2014 16:43:38
Running from C:\Users\Christian Harold\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
() C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Panasonic Corporation) C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Dropbox, Inc.) C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [iPrint Tray] => C:\windows\system32\iprntctl.exe [69304 2013-12-13] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\windows\system32\iprntlgn.exe [73400 2013-12-13] (Novell, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [Skype] => C:\Program Files\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144 2010-05-07] (TomTom)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [975800 2012-07-16] (Samsung)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LiNQ.lnk
ShortcutTarget: LiNQ.lnk -> QNiL.dll,work (No File)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\romqmq0h.lnk
ShortcutTarget: romqmq0h.lnk -> C:\PROGRA~2\299219~1\h0qmqmor.cpp (No File)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF ProfilePath: C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint - C:\windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 iprntsrv; C:\windows\system32\iprntsrv.exe [57344 2013-12-13] (Novell, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 cdrbsdrv; C:\windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 NETw1v32; C:\windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-21] (Intel Corporation)
R1 nipplpt2; C:\windows\system32\drivers\nipplpt.sys [42464 2013-12-13] ()
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-30 16:39 - 2014-05-30 16:39 - 00001481 _____ () C:\Users\Christian Harold\Desktop\JRT.txt
2014-05-30 16:32 - 2014-05-30 16:32 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 16:27 - 2014-05-30 16:27 - 00020225 _____ () C:\Users\Christian Harold\Desktop\AdwCleaner[S0].txt
2014-05-30 16:18 - 2014-05-30 16:24 - 00000000 ____D () C:\AdwCleaner
2014-05-30 16:17 - 2014-05-30 16:17 - 00031673 _____ () C:\Users\Christian Harold\Desktop\mbam.txt
2014-05-30 15:47 - 2014-05-30 16:15 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-30 15:47 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-30 15:47 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-30 15:47 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-30 15:46 - 2014-05-30 15:46 - 01327971 _____ () C:\Users\Christian Harold\Downloads\adwcleaner_3.211.exe
2014-05-30 15:46 - 2014-05-30 15:46 - 01016261 _____ (Thisisu) C:\Users\Christian Harold\Downloads\JRT.exe
2014-05-30 15:45 - 2014-05-30 15:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christian Harold\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 15:06 - 2014-05-29 15:06 - 00021319 _____ () C:\ComboFix.txt
2014-05-29 14:57 - 2014-05-30 16:24 - 00003830 _____ () C:\windows\PFRO.log
2014-05-29 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-29 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-29 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-29 14:41 - 2014-05-29 15:06 - 00000000 ____D () C:\Qoobox
2014-05-29 14:41 - 2014-05-29 15:04 - 00000000 ____D () C:\windows\erdnt
2014-05-29 14:18 - 2014-05-29 14:19 - 05203398 ____R (Swearware) C:\Users\Christian Harold\Desktop\ComboFix.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian Harold\Downloads\revosetup95.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 00001222 _____ () C:\Users\Christian Harold\Desktop\Revo Uninstaller.lnk
2014-05-29 14:04 - 2014-05-29 14:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 21:54 - 2014-05-26 21:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-26 21:03 - 2014-05-26 21:07 - 00037380 _____ () C:\Users\Christian Harold\Downloads\Addition.txt
2014-05-26 21:02 - 2014-05-30 16:43 - 00017191 _____ () C:\Users\Christian Harold\Downloads\FRST.txt
2014-05-26 21:02 - 2014-05-30 16:43 - 00000000 ____D () C:\FRST
2014-05-26 21:01 - 2014-05-26 21:01 - 01056256 _____ (Farbar) C:\Users\Christian Harold\Downloads\FRST.exe
2014-05-26 19:10 - 2014-05-30 16:34 - 00000650 _____ () C:\windows\setupact.log
2014-05-26 19:10 - 2014-05-26 19:10 - 00000000 _____ () C:\windows\setuperr.log
2014-05-26 13:54 - 2014-05-26 13:54 - 13825649 _____ () C:\Users\Christian Harold\Downloads\Papierherstellung.zip
2014-05-22 09:53 - 2014-05-22 09:53 - 00052332 _____ () C:\Users\Christian Harold\Downloads\Prüfungseinteilung2014.xlsx
2014-05-22 09:39 - 2014-05-22 13:11 - 00012693 ____H () C:\Users\Christian Harold\AppData\Roaming\telekom.html
2014-05-20 15:50 - 2014-05-20 15:50 - 00057518 _____ () C:\Users\Christian Harold\Downloads\DSC_8358.jpeg
2014-05-14 21:55 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:45 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-14 21:45 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-14 21:45 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-14 20:44 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-14 20:44 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-14 20:44 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:44 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-14 20:44 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-14 20:44 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-14 20:44 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-14 20:44 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-14 20:44 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-14 20:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-14 20:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-05-14 20:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-14 20:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-14 20:44 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-14 08:22 - 2014-05-30 16:33 - 00975577 _____ () C:\windows\WindowsUpdate.log
2014-05-13 17:40 - 2014-05-15 10:04 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-08 11:28 - 2014-05-08 11:28 - 00027136 _____ () C:\Users\Christian Harold\Downloads\CLIL_Leerformular 2013-14.xls
2014-05-07 07:34 - 2014-05-30 16:35 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-06 21:02 - 2014-05-15 09:58 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-04-30 10:28 - 2014-04-30 11:20 - 00000000 ____D () C:\Users\Christian Harold\Documents\Semianr _ Litti _Steyr
==================== One Month Modified Files and Folders =======
2014-05-30 16:43 - 2014-05-26 21:02 - 00017191 _____ () C:\Users\Christian Harold\Downloads\FRST.txt
2014-05-30 16:43 - 2014-05-26 21:02 - 00000000 ____D () C:\FRST
2014-05-30 16:42 - 2009-07-14 06:34 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-30 16:42 - 2009-07-14 06:34 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-30 16:39 - 2014-05-30 16:39 - 00001481 _____ () C:\Users\Christian Harold\Desktop\JRT.txt
2014-05-30 16:38 - 2014-05-14 08:22 - 00975577 _____ () C:\windows\WindowsUpdate.log
2014-05-30 16:35 - 2014-05-07 07:34 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-30 16:35 - 2012-09-17 17:58 - 00000000 ___RD () C:\Users\Christian Harold\Dropbox
2014-05-30 16:35 - 2012-09-17 17:56 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\Dropbox
2014-05-30 16:34 - 2014-05-26 19:10 - 00000650 _____ () C:\windows\setupact.log
2014-05-30 16:34 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-30 16:32 - 2014-05-30 16:32 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 16:27 - 2014-05-30 16:27 - 00020225 _____ () C:\Users\Christian Harold\Desktop\AdwCleaner[S0].txt
2014-05-30 16:24 - 2014-05-30 16:18 - 00000000 ____D () C:\AdwCleaner
2014-05-30 16:24 - 2014-05-29 14:57 - 00003830 _____ () C:\windows\PFRO.log
2014-05-30 16:17 - 2014-05-30 16:17 - 00031673 _____ () C:\Users\Christian Harold\Desktop\mbam.txt
2014-05-30 16:15 - 2014-05-30 15:47 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 16:09 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Help
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-30 15:46 - 2014-05-30 15:46 - 01327971 _____ () C:\Users\Christian Harold\Downloads\adwcleaner_3.211.exe
2014-05-30 15:46 - 2014-05-30 15:46 - 01016261 _____ (Thisisu) C:\Users\Christian Harold\Downloads\JRT.exe
2014-05-30 15:45 - 2014-05-30 15:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christian Harold\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 15:06 - 2014-05-29 15:06 - 00021319 _____ () C:\ComboFix.txt
2014-05-29 15:06 - 2014-05-29 14:41 - 00000000 ____D () C:\Qoobox
2014-05-29 15:06 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-29 15:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-29 15:04 - 2014-05-29 14:41 - 00000000 ____D () C:\windows\erdnt
2014-05-29 14:59 - 2009-09-17 05:53 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-29 14:59 - 2009-07-14 04:04 - 00000215 _____ () C:\windows\system.ini
2014-05-29 14:57 - 2013-01-15 17:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-29 14:19 - 2014-05-29 14:18 - 05203398 ____R (Swearware) C:\Users\Christian Harold\Desktop\ComboFix.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian Harold\Downloads\revosetup95.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 00001222 _____ () C:\Users\Christian Harold\Desktop\Revo Uninstaller.lnk
2014-05-29 14:04 - 2014-05-29 14:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 21:54 - 2014-05-26 21:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-26 21:07 - 2014-05-26 21:03 - 00037380 _____ () C:\Users\Christian Harold\Downloads\Addition.txt
2014-05-26 21:01 - 2014-05-26 21:01 - 01056256 _____ (Farbar) C:\Users\Christian Harold\Downloads\FRST.exe
2014-05-26 19:12 - 2012-07-02 17:40 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-05-26 19:12 - 2012-07-02 17:40 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 19:10 - 2014-05-26 19:10 - 00000000 _____ () C:\windows\setuperr.log
2014-05-26 17:56 - 2013-05-07 13:09 - 00000000 ____D () C:\NDPS
2014-05-26 16:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-05-26 13:54 - 2014-05-26 13:54 - 13825649 _____ () C:\Users\Christian Harold\Downloads\Papierherstellung.zip
2014-05-25 15:39 - 2009-11-18 16:26 - 00000000 ___RD () C:\Users\Christian Harold\Documents\Christian
2014-05-25 14:59 - 2012-09-17 17:58 - 00001057 _____ () C:\Users\Christian Harold\Desktop\Dropbox.lnk
2014-05-25 14:59 - 2012-09-17 17:56 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 13:11 - 2014-05-22 09:39 - 00012693 ____H () C:\Users\Christian Harold\AppData\Roaming\telekom.html
2014-05-22 09:53 - 2014-05-22 09:53 - 00052332 _____ () C:\Users\Christian Harold\Downloads\Prüfungseinteilung2014.xlsx
2014-05-22 09:43 - 2013-08-11 15:37 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-22 09:43 - 2013-08-11 15:37 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-20 15:50 - 2014-05-20 15:50 - 00057518 _____ () C:\Users\Christian Harold\Downloads\DSC_8358.jpeg
2014-05-19 10:16 - 2009-11-18 15:20 - 00000000 ____D () C:\Users\Christian Harold\AppData\Local\VirtualStore
2014-05-15 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-05-15 10:04 - 2014-05-13 17:40 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 09:58 - 2014-05-06 21:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 09:58 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-05-14 21:57 - 2009-09-17 05:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 21:55 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:54 - 2013-08-15 18:07 - 00000000 ____D () C:\windows\system32\MRT
2014-05-14 21:50 - 2010-08-12 16:42 - 90547776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-14 18:33 - 2013-09-28 14:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 15:47 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 15:47 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-30 15:47 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-05-09 09:06 - 2014-05-14 20:44 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:44 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 16:00 - 2009-11-18 20:56 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-08 11:28 - 2014-05-08 11:28 - 00027136 _____ () C:\Users\Christian Harold\Downloads\CLIL_Leerformular 2013-14.xls
2014-05-06 05:25 - 2014-05-14 21:45 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 21:45 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 21:45 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 11:05 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-30 11:20 - 2014-04-30 10:28 - 00000000 ____D () C:\Users\Christian Harold\Documents\Semianr _ Litti _Steyr
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
Some content of TEMP:
====================
C:\Users\Christian Harold\AppData\Local\temp\avgnt.exe
C:\Users\Christian Harold\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpyvzave.dll
C:\Users\Christian Harold\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe
[2014-05-14 20:44] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 16:00
==================== End Of Log ============================
|
|
31.05.2014, 15:07
| #8 |
| /// the machine /// TB-Ausbilder | WIN 7 Crypt.ZPACK.80380 laut Avira gefundenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.05.2014, 21:09
| #9 |
| | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden ESET Scan Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=631800f15d28e4458d1f13085fb30035
# engine=18492
# end=stopped
# remove_checked=false
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-31 05:34:29
# local_time=2014-05-31 07:34:29 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 171160 108791799 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 99434 153188860 0 0
# scanned=87813
# found=0
# cleaned=0
# scan_time=1430
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=631800f15d28e4458d1f13085fb30035
# engine=18492
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-31 07:56:41
# local_time=2014-05-31 09:56:41 (+0100, Mitteleuropäische Sommerzeit)
# country="Austria"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 10070 108800331 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 107966 153197392 0 0
# scanned=327027
# found=2
# cleaned=0
# scan_time=8373
sh=BC208A21E0D3BA541667D68310025523953F6924 ft=1 fh=a31b11a27f9c8b31 vn="Variante von Win32/Kryptik.CDAF Trojaner" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\mjwsgqw.dat.vir"
sh=69C836AD8CDDC9653E31853CA34B936691B86465 ft=1 fh=8e5b6614be7c0772 vn="Variante von Win32/Kryptik.CCUZ Trojaner" ac=I fn="C:\Users\Christian Harold\AppData\Local\VirtualStore\ProgramData\mjwsgqw.dat"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x86 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
CCleaner
Adobe Flash Player 11.8.800.168 Flash Player out of Date!
Adobe Reader XI
Mozilla Firefox (29.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
windows defender MpCmdRun.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014 02
Ran by Christian Harold (administrator) on LAPTOPCHRISTIAN on 31-05-2014 22:04:39
Running from C:\Users\Christian Harold\Downloads
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(LSI Corporation) C:\Program Files\LSI SoftModem\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(B.H.A Corporation) C:\Windows\System32\bgsvcgen.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files\Canon\IJPLM\ijplmsvc.exe
(Novell, Inc.) C:\Windows\System32\iprntsrv.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LSSrvc.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(ArcSoft Inc.) C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
(Novell, Inc.) C:\Windows\System32\iprntctl.exe
(Novell, Inc.) C:\Windows\System32\iprntlgn.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(TomTom) C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Nikon Corporation) C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
(Panasonic Corporation) C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe
(WinZip Computing, S.L.) C:\Program Files\WinZip\WZQKPICK.EXE
(Dropbox, Inc.) C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe
(CANON INC.) C:\Program Files\Canon\Solution Menu EX\CNSEUPDT.EXE
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [288312 2009-07-28] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-08-25] (Intel Corporation)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [563736 2009-06-18] (PDF Complete Inc)
HKLM\...\Run: [WirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1545512 2009-07-30] (Synaptics Incorporated)
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [98304 2009-08-04] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1314816 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [644696 2007-05-14] (CANON INC.)
HKLM\...\Run: [Easy-PrintToolBox] => C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE [409600 2004-01-14] (CANON INC.)
HKLM\...\Run: [ArcSoft Connection Service] => C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM\...\Run: [AppleSyncNotifier] => C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [58656 2011-04-20] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [421160 2011-06-07] (Apple Inc.)
HKLM\...\Run: [KiesTrayAgent] => C:\Program Files\Samsung\Kies\KiesTrayAgent.exe [3524536 2012-07-16] (Samsung Electronics Co., Ltd.)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-10-11] (Apple Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2567272 2011-07-19] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenuEx] => C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE [1637496 2011-08-04] (CANON INC.)
HKLM\...\Run: [iPrint Tray] => C:\windows\system32\iprntctl.exe [69304 2013-12-13] (Novell, Inc.)
HKLM\...\Run: [iPrint Event Monitor] => C:\windows\system32\iprntlgn.exe [73400 2013-12-13] (Novell, Inc.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [737872 2014-05-22] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [Skype] => C:\Program Files\Skype\\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-06-17] (Hewlett-Packard Company)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [TomTomHOME.exe] => C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [247144 2010-05-07] (TomTom)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [KiesPreload] => C:\Program Files\Samsung\Kies\Kies.exe [975800 2012-07-16] (Samsung)
HKU\S-1-5-21-1928299361-3969093931-911318076-1001\...\Run: [KiesPDLR] => C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [21432 2012-07-16] ()
Lsa: [Notification Packages] scecli iPrntWinCredMan
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Nikon Monitor.lnk
ShortcutTarget: Nikon Monitor.lnk -> C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO HD Edition.lnk
ShortcutTarget: PHOTOfunSTUDIO HD Edition.lnk -> C:\Program Files\Panasonic\PHOTOfunSTUDIO\PhAutoRun.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
ShortcutTarget: WinZip Quick Pick.lnk -> C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Christian Harold\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - No Name - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No File
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 06 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.43.1
FireFox:
========
FF ProfilePath: C:\Users\Christian Harold\AppData\Roaming\Mozilla\Firefox\Profiles\yodyg31q.default
FF NewTab: about:blank
FF SearchEngineOrder.1: Amazon
FF Homepage: hxxp://www.google.at/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @novell.com/iPrint - C:\windows\system32 ()
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll (Foxit Software Company)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
========================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AgereModemAudio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [14336 2009-07-27] (LSI Corporation)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-05-22] (Avira Operations GmbH & Co. KG)
R2 bgsvcgen; C:\Windows\System32\bgsvcgen.exe [145504 2007-06-15] (B.H.A Corporation)
R2 HP Health Check Service; C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [124928 2009-07-10] (Hewlett-Packard)
R2 IJPLMSVC; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [140456 2011-09-06] ()
R2 iprntsrv; C:\windows\system32\iprntsrv.exe [57344 2013-12-13] (Novell, Inc.)
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [635416 2009-06-18] (PDF Complete Inc)
R2 yksvc; C:\windows\System32\yk62x86.dll [282624 2009-07-20] (Marvell)
==================== Drivers (Whitelisted) ====================
R3 Afc; C:\windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [93528 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [136216 2014-05-22] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-30] (Avira Operations GmbH & Co. KG)
R1 cdrbsdrv; C:\windows\system32\Drivers\cdrbsdrv.sys [33408 2006-02-20] (B.H.A Corporation)
S3 MfeAVFK; C:\windows\System32\drivers\MfeAVFK.sys [79816 2009-05-16] (McAfee, Inc.)
S3 MfeBOPK; C:\windows\System32\drivers\MfeBOPK.sys [35272 2009-05-16] (McAfee, Inc.)
R1 mfehidk; C:\windows\System32\drivers\mfehidk.sys [214024 2009-05-16] (McAfee, Inc.)
S3 MfeRKDK; C:\windows\System32\drivers\MfeRKDK.sys [34248 2009-05-16] (McAfee, Inc.)
R1 mfetdik; C:\windows\System32\drivers\mfetdik.sys [55336 2009-05-16] (McAfee, Inc.)
S3 NETw1v32; C:\windows\System32\DRIVERS\NETw1v32.sys [5958656 2009-07-21] (Intel Corporation)
R1 nipplpt2; C:\windows\system32\drivers\nipplpt.sys [42464 2013-12-13] ()
R3 SNP2UVC; C:\windows\System32\DRIVERS\snp2uvc.sys [1765168 2009-07-02] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2013-08-11] (Avira GmbH)
S3 usbrndis6; C:\windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-31 22:04 - 2014-05-31 22:04 - 00000846 _____ () C:\Users\Christian Harold\Desktop\checkup.txt
2014-05-31 19:37 - 2014-05-31 19:06 - 00854367 _____ () C:\Users\Christian Harold\Desktop\SecurityCheck.exe
2014-05-31 19:06 - 2014-05-31 19:06 - 02347384 _____ (ESET) C:\Users\Christian Harold\Downloads\esetsmartinstaller_deu.exe
2014-05-31 19:06 - 2014-05-31 19:06 - 00854367 _____ () C:\Users\Christian Harold\Downloads\SecurityCheck.exe
2014-05-30 16:32 - 2014-05-30 16:32 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 16:18 - 2014-05-30 16:24 - 00000000 ____D () C:\AdwCleaner
2014-05-30 15:47 - 2014-05-30 16:15 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-30 15:47 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-30 15:47 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-30 15:47 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-30 15:46 - 2014-05-30 15:46 - 01327971 _____ () C:\Users\Christian Harold\Downloads\adwcleaner_3.211.exe
2014-05-30 15:46 - 2014-05-30 15:46 - 01016261 _____ (Thisisu) C:\Users\Christian Harold\Downloads\JRT.exe
2014-05-30 15:45 - 2014-05-30 15:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christian Harold\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 15:06 - 2014-05-29 15:06 - 00021319 _____ () C:\ComboFix.txt
2014-05-29 14:57 - 2014-05-30 16:24 - 00003830 _____ () C:\windows\PFRO.log
2014-05-29 14:42 - 2011-06-26 08:45 - 00256000 _____ () C:\windows\PEV.exe
2014-05-29 14:42 - 2010-11-07 19:20 - 00208896 _____ () C:\windows\MBR.exe
2014-05-29 14:42 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00098816 _____ () C:\windows\sed.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00080412 _____ () C:\windows\grep.exe
2014-05-29 14:42 - 2000-08-31 02:00 - 00068096 _____ () C:\windows\zip.exe
2014-05-29 14:41 - 2014-05-29 15:06 - 00000000 ____D () C:\Qoobox
2014-05-29 14:41 - 2014-05-29 15:04 - 00000000 ____D () C:\windows\erdnt
2014-05-29 14:18 - 2014-05-29 14:19 - 05203398 ____R (Swearware) C:\Users\Christian Harold\Desktop\ComboFix.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian Harold\Downloads\revosetup95.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 00001222 _____ () C:\Users\Christian Harold\Desktop\Revo Uninstaller.lnk
2014-05-29 14:04 - 2014-05-29 14:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 21:54 - 2014-05-26 21:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-26 21:03 - 2014-05-26 21:07 - 00037380 _____ () C:\Users\Christian Harold\Downloads\Addition.txt
2014-05-26 21:02 - 2014-05-31 22:04 - 00016858 _____ () C:\Users\Christian Harold\Downloads\FRST.txt
2014-05-26 21:02 - 2014-05-31 22:04 - 00000000 ____D () C:\FRST
2014-05-26 21:01 - 2014-05-26 21:01 - 01056256 _____ (Farbar) C:\Users\Christian Harold\Downloads\FRST.exe
2014-05-26 19:10 - 2014-05-31 21:34 - 00000874 _____ () C:\windows\setupact.log
2014-05-26 19:10 - 2014-05-26 19:10 - 00000000 _____ () C:\windows\setuperr.log
2014-05-26 13:54 - 2014-05-26 13:54 - 13825649 _____ () C:\Users\Christian Harold\Downloads\Papierherstellung.zip
2014-05-22 09:53 - 2014-05-22 09:53 - 00052332 _____ () C:\Users\Christian Harold\Downloads\Prüfungseinteilung2014.xlsx
2014-05-22 09:39 - 2014-05-22 13:11 - 00012693 ____H () C:\Users\Christian Harold\AppData\Roaming\telekom.html
2014-05-20 15:50 - 2014-05-20 15:50 - 00057518 _____ () C:\Users\Christian Harold\Downloads\DSC_8358.jpeg
2014-05-14 21:55 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:45 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-14 21:45 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-14 21:45 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-14 20:44 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-14 20:44 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-14 20:44 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-14 20:44 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-14 20:44 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-14 20:44 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-14 20:44 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-14 20:44 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-14 20:44 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-14 20:44 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-14 20:44 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-05-14 20:44 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-14 20:44 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-14 20:44 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-14 20:44 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-14 08:22 - 2014-05-31 21:35 - 01000607 _____ () C:\windows\WindowsUpdate.log
2014-05-13 17:40 - 2014-05-15 10:04 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-08 11:28 - 2014-05-08 11:28 - 00027136 _____ () C:\Users\Christian Harold\Downloads\CLIL_Leerformular 2013-14.xls
2014-05-07 07:34 - 2014-05-31 19:04 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-06 21:02 - 2014-05-15 09:58 - 00000000 ___SD () C:\windows\system32\CompatTel
==================== One Month Modified Files and Folders =======
2014-05-31 22:04 - 2014-05-31 22:04 - 00000846 _____ () C:\Users\Christian Harold\Desktop\checkup.txt
2014-05-31 22:04 - 2014-05-26 21:02 - 00016858 _____ () C:\Users\Christian Harold\Downloads\FRST.txt
2014-05-31 22:04 - 2014-05-26 21:02 - 00000000 ____D () C:\FRST
2014-05-31 21:35 - 2014-05-14 08:22 - 01000607 _____ () C:\windows\WindowsUpdate.log
2014-05-31 21:34 - 2014-05-26 19:10 - 00000874 _____ () C:\windows\setupact.log
2014-05-31 19:11 - 2009-07-14 06:34 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-31 19:11 - 2009-07-14 06:34 - 00020944 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-31 19:06 - 2014-05-31 19:37 - 00854367 _____ () C:\Users\Christian Harold\Desktop\SecurityCheck.exe
2014-05-31 19:06 - 2014-05-31 19:06 - 02347384 _____ (ESET) C:\Users\Christian Harold\Downloads\esetsmartinstaller_deu.exe
2014-05-31 19:06 - 2014-05-31 19:06 - 00854367 _____ () C:\Users\Christian Harold\Downloads\SecurityCheck.exe
2014-05-31 19:05 - 2012-09-17 17:58 - 00000000 ___RD () C:\Users\Christian Harold\Dropbox
2014-05-31 19:05 - 2012-09-17 17:56 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\Dropbox
2014-05-31 19:04 - 2014-05-07 07:34 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\DropboxMaster
2014-05-31 19:03 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-30 16:32 - 2014-05-30 16:32 - 00000000 ____D () C:\windows\ERUNT
2014-05-30 16:24 - 2014-05-30 16:18 - 00000000 ____D () C:\AdwCleaner
2014-05-30 16:24 - 2014-05-29 14:57 - 00003830 _____ () C:\windows\PFRO.log
2014-05-30 16:15 - 2014-05-30 15:47 - 00110296 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 16:09 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Help
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-30 15:47 - 2014-05-30 15:47 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-05-30 15:46 - 2014-05-30 15:46 - 01327971 _____ () C:\Users\Christian Harold\Downloads\adwcleaner_3.211.exe
2014-05-30 15:46 - 2014-05-30 15:46 - 01016261 _____ (Thisisu) C:\Users\Christian Harold\Downloads\JRT.exe
2014-05-30 15:45 - 2014-05-30 15:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Christian Harold\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-29 15:06 - 2014-05-29 15:06 - 00021319 _____ () C:\ComboFix.txt
2014-05-29 15:06 - 2014-05-29 14:41 - 00000000 ____D () C:\Qoobox
2014-05-29 15:06 - 2009-07-14 04:37 - 00000000 __RHD () C:\Users\Default
2014-05-29 15:06 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-05-29 15:04 - 2014-05-29 14:41 - 00000000 ____D () C:\windows\erdnt
2014-05-29 14:59 - 2009-09-17 05:53 - 00000000 ____D () C:\ProgramData\PDFC
2014-05-29 14:59 - 2009-07-14 04:04 - 00000215 _____ () C:\windows\system.ini
2014-05-29 14:57 - 2013-01-15 17:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-29 14:19 - 2014-05-29 14:18 - 05203398 ____R (Swearware) C:\Users\Christian Harold\Desktop\ComboFix.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Christian Harold\Downloads\revosetup95.exe
2014-05-29 14:04 - 2014-05-29 14:04 - 00001222 _____ () C:\Users\Christian Harold\Desktop\Revo Uninstaller.lnk
2014-05-29 14:04 - 2014-05-29 14:04 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-05-26 21:54 - 2014-05-26 21:54 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-26 21:07 - 2014-05-26 21:03 - 00037380 _____ () C:\Users\Christian Harold\Downloads\Addition.txt
2014-05-26 21:01 - 2014-05-26 21:01 - 01056256 _____ (Farbar) C:\Users\Christian Harold\Downloads\FRST.exe
2014-05-26 19:12 - 2012-07-02 17:40 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-05-26 19:12 - 2012-07-02 17:40 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-26 19:10 - 2014-05-26 19:10 - 00000000 _____ () C:\windows\setuperr.log
2014-05-26 17:56 - 2013-05-07 13:09 - 00000000 ____D () C:\NDPS
2014-05-26 16:54 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-05-26 13:54 - 2014-05-26 13:54 - 13825649 _____ () C:\Users\Christian Harold\Downloads\Papierherstellung.zip
2014-05-25 15:39 - 2009-11-18 16:26 - 00000000 ___RD () C:\Users\Christian Harold\Documents\Christian
2014-05-25 14:59 - 2012-09-17 17:58 - 00001057 _____ () C:\Users\Christian Harold\Desktop\Dropbox.lnk
2014-05-25 14:59 - 2012-09-17 17:56 - 00000000 ____D () C:\Users\Christian Harold\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 13:11 - 2014-05-22 09:39 - 00012693 ____H () C:\Users\Christian Harold\AppData\Roaming\telekom.html
2014-05-22 09:53 - 2014-05-22 09:53 - 00052332 _____ () C:\Users\Christian Harold\Downloads\Prüfungseinteilung2014.xlsx
2014-05-22 09:43 - 2013-08-11 15:37 - 00136216 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-05-22 09:43 - 2013-08-11 15:37 - 00093528 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-05-20 15:50 - 2014-05-20 15:50 - 00057518 _____ () C:\Users\Christian Harold\Downloads\DSC_8358.jpeg
2014-05-19 10:16 - 2009-11-18 15:20 - 00000000 ____D () C:\Users\Christian Harold\AppData\Local\VirtualStore
2014-05-15 13:21 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-05-15 10:04 - 2014-05-13 17:40 - 00000000 ____D () C:\ProgramData\2992199F9A
2014-05-15 09:58 - 2014-05-06 21:02 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 09:58 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-05-14 21:57 - 2009-09-17 05:58 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 21:55 - 2014-05-14 21:55 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2014-05-14 21:54 - 2013-08-15 18:07 - 00000000 ____D () C:\windows\system32\MRT
2014-05-14 21:50 - 2010-08-12 16:42 - 90547776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-14 18:33 - 2013-09-28 14:29 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-12 07:26 - 2014-05-30 15:47 - 00051928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-05-30 15:47 - 00074456 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-30 15:47 - 00023256 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-05-11 19:37 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\NDF
2014-05-09 09:06 - 2014-05-14 20:44 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 20:44 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 16:00 - 2009-11-18 20:56 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2014-05-08 11:28 - 2014-05-08 11:28 - 00027136 _____ () C:\Users\Christian Harold\Downloads\CLIL_Leerformular 2013-14.xls
2014-05-06 05:25 - 2014-05-14 21:45 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-14 21:45 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-14 21:45 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 11:05 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
Files to move or delete:
====================
C:\ProgramData\PKP_DLdu.DAT
Some content of TEMP:
====================
C:\Users\Christian Harold\AppData\Local\temp\avgnt.exe
C:\Users\Christian Harold\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpntjwbk.dll
C:\Users\Christian Harold\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe
[2014-05-14 20:44] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-29 16:00
==================== End Of Log ============================
Danke für deine Hilfe! |
|
01.06.2014, 21:57
| #10 |
| /// the machine /// TB-Ausbilder | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Flash Player updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Christian Harold\AppData\Local\VirtualStore\ProgramData\mjwsgqw.dat
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.06.2014, 19:08
| #11 |
| | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden fixlist log: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version:02-06-2014
Ran by Christian Harold at 2014-06-02 19:58:58 Run:1
Running from C:\Users\Christian Harold\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\Christian Harold\AppData\Local\VirtualStore\ProgramData\mjwsgqw.dat
*****************
C:\Users\Christian Harold\AppData\Local\VirtualStore\ProgramData\mjwsgqw.dat => Moved successfully.
==== End of Fixlog ====
danke |
|
03.06.2014, 18:37
| #12 |
| /// the machine /// TB-Ausbilder | WIN 7 Crypt.ZPACK.80380 laut Avira gefunden Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
