| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: V9.com ständig auch hierWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
23.08.2014, 10:20
| #1 |
| |  V9.com ständig auch hier Hallo, ich bin neu hier. Am PC meiner Schwägerin öffnet sich ständig im Firefox www.v9.com. Gestern zuerst Malwarebytes installiert (erster Scanlog siehe unten), nach Neustart besteht das Problem immer noch (zweiter Scanlog siehe unten). Danach hier im board recherchiert und entsprechend Eurer Anweisungen defogger ausgeführt und Scans mit FRST und GMER durchgeführt (Logs siehe unten). Vielen Dank für Eure Arbeit! Grüße Alexander Malwarebytes (1. Log): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.08.2014 Scan Time: 18:31:10 Logfile: mbam 2014-08-23 18-31 Uhr.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.22.07 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista CPU: x86 File System: NTFS User: Sauerland Scan Type: Threat Scan Result: Completed Objects Scanned: 266282 Time Elapsed: 12 min, 24 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 20 PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, Quarantined, [a4fb4f7aaecdc373686b38718a78d828], PUP.Optional.Babylon.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, Quarantined, [0b943e8bd6a574c2bfa2abc5e31f59a7], PUP.Optional.DataMangr.A, HKLM\SOFTWARE\DataMngr, Quarantined, [17888148651625113e33d721ff03a15f], PUP.Optional.DomaIQ.A, HKLM\SOFTWARE\DomaIQ, Quarantined, [158a4a7ff586b97d55dabd5b58ab15eb], PUP.Optional.MediaEnhance.A, HKLM\SOFTWARE\media enhance, Quarantined, [d2cd92371269a88e81c2a958847fc33d], PUP.Optional.qvo6.A, HKLM\SOFTWARE\qvo6Software, Quarantined, [a4fbe3e6c9b2f83e30a2929b52b203fd], PUP.Optional.CrossRider.A, HKLM\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [0e913a8fcbb041f5667d12f6b54e9070], PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [bde27653f289aa8cc0693bfc7a8a2dd3], PUP.Optional.V9.A, HKLM\SOFTWARE\V9SOFTWARE\v9hp, Quarantined, [9c03b11814674de910801ef3d03310f0], PUP.Optional.MediaEnhance.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\media enhance, Delete-on-Reboot, [c4db6e5b0b70b086de67ac554bb801ff], PUP.Optional.DataMngr.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr, Quarantined, [930c31985427f83ef26d60cbda2a6997], PUP.Optional.DataMngr.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, Quarantined, [77287b4ea7d46acce47a07242ed68779], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, Quarantined, [6a3555742b50ae88e4efa6994abab848], PUP.Optional.MediaEnhance.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\media enhance, Quarantined, [7d2221a81c5fd95d99ac8b76e61d58a8], PUP.Optional.Babylon.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\BABSOLUTION\Updater, Quarantined, [adf203c6a4d783b3035fe04cc83ce61a], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, Quarantined, [bee15d6ccfac8babf548f52001021fe1], PUP.Optional.InstallCore.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, Quarantined, [46593e8bec8fe551bbc7e04b6b997987], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\21636, Quarantined, [2f70af1a2e4d3bfbeeeeeef9db27b64a], PUP.Optional.CrossRider.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\freeven, Quarantined, [8b140abf9fdcf541f32db05ced1614ec], PUP.Optional.Qone8, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarantined, [ccd3ab1e94e7e650c2665cdba85cd52b], Registry Values: 5 PUP.Optional.BrowserProtect.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ABOUTURLS|bProtectTabs, hxxp://www2.delta-search.com/?babsrc=NT_ss&mntrId=FA4A0021002F159B&affID=120523&tsp=5003, Quarantined, [5b44ae1b0f6c132304cc9d91e321fd03] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://search.v9.com/web/?type=ds&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f&q={searchTerms}, Quarantined, [9a055d6c671447efb8164aaaf70b649c] PUP.Optional.QuickStart.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|quick_start@gmail.com, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\quick_start@gmail.com, Quarantined, [603f79507b002c0a6e10da2fe81b5aa6] PUP.Optional.InstallCore.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Q1O2W1R1D0D1S1J, Quarantined, [46593e8bec8fe551bbc7e04b6b997987] PUP.Optional.QuickStart.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, quick_start@gmail.com, Quarantined, [aef17356770467cf524e3bb8ec16b14f] Registry Data: 7 PUP.Optional.Qvo6.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&ts=1381262678, Good: (iexplore.exe), Bad: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&utm_campaign=eXQ&utm_content=sc&from=cor&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&ts=1381262678),Replaced,[f4abb3165526de58889f67767a8a0bf5] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[2a75a0293a412214ec571cb6e51fb64a] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[a5fae4e55e1d71c5dd648f4328dc7b85] PUP.Optional.V9.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://search.v9.com/web/?type=ds&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f&q={searchTerms}, Good: (www.google.com), Bad: (hxxp://search.v9.com/web/?type=ds&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f&q={searchTerms}),Replaced,[fda24a7f92e989adc57d61714bb96b95] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Replaced,[5f40ecdd9ae1a591e5ad3ca0f212ef11] PUP.Optional.V9.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[b3eca524f388fb3b0b30666c3dc7f907] PUP.Optional.V9.A, HKU\S-1-5-21-4034917407-2925645633-2811160046-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f, Good: (www.google.com), Bad: (hxxp://www.v9.com/?type=hp&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f),Replaced,[9d023297abd0be78c772537f84800ff1] Folders: 18 PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log, Quarantined, [a2fd0bbe85f678bed1b9ad6442c13bc5], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\mt_ffx\searchgol, Quarantined, [e0bfebdec5b6ea4c697d5b629969728e], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\mt_ffx\searchgol\searchgol, Quarantined, [e0bfebdec5b6ea4c697d5b629969728e], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\mt_ffx\searchgol\searchgol\1.8.16.19, Quarantined, [e0bfebdec5b6ea4c697d5b629969728e], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], Files: 191 PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\nsa3FD2.tmp, Quarantined, [108fdaef601b1620dabbadf9b64ee11f], PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\nsnDC62.tmp, Quarantined, [405fe1e8116ad264e6afeabc1be92dd3], PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\ICReinstall_nsa3FD2.tmp, Quarantined, [a6f93c8d225988ae3263faac659f4db3], PUP.Optional.InstallCore, C:\Users\Sauerland\AppData\Local\Temp\ICReinstall_nsnDC62.tmp, Quarantined, [acf3814886f52f07b9dcc3e335cf5ca4], Backdoor.Bot, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\android.exe, Quarantined, [0c93d7f21d5e68cefd292455c73a9769], PUP.Optional.ScramblePacker.A, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\med_inhance.exe, Quarantined, [f7a82f9afb8022147aabaade60a1e41c], PUP.Optional.ScramblePacker.A, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\reven-1-2.exe, Quarantined, [a1fea0291764a3932df85d2bda276b95], PUP.Optional.SkyTech.A, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\tugs_v9.exe, Quarantined, [762914b5cab1a690450c3b2741c005fb], PUP.Optional.SilenceInstall, C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\VOPackage.exe, Quarantined, [c0df8d3caecd45f15aa40733d729dc24], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\BExternal.dll, Quarantined, [3d62a5242a5196a0a1730221ac5456aa], PUP.Optional.Conduit.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\ccp.exe, Quarantined, [8d126e5b5c1fc96de827d05dc63baa56], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\CrxInstaller.dll, Quarantined, [8d124188c5b620166dcb49dc2fd20bf5], PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\DSearchLink.exe, Quarantined, [b6e96861dd9e31052b37088c54b07b85], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\MntrDLLInstall.dll, Quarantined, [dfc0e3e679028fa764d5bb6af30ef709], PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\MyDeltaTB.exe, Quarantined, [e1be7f4a3744e74fe469205cd13050b0], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\Setup.exe, Quarantined, [554afacf97e4ee48714569b81ae6ca36], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\BExternal.dll, Quarantined, [48579a2f5a21ef47d440e043bd43d828], PUP.Optional.Conduit.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\ccp.exe, Quarantined, [762916b3abd093a37d92c5689f62966a], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\CrxInstaller.dll, Quarantined, [930c59707cffb086023626ffe120c937], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\MntrDLLInstall.dll, Quarantined, [1e81d3f63b40a78f0732e045ac55a858], PUP.Optional.SearchGolTB.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\MySgolTB.exe, Quarantined, [69364a7fceadf541f120012c5fa2da26], PUP.Optional.Babylon.A, C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\Setup.exe, Quarantined, [6936c0094a31ab8b16a0f32ec53b3ac6], Backdoor.Bot, C:\Users\Sauerland\AppData\Local\Temp\android\android.exe, Quarantined, [bce3e6e3e09b092d2bfb84f55ea36799], PUP.Optional.Wsys.A, C:\Users\Sauerland\AppData\Local\Temp\eIntaller\0EBB513F58B14481B249A95BBB54EAE8\eGdpSvc.exe, Quarantined, [5d426b5e0873bb7bbc9cec46ec159a66], PUP.Optional.Wilsys.A, C:\Users\Sauerland\AppData\Local\Temp\eIntaller\0EBB513F58B14481B249A95BBB54EAE8\eXQ.exe, Quarantined, [a9f6f5d4502b5cda7dda60d22ad71de3], PUP.Optional.CRX.A, C:\Users\Sauerland\AppData\Local\Temp\bus93F5\CrxUpdater_d.exe, Quarantined, [0f9090390972a98d1f3babec84802ed2], PUP.Optional.PCFixSpeed.A, C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724548_stp\SearchGol.exe, Quarantined, [425d696019621f1739ec80d632d20000], PUP.Optional.Elex, C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724639_stp\cor_ar_qvo6.exe, Quarantined, [039c7752a1daf83e9ee439e8827e2ad6], PUP.Optional.SkyTech.A, C:\Users\Sauerland\AppData\Local\Temp\fullpackage_temp1394481356\alilog.dll, Quarantined, [277819b0275446f03a0c7cb6a65a827e], PUP.Optional.SkyTech.A, C:\Users\Sauerland\AppData\Local\Temp\fullpackage_temp1394481356\package1.zip, Quarantined, [9a0557723c3fb383fa4c64ce27d9629e], PUP.Optional.V9.A, C:\Users\Sauerland\AppData\Local\Temp\fullpackage_temp1394481356\qSE.exe, Quarantined, [920d3f8a186392a428cc55f337c9b947], PUP.Optional.BundleInstaller.A, C:\Users\Sauerland\Downloads\flashplayerpro-setup.exe, Quarantined, [e4bbaa1f98e3da5ca5bde1679a66cb35], PUP.Optional.DomaIQ, C:\Users\Sauerland\Downloads\Setup(1).exe, Quarantined, [ddc2c306dd9e83b3dc2c251e31cf916f], PUP.Optional.DomaIQ, C:\Users\Sauerland\Downloads\Setup(2).exe, Quarantined, [3f6056730972a98dce3a1f24976956aa], PUP.Optional.DomalQ, C:\Users\Sauerland\Downloads\Setup.exe, Quarantined, [d6c955748eedca6cb53e5053e71d5aa6], PUP.Optional.Freemium.A, C:\Users\Sauerland\Downloads\VLC_player_Setup(1).exe, Quarantined, [7926b5147cff3303a24e1d150ef3fb05], PUP.Optional.DomaIQ, C:\Users\Sauerland\Downloads\Java(1).exe, Quarantined, [e4bb2b9e84f7043281873211d42cec14], PUP.Optional.DomalQ, C:\Users\Sauerland\Downloads\Java.exe, Quarantined, [dac511b81f5cf44240b3277ceb197090], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-chromeinstaller.job, Quarantined, [46593099354679bd4bf7f60b937001ff], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-codedownloader.job, Quarantined, [8817d5f4f982171f82c0e31e0bf807f9], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-enabler.job, Quarantined, [227d5376f68544f278ca50b15aa957a9], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-firefoxinstaller.job, Quarantined, [554a3e8b314ac76fb78bc53c788b7987], PUP.Optional.MediaEnhance.A, C:\WINDOWS\Tasks\media enhance-updater.job, Quarantined, [148bc1084f2c83b30e34ce33966da65a], PUP.Optional.SearchGol.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\searchplugins\searchgol.xml, Quarantined, [f4abb415e89348ee6abdc942867de818], PUP.Optional.eSafe.A, C:\ProgramData\eSafe\log\eGdpSvc.LOG, Quarantined, [a2fd0bbe85f678bed1b9ad6442c13bc5], PUP.Optional.V9.A, C:\Program Files\Mozilla Firefox\browser\searchplugins\v9.xml, Quarantined, [eeb1d2f7493296a04b43bc557a89d42c], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome.manifest, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\install.rdf, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\056ff2369117eca1daf2a3b0ec0dcb8c.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\2181005b6228106d89d08ab60a49fc92.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\554f63adc1c965135708d0d96ce6f971.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\74f7d636aaf9097539db2db55ee84f40.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\79c5d82d9be232edcaf4e34967619c45.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\8b1606f941e2b7145769a0837cb46514.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\background.html, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\browser.xul, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\dialog.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\ffCoreFilesIndex.txt, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\options.xul, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\search_dialog.xul, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\654fb614b777e2cd9497c7acb5bddbd1.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\128460844b10898475a6a4ba0978ba83.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\15b56037c4a278e029c0705eae4a1489.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\17da7703a7ebb6e2b7c6ef0e5c1a4fd3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\296b153cad739ef425a4c45832c346d3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\3b0be935580eb5611440aca61d5ca2d5.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\59ac6620b45026f98ce76b7c0e49f612.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\5a05e85a74a00d3aa231f1307dafa0f8.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\5c100b0f25ea25cb5b60cb431e39c1a6.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\909c50e086168bf8e2c236d8b9c85297.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\9b3a14715b6cc34ee804d6285467b8be.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\aa4f591f6235e487854590505a251adb.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\b4f34668ca0610fcd25a363c53c2c9d5.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\c538dd50beb1282fc0b4fb286df59271.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\c705116f0d371fed55fea3bd9532b16e.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\api\d232f6621729d8fce75a3cb501b4a579.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\dac9d66654a509b510f1479f223fe362.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\131d1b608a4eb28b84f3963ddcececb3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\133a6d2127e3412a0c70ead5d736289c.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\180461bf317c0a17c3c4339abcdfac16.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\2eed471dc1cad1e31bf5ec04bae0b1bb.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\86e6a819c9dc7495ff552fd1fdf6a8d3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\923a6ba4a1990953d7a5825d0bb0d749.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\93456ec3cedb2861af3959ccb0841ad1.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\a7747c4fc9963eed4c432bac24e4efc8.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\b5209d9967206a85dba9ad73d2b87315.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\bd24ca25276b1d16fe7cb095cf4fbed3.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\c206de3c7cd35e3ea2404cb185433ace.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\c27b8889ba3af2ad48e37c4658fdc290.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\d05c058bb1d88f3c672b90e493f4242a.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\dcda499ac580398d705e7e43370efe7f.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\dedb9accfbb48b706c3666f0b0927dde.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\e4c756a4a4b7b48b1c0ad5679feec217.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\e567bf2dfcaf263eab55f7ce45bdd1d9.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\fb8962e837b6e34941c780e3c00965b8.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\fc5dc392492cc5c8b67cf5a4a1276b1e.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\chrome\content\core\installer.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\defaults\preferences\prefs.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\manifest.xml, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins.json, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\102.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\104.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\13.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\14.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\16.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\17.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\180.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\184.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\190.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\191.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\195.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\211.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\220.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\221.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\223.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\226.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\230.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\233.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\242.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\246.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\260.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\263.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\268.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\273.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\284.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\286.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\288.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\289.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\291.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\300.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\301.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\4.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\47.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\64.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\7.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\78.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\9.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\91.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\plugins\93.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\background.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\extensionData\userCode\extension.js, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\locale\en-US\translations.dtd, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button1.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button2.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button3.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button4.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\button5.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\crossrider_statusbar.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon128.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon16.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon24.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\icon48.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\panelarrow-up.png, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\popup.html, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\skin.css, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\extensions\0c822a17-a68f-4066-9257-d229458d21ca@9c178d17-dc61-4aaf-b2da-1425ac7300ac.com\skin\update.css, Quarantined, [b8e76e5bdd9eff37bcf4c8fa08fadb25], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\44150.crx, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\44150.xpi, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\background.html, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\Installer.log, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-bg.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance-chromeinstaller.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\media enhance.ico, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\Uninstall.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.MediaEnhance.A, C:\Program Files\media enhance\utils.exe, Quarantined, [49569930b7c4f541a23b19b04fb3d22e], PUP.Optional.CrossRider.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.crossrider.bic", "144ad94b7cd60d610272d15b8f8c6ffc");), Replaced,[435c8f3ad3a80f27c4394ac363a2f60a] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), Replaced,[c8d7f5d4b0cb52e4fb197896e71e23dd] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), Replaced,[a9f6e9e0720952e4bc58f11da95c639d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Replaced,[d0cfb4158fec61d568ac58b621e41ae6] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), Replaced,[019ea920cbb02c0a45cf709e17ee42be] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "de");), Replaced,[168925a41f5c6ec815ffc8468e77b34d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), Replaced,[bae523a6ccaf0f27bc58c44afe072bd5] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), Replaced,[752acffa1f5c54e27c9823eb0df845bb] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "fa4a43d90000000000000021002f159b");), Replaced,[5946a7229cdffa3c948063abc83d11ef] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15960");), Replaced,[fda2e3e6bdbe87afeb29d73722e311ef] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), Replaced,[148bbe0baad1ee4864b0709eb154f10f] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), Replaced,[108f78512b505bdbab6937d7e1244eb2] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), Replaced,[6f3005c4255634022ee615f9f41156aa] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), Replaced,[3c633495a7d43501e62ee12d9d680000] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), Replaced,[792628a1ccafd6602fe55db1d82d4cb4] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), Replaced,[0d92e3e6f982ef47a66ef11d16efa759] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), Replaced,[d1cec1083d3e1f17789c1cf23dc81ce4] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), Replaced,[4e51b7122556e74f090bad61da2bbf41] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.24.6");), Replaced,[fca387422655e155b0647b9346bff50b] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.24.622:13:29");), Replaced,[5946efda2b5038fe4cc8b45a22e3629e] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.24.6");), Replaced,[f8a7ba0f2853d46224f028e6cd38ac54] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), Replaced,[217e6465cbb0b28434e06da1d2339d63] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=120523&tsp=5003");), Replaced,[d1ce6960cdae4bebb16307072fd608f8] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), Replaced,[a9f6b4150378f73f759f7f8ff0150df3] PUP.Optional.V9.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("browser.newtab.url", "hxxp://www.v9.com/newtab/?type=nt&ts=1394481412&from=tugs&uid=TOSHIBAXMK1652GSX_58LLF14ISXX58LLF14IS&i=psd&t=33f2cfa2f");), Replaced,[e0bf8e3ba0dbfc3a581df5195aabc33d] Physical Sectors: 0 (No malicious items detected) (end) Malwarebytes (2. Log): Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 22.08.2014 Scan Time: 19:56:00 Logfile: mbam 2014-08-23 20-09 Uhr.txt Administrator: Yes Version: 2.00.2.1012 Malware Database: v2014.08.22.07 Rootkit Database: v2014.08.21.01 License: Free Malware Protection: Disabled Malicious Website Protection: Disabled Self-protection: Disabled OS: Windows Vista CPU: x86 File System: NTFS User: Sauerland Scan Type: Threat Scan Result: Completed Objects Scanned: 266278 Time Elapsed: 12 min, 13 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Disabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 23 PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.admin", false);), ,[5946c7026516df5767adcc4221e49967] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.aflt", "babsst");), ,[821df3d65f1c2f07a86c4ac49075f010] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), ,[0d9225a43249ff3718fc838b798c0af6] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.autoRvrt", "false");), ,[fea14c7d0a71cd69c351c24c5ca9b64a] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.dfltLng", "de");), ,[3768eddc1e5d4beb898b13fb5fa650b0] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.excTlbr", false);), ,[1b84ccfd5526a29470a456b860a5837d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.ffxUnstlRst", true);), ,[7b24587115662b0b6ba964aaf70ef907] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.id", "fa4a43d90000000000000021002f159b");), ,[36696366d4a775c1b85cdb330ff66799] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlDay", "15960");), ,[ebb4e8e1f2893ff7b55f11fd81847789] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.instlRef", "sst");), ,[118e68614b30d2647a9aaf5f9c6950b0] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.newTab", false);), ,[fda2c6031c5f2b0b0e06ce401bea639d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prdct", "delta");), ,[039c08c14f2c93a3bb59fa143cc99f61] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.prtnrId", "delta");), ,[7e2175543546270f59bb7a94d92c7888] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.rvrt", "false");), ,[f6a9d8f15f1c64d2d93bd7377194a957] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.smplGrp", "none");), ,[c5da5e6b0675b97db3616f9f28dd9b65] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrId", "base");), ,[5d423693a8d3e84e37dd7d91f80d4ab6] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.tlbrSrchUrl", "");), ,[326d77527b00c76f9d7747c7cd384eb2] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsn", "1.8.24.6");), ,[56499c2d7cff0333d53fc8460cf9847c] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsnTs", "1.8.24.622:13:29");), ,[425d8742126937ff62b24dc18e771ce4] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta.vrsni", "1.8.24.6");), ,[dec1e5e44437d95dd440868861a4e21e] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babExt", "");), ,[58479831d8a30f27f61e44ca32d3fd03] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.babTrack", "affID=120523&tsp=5003");), ,[d1cee8e1bcbf033319fba569aa5b837d] PUP.Optional.Delta.A, C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js, Good: (), Bad: (user_pref("extensions.delta_i.srcExt", "ss");), ,[7e210ebb4734a59174a0bd51c83d3ac6] Physical Sectors: 0 (No malicious items detected) (end) Log FRST: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014 Ran by Sauerland (administrator) on SAUERLAND-PC on 22-08-2014 21:10:41 Running from D:\Computer\Viren etc\Vorbereitung für Trojaner-Board Platform: Microsoft® Windows Vista™ Home Basic (X86) OS Language: Deutsch (Deutschland) Internet Explorer Version 7 Boot Mode: Normal The only official download link for FRST: Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/ Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/ Download link from any site other than Bleeping Computer is unpermitted or outdated. See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe (Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe (Andrea Electronics Corporation) C:\WINDOWS\System32\AEADISRV.EXE (Agere Systems) C:\WINDOWS\System32\agrsmsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe (APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe (Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe () C:\WINDOWS\SMINST\Scheduler.exe (Intel Corporation) C:\WINDOWS\System32\igfxtray.exe (Intel Corporation) C:\WINDOWS\System32\hkcmd.exe (Intel Corporation) C:\WINDOWS\System32\igfxpers.exe (Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe (PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe (Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe (Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (APN) C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe (Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe (Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe (McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe ( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe (Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe (Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe () C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe (Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jucheck.exe (Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbam.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe (Adobe Systems, Inc.) C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Adobe Systems, Inc.) C:\WINDOWS\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe (Microsoft Corporation) C:\WINDOWS\System32\conime.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-12-15] (Microsoft Corporation) HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.) HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc) HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [833072 2007-06-07] (Synaptics, Inc.) HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472632 2007-05-11] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-06-05] (Hewlett-Packard) HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.) HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.) HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2008-06-03] ( Hewlett-Packard Development Company, L.P.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-18] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [ApnTBMon] => C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1957784 2014-07-31] (APN) HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG) HKLM\...\RunOnce: [ST Recovery Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-06-06] (soft thinks) Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited) HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-1\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company) HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.) HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com StartMenuInternet: IEXPLORE.EXE - iexplore.exe SearchScopes: HKLM - {D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcmnbie7-de-de BHO: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.) BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.) DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Winsock: Catalog9 28 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [507984] (Avira Operations GmbH & Co. KG) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Users\Sauerland\Desktop\VLC\npvlc.dll (VideoLAN) FF user.js: detected! => C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\user.js FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Avira Browser Safety - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\abs@avira.com [2014-08-22] FF Extension: Avira SearchFree Toolbar plus Web Protection - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\toolbar_AVIRA-V7@apn.ask.com.xpi [2013-07-26] FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-08] FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04] Chrome: ======= CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06] ========================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG) R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-18] (Avira Operations GmbH & Co. KG) R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.) R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG) S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed] R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-06-05] (Hewlett-Packard) [File not signed] S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed] S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [235696 2014-04-09] (McAfee, Inc.) R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-13] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG) S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.) [File not signed] R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] () R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [110296 2014-08-22] (Malwarebytes Corporation) S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.) R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-10] (Avira GmbH) S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X] S3 IpInIp; system32\DRIVERS\ipinip.sys [X] S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X] S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 21:10 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST 2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable 2014-08-22 20:50 - 2014-08-22 20:50 - 00162872 _____ (Software Installer ) C:\Users\Sauerland\Downloads\Setup.exe 2014-08-22 18:29 - 2014-08-22 19:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-08-22 18:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-08-22 18:29 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe 2014-08-18 08:41 - 2014-08-18 08:42 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe 2014-08-18 08:36 - 2014-08-18 08:42 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-18 08:35 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Package Cache ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-08-22 21:10 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST 2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable 2014-08-22 21:09 - 2013-09-08 11:39 - 00000000 ____D () C:\Users\Sauerland 2014-08-22 21:06 - 2013-09-08 10:39 - 01103094 _____ () C:\Windows\WindowsUpdate.log 2014-08-22 21:02 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 2014-08-22 21:02 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 2014-08-22 20:50 - 2014-08-22 20:50 - 00162872 _____ (Software Installer ) C:\Users\Sauerland\Downloads\Setup.exe 2014-08-22 20:26 - 2014-01-03 10:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-08-22 19:53 - 2014-08-22 18:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-08-22 19:02 - 2007-12-15 02:38 - 00243764 _____ () C:\Windows\PFRO.log 2014-08-22 19:02 - 2007-12-15 02:20 - 00000000 ____D () C:\Windows\SMINST 2014-08-22 19:02 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2014-08-22 19:01 - 2006-11-09 18:42 - 00000012 _____ () C:\Windows\bthservsdp.dat 2014-08-22 19:01 - 2006-11-02 14:58 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT 2014-08-22 18:52 - 2013-10-08 22:04 - 00000000 ____D () C:\ProgramData\eSafe 2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 2014-08-22 18:29 - 2006-11-02 12:33 - 01488910 _____ () C:\Windows\system32\PerfStringBackup.INI 2014-08-22 18:26 - 2013-09-10 21:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe 2014-08-22 18:26 - 2013-09-10 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl 2014-08-22 17:35 - 2013-09-19 16:51 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job 2014-08-19 22:57 - 2013-09-08 14:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service 2014-08-18 09:01 - 2014-06-22 14:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox 2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe 2014-08-18 08:42 - 2014-08-18 08:41 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe 2014-08-18 08:42 - 2014-08-18 08:36 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk 2014-08-18 08:42 - 2014-08-18 08:35 - 00000000 ____D () C:\ProgramData\Package Cache 2014-08-18 08:42 - 2013-09-10 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2014-08-18 08:42 - 2013-09-10 21:02 - 00000000 ____D () C:\Program Files\Avira 2014-08-18 08:36 - 2013-09-10 21:02 - 00000000 ____D () C:\ProgramData\Avira Some content of TEMP: ==================== C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe C:\Users\Sauerland\AppData\Local\Temp\BackupSetup.exe C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer-1.exe C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer.exe C:\Users\Sauerland\AppData\Local\Temp\HPQSi.exe C:\Users\Sauerland\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe C:\Users\Sauerland\AppData\Local\Temp\setup.exe C:\Users\Sauerland\AppData\Local\Temp\SymLCSVC.EXE C:\Users\Sauerland\AppData\Local\Temp\uninst1.exe C:\Users\Sauerland\AppData\Local\Temp\vcredist_x86.exe C:\Users\Sauerland\AppData\Local\Temp\_is8114.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\explorer.exe => File is digitally signed C:\Windows\system32\winlogon.exe => File is digitally signed C:\Windows\system32\wininit.exe => File is digitally signed C:\Windows\system32\svchost.exe => File is digitally signed C:\Windows\system32\services.exe => File is digitally signed C:\Windows\system32\User32.dll => File is digitally signed C:\Windows\system32\userinit.exe => File is digitally signed C:\Windows\system32\rpcss.dll => File is digitally signed C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-08-22 19:27 ==================== End Of Log ============================ Log FRST Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version:21-08-2014
Ran by Sauerland at 2014-08-22 21:11:17
Running from D:\Computer\Viren etc\Vorbereitung für Trojaner-Board
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 14 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.145 - Adobe Systems Incorporated)
Avira (HKLM\...\{9590977b-7b6f-467e-a11a-efa1fae804da}) (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.18.30000 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.552 - Avira)
Avira SearchFree Toolbar (HKLM\...\{41564952-412D-5637-00A7-A758B70C0F05}) (Version: 12.15.5.1034 - APN, LLC)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mozilla Firefox 31.0 (x86 de) (HKLM\...\Mozilla Firefox 31.0 (x86 de)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
23-06-2014 08:47:45 Geplanter Prüfpunkt
05-07-2014 11:59:56 Geplanter Prüfpunkt
13-08-2014 20:43:36 Windows Update
18-08-2014 07:43:34 Geplanter Prüfpunkt
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2006-11-02 12:23 - 2006-09-18 23:41 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
::1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {49FD1CF1-D334-443A-83E8-F459169B6D2C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-22] (Adobe Systems Incorporated)
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2006-11-02] ()
Task: {8ACDF758-2F0B-4C22-90F2-B69BE35BCB2B} - System32\Tasks\APSnotifierCA => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2006-11-02] (Microsoft Corporation)
Task: {D90BC17A-3AEE-442C-BB10-2DBC8B467BAA} - System32\Tasks\Registration => C:\Program Files\Hewlett-Packard\SDP\RemEngine.exe [2007-06-15] ()
Task: {DDCBD8CE-E4BA-4FEC-AF33-13DAD0B55BD9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\APSnotifierCA.job => C:\Program Files\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job => C:\Windows\system32\msfeedssync.exe
==================== Loaded Modules (whitelisted) =============
2014-07-24 11:47 - 2014-07-24 11:47 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-07-24 11:50 - 2014-07-24 11:50 - 00137296 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-07-24 11:49 - 2014-07-24 11:49 - 00065104 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2007-08-24 14:28 - 2007-08-24 14:28 - 00249856 _____ () C:\Windows\system32\igfxTMM.dll
2007-12-15 02:20 - 2007-06-06 15:34 - 00715912 _____ () C:\WINDOWS\SMINST\scheduler.exe
2007-12-15 02:20 - 2007-02-15 17:37 - 00446464 _____ () C:\WINDOWS\SMINST\naspp.dll
2007-06-08 10:05 - 2007-06-08 10:05 - 00274432 _____ () C:\Windows\system32\flcdlmsg.dll
2014-08-18 08:36 - 2014-07-24 11:50 - 00049744 _____ () C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2009-10-14 13:36 - 2009-10-14 13:36 - 02793304 _____ () C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
2007-02-16 18:40 - 2007-02-16 18:40 - 01466368 _____ () C:\Program Files\Common Files\LightScribe\QtCore4.dll
2007-02-16 18:40 - 2007-02-16 18:40 - 05521408 _____ () C:\Program Files\Common Files\LightScribe\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 02140944 _____ () C:\Program Files\Logitech\Logitech Vid\QtCore4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 07704336 _____ () C:\Program Files\Logitech\Logitech Vid\QtGui4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00968976 _____ () C:\Program Files\Logitech\Logitech Vid\QtNetwork4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00475408 _____ () C:\Program Files\Logitech\Logitech Vid\QtOpenGL4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00363792 _____ () C:\Program Files\Logitech\Logitech Vid\QtXml4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00199952 _____ () C:\Program Files\Logitech\Logitech Vid\QtSql4.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 00027408 _____ () C:\Program Files\Logitech\Logitech Vid\SDL.dll
2009-07-16 15:35 - 2009-07-16 15:35 - 11311888 _____ () C:\Program Files\Logitech\Logitech Vid\QtWebKit4.dll
2009-07-16 15:34 - 2009-07-16 15:34 - 00291600 _____ () C:\Program Files\Logitech\Logitech Vid\phonon4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00028944 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00035088 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qico4.dll
2009-07-16 15:36 - 2009-07-16 15:36 - 00138000 _____ () C:\Program Files\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll
2013-09-08 13:55 - 2008-04-11 09:04 - 00685360 _____ () C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
2009-10-14 13:34 - 2009-10-14 13:34 - 00560472 _____ () C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
2014-06-22 14:08 - 2014-08-18 09:01 - 03800688 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-08-22 18:26 - 2014-08-22 18:26 - 17029808 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (08/22/2014 08:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung setup.exe_Software Installer, Version 3.7.1.0, Zeitstempel 0x53f78bb4, fehlerhaftes Modul setup.exe, Version 3.7.1.0, Zeitstempel 0x53f78bb4, Ausnahmecode 0xc0000005, Fehleroffset 0x0000c8ff,
Prozess-ID 0x1210, Anwendungsstartzeit setup.exe_Software Installer0.
Error: (08/22/2014 08:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung setup.exe_Software Installer, Version 3.7.1.0, Zeitstempel 0x53f64144, fehlerhaftes Modul setup.exe, Version 3.7.1.0, Zeitstempel 0x53f64144, Ausnahmecode 0xc0000005, Fehleroffset 0x000150fc,
Prozess-ID 0x1410, Anwendungsstartzeit setup.exe_Software Installer0.
Error: (08/19/2014 11:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 31.0.0.5310, Zeitstempel 0x53c75e91, fehlerhaftes Modul mozalloc.dll, Version 31.0.0.5310, Zeitstempel 0x53c72e91, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0x11a0, Anwendungsstartzeit plugin-container.exe0.
Error: (06/23/2014 02:58:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung plugin-container.exe, Version 30.0.0.5269, Zeitstempel 0x53914233, fehlerhaftes Modul mozalloc.dll, Version 30.0.0.5269, Zeitstempel 0x53911393, Ausnahmecode 0x80000003, Fehleroffset 0x0000141b,
Prozess-ID 0xe94, Anwendungsstartzeit plugin-container.exe0.
Error: (04/14/2014 03:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 28.0.0.5186, Zeitstempel 0x53240e37, fehlerhaftes Modul xul.dll, Version 28.0.0.5186, Zeitstempel 0x53240e04, Ausnahmecode 0xc0000005, Fehleroffset 0x00184729,
Prozess-ID 0xd80, Anwendungsstartzeit firefox.exe0.
Error: (04/14/2014 00:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Fehlerhafte Anwendung firefox.exe, Version 28.0.0.5186, Zeitstempel 0x53240e37, fehlerhaftes Modul xul.dll, Version 28.0.0.5186, Zeitstempel 0x53240e04, Ausnahmecode 0xc0000005, Fehleroffset 0x00184729,
Prozess-ID 0x974, Anwendungsstartzeit firefox.exe0.
Error: (03/16/2014 04:26:19 PM) (Source: HP Health Check Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (03/10/2014 10:20:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (03/10/2014 10:20:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (03/10/2014 10:20:22 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
System errors:
=============
Error: (08/22/2014 07:02:24 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 07:02:19 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:43:05 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:43:00 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:32:02 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/22/2014 05:31:57 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/19/2014 10:57:00 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/19/2014 10:56:55 PM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/18/2014 08:33:09 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Error: (08/18/2014 08:33:04 AM) (Source: volmgr) (EventID: 49) (User: )
Description: Die Konfiguration der Auslagerungsdatei für das Speicherabbild ist fehlgeschlagen. Stellen
Sie sicher, dass eine Auslagerungsdatei auf der Startpartition vorhanden ist und dass diese
groß genug ist, um den gesamten physikalischen Speicher abbilden zu können.
Microsoft Office Sessions:
=========================
Error: (08/22/2014 08:56:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Software Installer3.7.1.053f78bb4setup.exe3.7.1.053f78bb4c00000050000c8ff121001cfbe3a0cb2a109
Error: (08/22/2014 08:47:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: setup.exe_Software Installer3.7.1.053f64144setup.exe3.7.1.053f64144c0000005000150fc141001cfbe392233ce69
Error: (08/19/2014 11:36:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141b11a001cfbbf184897666
Error: (06/23/2014 02:58:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141be9401cf8ee2add5b250
Error: (04/14/2014 03:41:03 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c000000500184729d8001cf57d5bb826d81
Error: (04/14/2014 00:04:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: firefox.exe28.0.0.518653240e37xul.dll28.0.0.518653240e04c00000050018472997401cf57bd5abe2d10
Error: (03/16/2014 04:26:19 PM) (Source: HP Health Check Service) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Der Dienstprozess konnte keine Verbindung mit dem Dienstcontroller herstellen
Error: (03/10/2014 10:20:25 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: PNRPsvcC:\Windows\system32\pnrpperf.dll4
Error: (03/10/2014 10:20:25 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:
Error: (03/10/2014 10:20:22 PM) (Source: Perflib) (EventID: 1010) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4
CodeIntegrity Errors:
===================================
Date: 2014-08-22 21:11:13.747
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.708
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.669
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.630
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.373
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.333
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.289
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 21:11:13.250
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mbamchameleon.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 20:01:05.854
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-08-22 20:01:05.804
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\WINDOWS\System32\drivers\mwac.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: Intel(R) Celeron(R) CPU 550 @ 2.00GHz
Percentage of memory in use: 51%
Total physical RAM: 3062.69 MB
Available physical RAM: 1482.14 MB
Total Pagefile: 2967.17 MB
Available Pagefile: 1440.85 MB
Total Virtual: 2047.88 MB
Available Virtual: 1921.03 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:39.06 GB) (Free:13.96 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:101.2 GB) (Free:13.52 GB) NTFS
Drive e: (HP_RECOVERY) (Fixed) (Total:8.79 GB) (Free:1.74 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive g: (LEXAR MEDIA) (Removable) (Total:0.06 GB) (Free:0.04 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 149.1 GB) (Disk ID: 706BA65C)
Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=101.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=8.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 61.5 MB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Log Gmer: Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-08-22 21:39:00
Windows 6.0.6000 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 TOSHIBA_ rev.LV01 149,05GB
Running: j4ntsdtc.exe; Driver: C:\Users\SAUERL~1\AppData\Local\Temp\kwryyuoc.sys
---- System - GMER 2.1 ----
SSDT 8E15C9CC ZwClose
SSDT 8E15C9D6 ZwCreateSection
SSDT 8E15C9C7 ZwDuplicateObject
SSDT 8E15C968 ZwOpenProcess
SSDT 8E15C96D ZwOpenThread
SSDT 8E15C9E0 ZwRequestWaitReplyPort
SSDT 8E15C9DB ZwSetContextThread
SSDT 8E15C9E5 ZwSetSecurityObject
SSDT 8E15C9EA ZwSystemDebugControl
SSDT 8E15C977 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwCallbackReturn + 368 81C80874 4 Bytes CALL 9791D4FA
.text ntkrnlpa.exe!ZwCallbackReturn + 3D4 81C808E0 4 Bytes JMP 9791DF66
.text ntkrnlpa.exe!ZwCallbackReturn + 73C 81C80C48 4 Bytes CALL 9791E7CE
.text ntkrnlpa.exe!ZwCallbackReturn + 7E8 81C80CF4 4 Bytes JMP E08E15C9
---- Devices - GMER 2.1 ----
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Processes - GMER 2.1 ----
Process (*** hidden *** ) [4] 83D36C20
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\0016411f4ab6
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001e37624b73
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\0016411f4ab6 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001e37624b73 (not active ControlSet)
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
|
|
23.08.2014, 15:18
| #2 |
| /// the machine /// TB-Ausbilder    | V9.com ständig auch hier hi,
__________________Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
24.08.2014, 21:14
| #3 |
| | V9.com ständig auch hier Hallo,
__________________vielen Dank. Nach dem FRST Scan hat Avira Free Antivirus folgende Malware gefunden und in Quarantäne geschoben: "ADWARE/iBryte.AR" Das dürfte ich mir eingefangen haben, als ich blöderweise vom infizierten Rechner vorgestern versucht habe, Defogger (Euer link) herunterzuladen. Als das nicht funktionierte, habe ich von meinem eigenen PC die downloads ausgeführt. Nach der Meldung von Avira habe ich nochmals einen FRST Scan gemacht. Grüße Alexander AdwCleaner: Code:
ATTFilter # AdwCleaner v3.308 - Bericht erstellt am 23/08/2014 um 21:57:13
# Aktualisiert 20/08/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Basic (32 bits)
# Benutzername : Sauerland - SAUERLAND-PC
# Gestartet von : C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\Program Files\Uniblue
Ordner Gelöscht : C:\Program Files\Uninstaller
Ordner Gelöscht : C:\Users\SAUERL~1\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\SAUERL~1\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\Sauerland\AppData\Roaming\v9
Ordner Gelöscht : C:\Users\Sauerland\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\Sauerland\Desktop\Continue VuuPC Installation.lnk
Datei Gelöscht : C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\invalidprefs.js
Datei Gelöscht : C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\user.js
***** [ Tasks ] *****
Task Gelöscht : APSnotifierCA
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Sauerland\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\d57da88b03fb848
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4277F7CF-0000-46CF-BA49-D624465C4BAB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422412250}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550455415550}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660466416650}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440444414450}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\InstalledBrowserExtensions
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Delta
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\TENCENT
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\V9Software
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\media enhance
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\MyPC Backup
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6000.16982
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.__ICM_LITE__blacklist_domain.value", "%7B%22SLIDERS%22%3A%5B%226pm.com%22%2C%22amazon.c[...]
Zeile gelöscht : user_pref("extensions.a0c822a17a68f40669257d229458d21ca9c178d17dc614aafb2da1425ac7300accom44150.44150.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssf[...]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "fa4a43d90000000000000021002f159b");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15960");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.622:13:29");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=120523&tsp=5003");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.searchgol.admin", false);
Zeile gelöscht : user_pref("extensions.searchgol.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.searchgol.appId", "{4277F7CF-0000-46CF-BA49-D624465C4BAB}");
Zeile gelöscht : user_pref("extensions.searchgol.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.searchgol.excTlbr", false);
Zeile gelöscht : user_pref("extensions.searchgol.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.searchgol.id", "fa4a43d90000000000000021002f159b");
Zeile gelöscht : user_pref("extensions.searchgol.instlDay", "15986");
Zeile gelöscht : user_pref("extensions.searchgol.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.searchgol.newTab", false);
Zeile gelöscht : user_pref("extensions.searchgol.prdct", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.prtnrId", "searchgol");
Zeile gelöscht : user_pref("extensions.searchgol.rvrt", "false");
Zeile gelöscht : user_pref("extensions.searchgol.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.searchgol.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.searchgol.vrsn", "1.8.16.19");
Zeile gelöscht : user_pref("extensions.searchgol.vrsnTs", "1.8.16.1922:05:14");
Zeile gelöscht : user_pref("extensions.searchgol.vrsni", "1.8.16.19");
*************************
AdwCleaner[R0].txt - [7408 octets] - [23/08/2014 18:36:59]
AdwCleaner[S0].txt - [6937 octets] - [23/08/2014 21:57:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6997 octets] ##########
JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows Vista (TM) Home Basic x86
Ran by Sauerland on 23.08.2014 at 22:04:29,88
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4034917407-2925645633-2811160046-1006\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110411411150}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{D7D9CC48-72A9-4A5B-97B6-F316BE5BFF22}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [File] C:\Users\Sauerland\AppData\Roaming\mozilla\firefox\profiles\vlqc3s88.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Emptied folder: C:\Users\Sauerland\AppData\Roaming\mozilla\firefox\profiles\vlqc3s88.default\minidumps [173 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.08.2014 at 22:09:37,50
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Sauerland (administrator) on SAUERLAND-PC on 23-08-2014 22:12:32
Running from C:\Users\Sauerland\Desktop
Platform: Microsoft® Windows Vista™ Home Basic (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\AEADISRV.EXE
(Agere Systems) C:\WINDOWS\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\WINDOWS\SMINST\Scheduler.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-12-15] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [833072 2007-06-07] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472632 2007-05-11] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-06-05] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2008-06-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [ST Recovery Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-06-06] (soft thinks)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.17 217.0.43.49
FireFox:
========
FF ProfilePath: C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Users\Sauerland\Desktop\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\abs@avira.com [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-08]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-06-05] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.) [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-10] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 22:12 - 2014-08-23 22:12 - 00012988 _____ () C:\Users\Sauerland\Desktop\FRST.txt
2014-08-23 22:09 - 2014-08-23 22:09 - 00001740 _____ () C:\Users\Sauerland\Desktop\JRT.txt
2014-08-23 22:01 - 2014-08-23 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 18:30 - 2014-08-23 21:57 - 00000000 ____D () C:\AdwCleaner
2014-08-23 18:30 - 2014-08-23 16:39 - 01364531 _____ () C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
2014-08-23 16:41 - 2014-08-23 16:39 - 01016261 _____ (Thisisu) C:\Users\Sauerland\Desktop\JRT.exe
2014-08-23 16:41 - 2014-08-22 21:05 - 01094144 _____ (Farbar) C:\Users\Sauerland\Desktop\FRST.exe
2014-08-22 21:10 - 2014-08-23 22:12 - 00000000 ____D () C:\FRST
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable
2014-08-22 20:50 - 2014-08-22 20:50 - 00162872 _____ () C:\Users\Sauerland\Downloads\Setup.exe
2014-08-22 18:29 - 2014-08-22 19:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 18:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 18:29 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe
2014-08-18 08:41 - 2014-08-18 08:42 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-18 08:36 - 2014-08-18 08:42 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:35 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Package Cache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 22:12 - 2014-08-23 22:12 - 00012988 _____ () C:\Users\Sauerland\Desktop\FRST.txt
2014-08-23 22:12 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST
2014-08-23 22:09 - 2014-08-23 22:09 - 00001740 _____ () C:\Users\Sauerland\Desktop\JRT.txt
2014-08-23 22:03 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 22:03 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 22:02 - 2007-12-15 02:20 - 00000000 ____D () C:\Windows\SMINST
2014-08-23 22:02 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 22:01 - 2014-08-23 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 22:01 - 2013-09-08 10:39 - 01166949 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 22:01 - 2006-11-09 18:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-23 22:01 - 2006-11-02 14:58 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-23 21:58 - 2007-12-15 02:38 - 00245002 _____ () C:\Windows\PFRO.log
2014-08-23 21:57 - 2014-08-23 18:30 - 00000000 ____D () C:\AdwCleaner
2014-08-23 21:57 - 2013-09-08 14:21 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-23 21:57 - 2013-09-08 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-23 21:55 - 2013-09-19 16:51 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job
2014-08-23 19:25 - 2014-01-03 10:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 16:39 - 2014-08-23 18:30 - 01364531 _____ () C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
2014-08-23 16:39 - 2014-08-23 16:41 - 01016261 _____ (Thisisu) C:\Users\Sauerland\Desktop\JRT.exe
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable
2014-08-22 21:09 - 2013-09-08 11:39 - 00000000 ____D () C:\Users\Sauerland
2014-08-22 21:05 - 2014-08-23 16:41 - 01094144 _____ (Farbar) C:\Users\Sauerland\Desktop\FRST.exe
2014-08-22 20:50 - 2014-08-22 20:50 - 00162872 _____ () C:\Users\Sauerland\Downloads\Setup.exe
2014-08-22 19:53 - 2014-08-22 18:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2006-11-02 12:33 - 01488910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 18:26 - 2013-09-10 21:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-22 18:26 - 2013-09-10 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-19 22:57 - 2013-09-08 14:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-18 09:01 - 2014-06-22 14:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe
2014-08-18 08:42 - 2014-08-18 08:41 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-18 08:42 - 2014-08-18 08:36 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:42 - 2014-08-18 08:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 08:42 - 2013-09-10 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 08:42 - 2013-09-10 21:02 - 00000000 ____D () C:\Program Files\Avira
2014-08-18 08:36 - 2013-09-10 21:02 - 00000000 ____D () C:\ProgramData\Avira
Some content of TEMP:
====================
C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe
C:\Users\Sauerland\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Sauerland\AppData\Local\Temp\HPQSi.exe
C:\Users\Sauerland\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Sauerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Sauerland\AppData\Local\Temp\setup.exe
C:\Users\Sauerland\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Sauerland\AppData\Local\Temp\uninst1.exe
C:\Users\Sauerland\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Sauerland\AppData\Local\Temp\_is8114.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-23 22:09
==================== End Of Log ============================
--- --- --- --- --- --- Avira Free Antivirus: Code:
ATTFilter
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Samstag, 23. August 2014 22:21
Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.
Lizenznehmer : Avira Antivirus Free
Seriennummer : 0000149996-AVHOE-0000001
Plattform : Windows Vista (TM) Home Basic
Windowsversion : (plain) [6.0.6000]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : SAUERLAND-PC
Versionsinformationen:
BUILD.DAT : 14.0.6.552 92022 Bytes 23.07.2014 13:29:00
AVSCAN.EXE : 14.0.6.548 1046608 Bytes 18.08.2014 06:21:49
AVSCANRC.DLL : 14.0.6.522 62544 Bytes 18.08.2014 06:21:49
LUKE.DLL : 14.0.6.522 57936 Bytes 18.08.2014 06:22:03
AVSCPLR.DLL : 14.0.6.548 92752 Bytes 18.08.2014 06:21:49
AVREG.DLL : 14.0.6.522 262224 Bytes 18.08.2014 06:21:47
avlode.dll : 14.0.6.526 603728 Bytes 18.08.2014 06:21:47
avlode.rdf : 14.0.4.42 65114 Bytes 18.08.2014 06:21:45
XBV00009.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:08
XBV00010.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00011.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00012.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00013.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00014.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00015.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00016.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00017.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00018.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00019.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00020.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00021.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00022.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00023.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00024.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00025.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00026.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00027.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00028.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00029.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00030.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00031.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00032.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00033.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00034.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00035.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00036.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00037.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00038.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00039.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00040.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00041.VDF : 8.11.165.190 2048 Bytes 07.08.2014 06:22:09
XBV00068.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00069.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00070.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00071.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00072.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00073.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00074.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00075.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00076.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00077.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00078.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00079.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00080.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00081.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00082.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00083.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00084.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00085.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00086.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00087.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00088.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00089.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00090.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00091.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00092.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00093.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00094.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:28
XBV00095.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00096.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00097.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00098.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00099.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00100.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00101.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00102.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00103.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00104.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00105.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00106.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00107.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00108.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00109.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00110.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00111.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00112.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00113.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00114.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00115.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00116.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00117.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00118.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00119.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00120.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00121.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00122.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00123.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00124.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00125.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00126.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00127.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00128.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00129.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00130.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00131.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00132.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00133.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00134.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00135.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00136.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00137.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00138.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00139.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00140.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00141.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:29
XBV00142.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00143.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00144.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00145.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00146.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00147.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00148.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00149.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00150.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00151.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00152.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00153.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00154.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00155.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00156.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00157.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00158.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00159.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00160.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00161.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00162.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00163.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00164.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00165.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00166.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00167.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00168.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00169.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00170.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00171.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00172.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00173.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00174.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00175.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00176.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00177.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00178.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00179.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00180.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00181.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00182.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00183.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00184.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00185.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00186.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00187.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00188.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:30
XBV00189.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00190.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00191.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00192.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00193.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00194.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00195.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00196.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00197.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00198.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00199.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00200.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00201.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00202.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00203.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00204.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00205.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00206.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00207.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00208.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00209.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00210.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00211.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00212.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00213.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00214.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00215.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00216.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00217.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00218.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00219.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00220.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00221.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00222.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00223.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00224.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00225.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00226.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00227.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00228.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:31
XBV00229.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00230.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00231.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00232.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00233.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00234.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00235.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00236.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00237.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00238.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00239.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00240.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00241.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00242.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00243.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00244.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00245.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00246.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00247.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00248.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00249.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00250.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00251.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00252.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00253.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00254.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00255.VDF : 8.11.167.234 2048 Bytes 19.08.2014 21:03:32
XBV00000.VDF : 7.11.70.0 66736640 Bytes 04.04.2013 19:00:38
XBV00001.VDF : 7.11.74.226 2201600 Bytes 30.04.2013 19:00:42
XBV00002.VDF : 7.11.80.60 2751488 Bytes 28.05.2013 19:00:44
XBV00003.VDF : 7.11.85.214 2162688 Bytes 21.06.2013 19:00:46
XBV00004.VDF : 7.11.91.176 3903488 Bytes 23.07.2013 19:00:50
XBV00005.VDF : 7.11.98.186 6822912 Bytes 29.08.2013 19:00:56
XBV00006.VDF : 7.11.139.38 15708672 Bytes 27.03.2014 17:33:47
XBV00007.VDF : 7.11.152.100 4193792 Bytes 02.06.2014 20:43:51
XBV00008.VDF : 8.11.165.192 4251136 Bytes 07.08.2014 06:22:08
XBV00042.VDF : 8.11.167.234 1073152 Bytes 19.08.2014 21:03:27
XBV00043.VDF : 8.11.167.236 3584 Bytes 19.08.2014 21:03:27
XBV00044.VDF : 8.11.167.238 17408 Bytes 19.08.2014 21:03:27
XBV00045.VDF : 8.11.167.242 7168 Bytes 19.08.2014 21:03:27
XBV00046.VDF : 8.11.167.248 2048 Bytes 19.08.2014 21:03:27
XBV00047.VDF : 8.11.168.26 19968 Bytes 19.08.2014 21:03:28
XBV00048.VDF : 8.11.168.44 10240 Bytes 19.08.2014 15:38:46
XBV00049.VDF : 8.11.168.60 2048 Bytes 19.08.2014 15:38:46
XBV00050.VDF : 8.11.168.78 27136 Bytes 20.08.2014 15:38:46
XBV00051.VDF : 8.11.168.80 2048 Bytes 20.08.2014 15:38:46
XBV00052.VDF : 8.11.168.98 15360 Bytes 20.08.2014 15:38:46
XBV00053.VDF : 8.11.168.100 2048 Bytes 20.08.2014 15:38:46
XBV00054.VDF : 8.11.168.116 28160 Bytes 20.08.2014 15:38:46
XBV00055.VDF : 8.11.168.118 9216 Bytes 20.08.2014 15:38:46
XBV00056.VDF : 8.11.168.120 4096 Bytes 20.08.2014 15:38:47
XBV00057.VDF : 8.11.168.124 12800 Bytes 21.08.2014 15:38:47
XBV00058.VDF : 8.11.168.126 25088 Bytes 21.08.2014 15:38:47
XBV00059.VDF : 8.11.168.132 33280 Bytes 21.08.2014 15:38:47
XBV00060.VDF : 8.11.168.134 2048 Bytes 21.08.2014 15:38:47
XBV00061.VDF : 8.11.168.138 11776 Bytes 21.08.2014 15:38:47
XBV00062.VDF : 8.11.168.140 3584 Bytes 21.08.2014 15:38:47
XBV00063.VDF : 8.11.168.158 3584 Bytes 22.08.2014 15:38:47
XBV00064.VDF : 8.11.168.174 2048 Bytes 22.08.2014 15:38:47
XBV00065.VDF : 8.11.168.180 5120 Bytes 22.08.2014 15:38:47
XBV00066.VDF : 8.11.168.220 7168 Bytes 22.08.2014 15:38:47
XBV00067.VDF : 8.11.168.222 20480 Bytes 22.08.2014 15:38:47
LOCAL001.VDF : 8.11.168.222 109041664 Bytes 22.08.2014 15:40:22
Engineversion : 8.3.24.18
AEVDF.DLL : 8.3.1.6 133992 Bytes 22.08.2014 15:38:46
AESCRIPT.DLL : 8.2.0.18 437104 Bytes 22.08.2014 15:38:46
AESCN.DLL : 8.3.2.2 139456 Bytes 18.08.2014 06:21:44
AESBX.DLL : 8.2.20.24 1409224 Bytes 09.05.2014 17:59:29
AERDL.DLL : 8.2.0.138 704888 Bytes 02.12.2013 19:53:15
AEPACK.DLL : 8.4.0.50 792488 Bytes 18.08.2014 06:21:44
AEOFFICE.DLL : 8.3.0.20 216104 Bytes 18.08.2014 06:21:44
AEHEUR.DLL : 8.1.4.1240 7433072 Bytes 22.08.2014 15:38:45
AEHELP.DLL : 8.3.1.0 278728 Bytes 30.05.2014 19:48:53
AEGEN.DLL : 8.1.7.28 450752 Bytes 13.06.2014 20:42:31
AEEXP.DLL : 8.4.2.30 247712 Bytes 22.08.2014 15:38:46
AEEMU.DLL : 8.1.3.4 399264 Bytes 18.08.2014 06:21:41
AEDROID.DLL : 8.4.2.24 442568 Bytes 13.06.2014 20:42:41
AECORE.DLL : 8.3.2.6 243712 Bytes 18.08.2014 06:21:41
AEBB.DLL : 8.1.2.0 60448 Bytes 18.08.2014 06:21:41
AVWINLL.DLL : 14.0.6.522 24144 Bytes 18.08.2014 06:21:40
AVPREF.DLL : 14.0.6.522 50256 Bytes 18.08.2014 06:21:47
AVREP.DLL : 14.0.6.522 219216 Bytes 18.08.2014 06:21:47
AVARKT.DLL : 14.0.5.368 226384 Bytes 24.06.2014 09:53:07
AVEVTLOG.DLL : 14.0.6.522 182352 Bytes 18.08.2014 06:21:46
SQLITE3.DLL : 14.0.6.522 452176 Bytes 18.08.2014 06:22:04
AVSMTP.DLL : 14.0.6.522 76368 Bytes 18.08.2014 06:21:49
NETNT.DLL : 14.0.6.522 13392 Bytes 18.08.2014 06:22:03
RCIMAGE.DLL : 14.0.6.544 4863568 Bytes 18.08.2014 06:21:40
RCTEXT.DLL : 14.0.6.536 74320 Bytes 18.08.2014 06:21:40
Konfiguration für den aktuellen Suchlauf:
Job Name..............................: AVGuardAsyncScan
Konfigurationsdatei...................: C:\ProgramData\Avira\AntiVir Desktop\TEMP\AVGUARD_53f8f38e\guard_slideup.avp
Protokollierung.......................: standard
Primäre Aktion........................: Interaktiv
Sekundäre Aktion......................: Quarantäne
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: aus
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: aus
Suche nach Rootkits...................: aus
Integritätsprüfung von Systemdateien..: aus
Prüfe alle Dateien....................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: Vollständig
Beginn des Suchlaufs: Samstag, 23. August 2014 22:21
Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '91' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'i_view32.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'FRST.exe' - '80' Modul(e) wurden durchsucht
Durchsuche Prozess 'TrustedInstaller.exe' - '56' Modul(e) wurden durchsucht
Durchsuche Prozess 'explorer.exe' - '121' Modul(e) wurden durchsucht
Durchsuche Prozess 'hphc_service.exe' - '43' Modul(e) wurden durchsucht
Durchsuche Prozess 'PresentationFontCache.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'COCIManager.exe' - '35' Modul(e) wurden durchsucht
Durchsuche Prozess 'unsecapp.exe' - '27' Modul(e) wurden durchsucht
Durchsuche Prozess 'Com4QLBEx.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnetwk.exe' - '69' Modul(e) wurden durchsucht
Durchsuche Prozess 'AVWEBGRD.EXE' - '47' Modul(e) wurden durchsucht
Durchsuche Prozess 'avshadow.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'HpqToaster.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'VolCtrl.exe' - '25' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxsrvc.exe' - '24' Modul(e) wurden durchsucht
Durchsuche Prozess 'conime.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmpnscfg.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Vid.exe' - '98' Modul(e) wurden durchsucht
Durchsuche Prozess 'LightScribeControlPanel.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'sidebar.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.Systray.exe' - '123' Modul(e) wurden durchsucht
Durchsuche Prozess 'LWS.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '79' Modul(e) wurden durchsucht
Durchsuche Prozess 'QLBCTRL.exe' - '42' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpwuSchd2.exe' - '15' Modul(e) wurden durchsucht
Durchsuche Prozess 'jusched.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'WiFiMsg.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'HPWAMain.exe' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'SynTPEnh.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'pthosttr.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsty.exe' - '20' Modul(e) wurden durchsucht
Durchsuche Prozess 'smax4pnp.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxpers.exe' - '19' Modul(e) wurden durchsucht
Durchsuche Prozess 'hkcmd.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'igfxtray.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'scheduler.exe' - '57' Modul(e) wurden durchsucht
Durchsuche Prozess 'Dwm.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'taskeng.exe' - '68' Modul(e) wurden durchsucht
Durchsuche Prozess 'hpqwmiex.exe' - '32' Modul(e) wurden durchsucht
Durchsuche Prozess 'Avira.OE.ServiceHost.exe' - '128' Modul(e) wurden durchsucht
Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'pdfsvc.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'LVPrcSrv.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'apnmcp.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '115' Modul(e) wurden durchsucht
Durchsuche Prozess 'agrsmsvc.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'AEADISRV.EXE' - '5' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'spoolsv.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'WLANExt.exe' - '38' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '77' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '133' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '89' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Der Suchlauf über die ausgewählten Dateien wird begonnen:
Beginne mit der Suche in 'C:\Users\Sauerland\Downloads\Setup.exe'
C:\Users\Sauerland\Downloads\Setup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/iBryte.AR
Beginne mit der Desinfektion:
C:\Users\Sauerland\Downloads\Setup.exe
[FUND] Enthält Erkennungsmuster der Adware ADWARE/iBryte.AR
[HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '57f65cca.qua' verschoben!
Ende des Suchlaufs: Samstag, 23. August 2014 22:23
Benötigte Zeit: 00:12 Minute(n)
Der Suchlauf wurde vollständig durchgeführt.
0 Verzeichnisse wurden überprüft
636 Dateien wurden geprüft
1 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
0 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
635 Dateien ohne Befall
8 Archive wurden durchsucht
0 Warnungen
1 Hinweise
Die Suchergebnisse werden an den Guard übermittelt.
FRST (2. Mal): FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Sauerland (administrator) on SAUERLAND-PC on 23-08-2014 22:53:10
Running from C:\Users\Sauerland\Desktop
Platform: Microsoft® Windows Vista™ Home Basic (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\AEADISRV.EXE
(Agere Systems) C:\WINDOWS\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
() C:\WINDOWS\SMINST\Scheduler.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-12-15] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [833072 2007-06-07] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472632 2007-05-11] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-06-05] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2008-06-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [ST Recovery Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-06-06] (soft thinks)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.17 217.0.43.49
FireFox:
========
FF ProfilePath: C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Users\Sauerland\Desktop\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\abs@avira.com [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-08]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-06-05] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.) [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-10] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 22:12 - 2014-08-23 22:53 - 00012988 _____ () C:\Users\Sauerland\Desktop\FRST.txt
2014-08-23 22:09 - 2014-08-23 22:09 - 00001740 _____ () C:\Users\Sauerland\Desktop\JRT.txt
2014-08-23 22:01 - 2014-08-23 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 18:30 - 2014-08-23 21:57 - 00000000 ____D () C:\AdwCleaner
2014-08-23 18:30 - 2014-08-23 16:39 - 01364531 _____ () C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
2014-08-23 16:41 - 2014-08-23 16:39 - 01016261 _____ (Thisisu) C:\Users\Sauerland\Desktop\JRT.exe
2014-08-23 16:41 - 2014-08-22 21:05 - 01094144 _____ (Farbar) C:\Users\Sauerland\Desktop\FRST.exe
2014-08-22 21:10 - 2014-08-23 22:53 - 00000000 ____D () C:\FRST
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable
2014-08-22 18:29 - 2014-08-22 19:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 18:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 18:29 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe
2014-08-18 08:41 - 2014-08-18 08:42 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-18 08:36 - 2014-08-18 08:42 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:35 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Package Cache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-23 22:53 - 2014-08-23 22:12 - 00012988 _____ () C:\Users\Sauerland\Desktop\FRST.txt
2014-08-23 22:53 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST
2014-08-23 22:26 - 2014-01-03 10:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-23 22:09 - 2014-08-23 22:09 - 00001740 _____ () C:\Users\Sauerland\Desktop\JRT.txt
2014-08-23 22:07 - 2013-09-08 10:39 - 01166949 _____ () C:\Windows\WindowsUpdate.log
2014-08-23 22:03 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-23 22:03 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-23 22:02 - 2007-12-15 02:20 - 00000000 ____D () C:\Windows\SMINST
2014-08-23 22:02 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-23 22:01 - 2014-08-23 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 22:01 - 2006-11-09 18:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-23 22:01 - 2006-11-02 14:58 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-23 21:58 - 2007-12-15 02:38 - 00245002 _____ () C:\Windows\PFRO.log
2014-08-23 21:57 - 2014-08-23 18:30 - 00000000 ____D () C:\AdwCleaner
2014-08-23 21:57 - 2013-09-08 14:21 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-23 21:57 - 2013-09-08 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-23 21:55 - 2013-09-19 16:51 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job
2014-08-23 16:39 - 2014-08-23 18:30 - 01364531 _____ () C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
2014-08-23 16:39 - 2014-08-23 16:41 - 01016261 _____ (Thisisu) C:\Users\Sauerland\Desktop\JRT.exe
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable
2014-08-22 21:09 - 2013-09-08 11:39 - 00000000 ____D () C:\Users\Sauerland
2014-08-22 21:05 - 2014-08-23 16:41 - 01094144 _____ (Farbar) C:\Users\Sauerland\Desktop\FRST.exe
2014-08-22 19:53 - 2014-08-22 18:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2006-11-02 12:33 - 01488910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-22 18:26 - 2013-09-10 21:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-22 18:26 - 2013-09-10 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-19 22:57 - 2013-09-08 14:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-18 09:01 - 2014-06-22 14:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe
2014-08-18 08:42 - 2014-08-18 08:41 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-18 08:42 - 2014-08-18 08:36 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:42 - 2014-08-18 08:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 08:42 - 2013-09-10 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 08:42 - 2013-09-10 21:02 - 00000000 ____D () C:\Program Files\Avira
2014-08-18 08:36 - 2013-09-10 21:02 - 00000000 ____D () C:\ProgramData\Avira
Some content of TEMP:
====================
C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe
C:\Users\Sauerland\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Sauerland\AppData\Local\Temp\HPQSi.exe
C:\Users\Sauerland\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Sauerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Sauerland\AppData\Local\Temp\setup.exe
C:\Users\Sauerland\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Sauerland\AppData\Local\Temp\uninst1.exe
C:\Users\Sauerland\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Sauerland\AppData\Local\Temp\_is8114.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-23 22:09
==================== End Of Log ============================
|
|
25.08.2014, 12:24
| #4 |
| /// the machine /// TB-Ausbilder | V9.com ständig auch hierESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.08.2014, 04:54
| #5 |
| | V9.com ständig auch hier Hallo, hat etwas gedauert, da ich noch andere eilige Projekte habe. Sind jetzt alle Schädlinge entfernt? ESET hat ja noch einiges gefunden. ESET Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=f169870a5d716240bd34991d5b32b3c6
# engine=19853
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-08-26 08:12:36
# local_time=2014-08-26 10:12:36 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.0.6000 NT
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 361771 30244291 0 0
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 30252529 246616728 0 0
# scanned=185914
# found=19
# cleaned=0
# scan_time=4230
sh=1658A2A3C75D44161B2D1A185447A88D7F656E37 ft=1 fh=67c324132214aaee vn="MSIL/DomaIQ.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Uninstaller\Uninstall.exe.vir"
sh=202C1899F9B92EF86E40333C701C620BB16CE1F2 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QVHROIJE\monetizationLoader[2].js"
sh=09FD859E3A060D51E52C857E14F41B70F7F8B7C0 ft=1 fh=c71c0011801c8f99 vn="Variante von Win32/AdWare.iBryte.BC Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QVHROIJE\Setup[1].exe"
sh=2852A9FED146A9EEEA30C5CE6C196709A7C7E771 ft=1 fh=ef6178f2d21a5b5b vn="Variante von MSIL/DomaIQ.W evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\gfdC986.tmp"
sh=09FD859E3A060D51E52C857E14F41B70F7F8B7C0 ft=1 fh=c71c0011801c8f99 vn="Variante von Win32/AdWare.iBryte.BC Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\setup.exe"
sh=D2EAFFAD45CC86DE6E07E9D8E42440CD25DA5754 ft=1 fh=855d8e396d7ffddb vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\28b1331e-fb45-44f2-b9e7-25fdad794c4f\software\Cloud_Backup_Setup.exe"
sh=1549CF4F9282F1B42A58B5E050E12EF0AD669798 ft=1 fh=ffe6693d8bc7d6c5 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\BabMaint.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\771E089C-BAB0-7891-B2A1-2BDCE466B4A2\Latest\IEHelper.dll"
sh=D8F10BDFCF1D7203A10EDD44BFA91E63429F7509 ft=1 fh=125879de58b34aa1 vn="Win32/Toolbar.Babylon.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\BabMaint.exe"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\876BA97F-BAB0-7891-A514-7EB627F607B3\Latest\IEHelper.dll"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\is45637729\2466172_stp\wajam_validate.exe"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724398_stp\wajam_validate.exe"
sh=3BAF8CD5B96038EA21031BFD30351498C4CBD168 ft=1 fh=dbe623ff013517a5 vn="Win32/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724732_stp\Cloud_Backup_Setup_EURO.exe"
sh=82FCB8F238714B0CB9CB50A1D233BB876EAE1F8E ft=1 fh=0a28b37f82595fb9 vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\AppData\Local\Temp\is922941421\457724783_stp\whilokii_is.exe"
sh=7B68AB5C6B58C137FF3D530C545DCAB36B300890 ft=1 fh=327759da671c5f34 vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\Downloads\ReimageRepair(1).exe"
sh=7B68AB5C6B58C137FF3D530C545DCAB36B300890 ft=1 fh=327759da671c5f34 vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sauerland\Downloads\ReimageRepair.exe"
sh=A23519E8073FDB68C377074CFC41DEF71AD03D44 ft=1 fh=ca61199ae536065a vn="Win32/StartPage.OPH Trojaner" ac=I fn="H:\$RECYCLE.BIN\S-1-5-21-1560924800-3668471315-1165471220-1006\$RD79WPD.exe"
sh=509931418DEB6B75185A9AAF4E687297D6F5CF61 ft=1 fh=98bdefe44f6519ae vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\$RECYCLE.BIN\S-1-5-21-1560924800-3668471315-1165471220-1006\$RJ2P3DV.exe"
sh=D20146018CC2327122B2692E355F353DFA6D571A ft=1 fh=641303b82d1a41cf vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="H:\$RECYCLE.BIN\S-1-5-21-1560924800-3668471315-1165471220-1006\$RU73BN4.exe"
SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows Vista x86 (UAC is disabled!)
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 14.0.0.145
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
FRST FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:21-08-2014
Ran by Sauerland (administrator) on SAUERLAND-PC on 27-08-2014 05:39:32
Running from C:\Users\Sauerland\Desktop
Platform: Microsoft® Windows Vista™ Home Basic (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\WINDOWS\System32\SLsvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\AEADISRV.EXE
(Agere Systems) C:\WINDOWS\System32\agrsmsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(APN LLC.) C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
(Logitech Inc.) C:\Program Files\Common Files\logishrd\LVMVFM\LVPrcSrv.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
() C:\WINDOWS\SMINST\Scheduler.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(PDF Complete Inc) C:\Program Files\PDF Complete\pdfsty.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
() C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
(Logitech Inc.) C:\Program Files\Logitech\Logitech Vid\Vid.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
(Microsoft Corporation) C:\WINDOWS\System32\wbem\unsecapp.exe
() C:\Program Files\Common Files\logishrd\LQCVFX\COCIManager.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\WINDOWS\System32\conime.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Service.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1006264 2007-12-15] (Microsoft Corporation)
HKLM\...\Run: [SoundMAXPnP] => C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [PDF Complete] => C:\Program Files\PDF Complete\pdfsty.exe [331552 2007-05-08] (PDF Complete Inc)
HKLM\...\Run: [PTHOSTTR] => C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE [145184 2007-01-09] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [833072 2007-06-07] (Synaptics, Inc.)
HKLM\...\Run: [hpWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [472632 2007-05-11] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [WAWifiMessage] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe [317128 2007-01-10] (Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [HP Health Check Scheduler] => c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [71176 2007-06-05] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [246504 2010-01-11] (Sun Microsystems, Inc.)
HKLM\...\Run: [HP Software Update] => c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [49152 2005-02-17] (Hewlett-Packard Co.)
HKLM\...\Run: [QlbCtrl.exe] => C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [177456 2008-06-03] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-18] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] ()
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [190032 2014-07-24] (Avira Operations GmbH & Co. KG)
HKLM\...\RunOnce: [ST Recovery Launcher] => C:\Windows\SMINST\launcher.exe [44168 2007-06-06] (soft thinks)
Winlogon\Notify\DeviceNP: C:\Windows\system32\DeviceNP.dll (Hewlett-Packard Limited)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [LightScribe Control Panel] => C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [484904 2007-04-19] (Hewlett-Packard Company)
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [Logitech Vid] => C:\Program Files\Logitech\Logitech Vid\vid.exe [5458704 2009-07-16] (Logitech Inc.)
HKU\S-1-5-21-4034917407-2925645633-2811160046-1006\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [201728 2006-11-02] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 217.0.43.17 217.0.43.49
FireFox:
========
FF ProfilePath: C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.2 -> C:\Users\Sauerland\Desktop\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Sauerland\AppData\Roaming\Mozilla\Firefox\Profiles\vlqc3s88.default\Extensions\abs@avira.com [2014-08-22]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-09-08]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [aaaaacalgebmfelllfiaoknifldpngjh] - C:\ProgramData\AskPartnerNetwork\Toolbar\AVIRA-V7\CRX\ToolbarCR.crx [2014-08-06]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1021008 2014-08-18] (Avira Operations GmbH & Co. KG)
R2 APNMCP; C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [165784 2014-06-23] (APN LLC.)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [141392 2014-07-24] (Avira Operations GmbH & Co. KG)
S3 FLCDLOCK; C:\Windows\system32\flcdlock.exe [172131 2007-06-08] (Hewlett-Packard Ltd) [File not signed]
R2 HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [61440 2007-06-05] (Hewlett-Packard) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
R2 pdfcDispatcher; C:\Program Files\PDF Complete\pdfsvc.exe [540448 2007-05-08] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-06-13] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 DAMDrv; C:\Windows\System32\DRIVERS\DAMDrv.sys [30008 2007-06-08] (Hewlett-Packard Development Company L.P.) [File not signed]
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25752 2009-10-07] ()
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [2687512 2009-04-30] (Logitech Inc.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-09-10] (Avira GmbH)
S4 blbdrive; \SystemRoot\system32\drivers\blbdrive.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-27 05:25 - 2014-08-26 20:34 - 00854417 _____ () C:\Users\Sauerland\Desktop\SecurityCheck.exe
2014-08-23 22:12 - 2014-08-27 05:39 - 00012988 _____ () C:\Users\Sauerland\Desktop\FRST.txt
2014-08-23 22:09 - 2014-08-23 22:09 - 00001740 _____ () C:\Users\Sauerland\Desktop\JRT.txt
2014-08-23 22:01 - 2014-08-23 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 18:30 - 2014-08-23 21:57 - 00000000 ____D () C:\AdwCleaner
2014-08-23 18:30 - 2014-08-23 16:39 - 01364531 _____ () C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
2014-08-23 16:41 - 2014-08-23 16:39 - 01016261 _____ (Thisisu) C:\Users\Sauerland\Desktop\JRT.exe
2014-08-23 16:41 - 2014-08-22 21:05 - 01094144 _____ (Farbar) C:\Users\Sauerland\Desktop\FRST.exe
2014-08-22 21:10 - 2014-08-27 05:39 - 00000000 ____D () C:\FRST
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable
2014-08-22 18:29 - 2014-08-22 19:53 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-22 18:29 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-22 18:29 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe
2014-08-18 08:41 - 2014-08-18 08:42 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-18 08:36 - 2014-08-18 08:42 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:35 - 2014-08-18 08:42 - 00000000 ____D () C:\ProgramData\Package Cache
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-27 05:39 - 2014-08-23 22:12 - 00012988 _____ () C:\Users\Sauerland\Desktop\FRST.txt
2014-08-27 05:39 - 2014-08-22 21:10 - 00000000 ____D () C:\FRST
2014-08-27 05:27 - 2013-09-19 16:51 - 00000426 ____H () C:\Windows\Tasks\User_Feed_Synchronization-{D24E31C5-698E-4D95-A1A4-C6096E317E4E}.job
2014-08-27 05:26 - 2014-01-03 10:45 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-27 05:25 - 2013-09-08 10:39 - 01223938 _____ () C:\Windows\WindowsUpdate.log
2014-08-27 05:22 - 2007-12-15 02:20 - 00000000 ____D () C:\Windows\SMINST
2014-08-27 05:22 - 2006-11-02 14:58 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-27 05:22 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-08-27 05:22 - 2006-11-02 14:45 - 00003072 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-08-27 05:21 - 2007-12-15 02:38 - 00245792 _____ () C:\Windows\PFRO.log
2014-08-26 22:25 - 2006-11-09 18:42 - 00000012 _____ () C:\Windows\bthservsdp.dat
2014-08-26 22:25 - 2006-11-02 14:58 - 00032606 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-08-26 20:43 - 2006-11-02 12:33 - 01488910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-26 20:34 - 2014-08-27 05:25 - 00854417 _____ () C:\Users\Sauerland\Desktop\SecurityCheck.exe
2014-08-23 22:09 - 2014-08-23 22:09 - 00001740 _____ () C:\Users\Sauerland\Desktop\JRT.txt
2014-08-23 22:01 - 2014-08-23 22:01 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 21:57 - 2014-08-23 18:30 - 00000000 ____D () C:\AdwCleaner
2014-08-23 21:57 - 2013-09-08 14:21 - 00000858 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-08-23 21:57 - 2013-09-08 14:21 - 00000846 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-08-23 16:39 - 2014-08-23 18:30 - 01364531 _____ () C:\Users\Sauerland\Desktop\adwcleaner_3.308.exe
2014-08-23 16:39 - 2014-08-23 16:41 - 01016261 _____ (Thisisu) C:\Users\Sauerland\Desktop\JRT.exe
2014-08-22 21:09 - 2014-08-22 21:09 - 00000000 _____ () C:\Users\Sauerland\defogger_reenable
2014-08-22 21:09 - 2013-09-08 11:39 - 00000000 ____D () C:\Users\Sauerland
2014-08-22 21:05 - 2014-08-23 16:41 - 01094144 _____ (Farbar) C:\Users\Sauerland\Desktop\FRST.exe
2014-08-22 19:53 - 2014-08-22 18:29 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-22 18:29 - 2014-08-22 18:29 - 00000899 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-22 18:29 - 2014-08-22 18:29 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-08-22 18:26 - 2013-09-10 21:15 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-22 18:26 - 2013-09-10 21:15 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-08-19 22:57 - 2013-09-08 14:21 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-08-18 09:01 - 2014-06-22 14:07 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-08-18 08:50 - 2014-08-18 08:50 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih(1).exe
2014-08-18 08:42 - 2014-08-18 08:41 - 01058200 _____ (Adobe) C:\Users\Sauerland\Downloads\install_flashplayer14x32au_mssa_awc_aih.exe
2014-08-18 08:42 - 2014-08-18 08:36 - 00001002 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-08-18 08:42 - 2014-08-18 08:35 - 00000000 ____D () C:\ProgramData\Package Cache
2014-08-18 08:42 - 2013-09-10 21:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-08-18 08:42 - 2013-09-10 21:02 - 00000000 ____D () C:\Program Files\Avira
2014-08-18 08:36 - 2013-09-10 21:02 - 00000000 ____D () C:\ProgramData\Avira
Some content of TEMP:
====================
C:\Users\Sauerland\AppData\Local\Temp\avgnt.exe
C:\Users\Sauerland\AppData\Local\Temp\BackupSetup.exe
C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Sauerland\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Sauerland\AppData\Local\Temp\HPQSi.exe
C:\Users\Sauerland\AppData\Local\Temp\qc_a402013b_7656_4f6f_b57f_5a8ef69f5fc4_32.exe
C:\Users\Sauerland\AppData\Local\Temp\Quarantine.exe
C:\Users\Sauerland\AppData\Local\Temp\setup.exe
C:\Users\Sauerland\AppData\Local\Temp\SymLCSVC.EXE
C:\Users\Sauerland\AppData\Local\Temp\uninst1.exe
C:\Users\Sauerland\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Sauerland\AppData\Local\Temp\_is8114.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-27 05:28
==================== End Of Log ============================
--- --- --- Grüße Alexander |
|
27.08.2014, 16:16
| #6 |
| /// the machine /// TB-Ausbilder | V9.com ständig auch hier Erstmal Vista updaten, du hast irgendwie 5 Jahre Updates verschlafen.....
__________________ --> V9.com ständig auch hier |
|
29.08.2014, 20:45
| #7 | |
| | V9.com ständig auch hierZitat:
danke für den Hinweis. Hat leider wieder gedauert, bis ich soweit bin. Vista hatte ich vor wenigen Monaten neu aufgesetzt. In den Windows Update-Einstellungen war alles richtig eingestellt, Windows hat aber das SP1 nicht tatsächlich installiert, obwohl eine "erfolgreiche" Installation gemeldet wurde (auch noch mehrmaliger Wiederholung). Nach Recherche im Internet habe ich das "Systemupdate-Vorbereitungstool" sowie auch SP1 manuell heruntergeladen und installiert. Danach ging auch die normale Update-Routine wieder. Ich hoffe jetzt kommen wir weiter. Vielen Dank für Deine Geduld in diesem "zähen" Fall. Grüße Alexander SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows Vista Service Pack 2 x86 (UAC is disabled!)
Internet Explorer 7 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 14.0.0.179
Mozilla Firefox (31.0)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
|
|
30.08.2014, 07:11
| #8 |
| /// the machine /// TB-Ausbilder | V9.com ständig auch hier IE brauch auch noch Updates. Papierkorb leeren. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.08.2014, 21:41
| #9 | |||
| | V9.com ständig auch hier Hallo, Zitat:
Zitat:
Zitat:
Die anderen Tipps werde ich noch umsetzen. Grüße Alexander |
|
01.09.2014, 14:43
| #10 | |
| /// the machine /// TB-Ausbilder | V9.com ständig auch hierZitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.09.2014, 21:10
| #11 | |
| | V9.com ständig auch hierZitat:
 Grüße Alexander |
|
02.09.2014, 19:22
| #12 |
| /// the machine /// TB-Ausbilder | V9.com ständig auch hier Lass das, der ist tiefer Bestandteil von Windows
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
