| |
| |||||||
Log-Analyse und Auswertung: ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
17.09.2014, 20:25
| #1 |
| |  ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Hallo liebe Helfer, Mein Avira schlägt in letzter Zeit oft Alarm und ist offenbar nicht fähig, die Viren restlos zu entfernen. Zuletzt kam ein Sicherheitshinweis als ich eine Datei im Papierkorb gesucht habe und zwar war 'adware/MultiPlug.aob' am werkeln... Jetzt muss ich endlich mal dagegen angehen und da ich nicht alles noch schlimmer machen will, hoffe ich auf Unterstützung. Vielen lieben Dank schon vorab, Sundaytrain FRST Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 17-09-2014 19:59:46
Running from C:\Users\Administrator\Downloads
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=088A001C4AF2CBDF&affID=121563&tt=150713_9127&tsp=4944
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
BHO: CescrtHlpr Object -> {64182481-4F71-486b-A045-B233BD0DA8FC} -> C:\Program Files\facemoods.com\facemoods\1.4.17.5\bh\facemoods.dll (facemoods.com BHO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: DealPly -> {EF7BD87A-8024-11E2-F316-F3E56188709B} -> C:\Program Files\DealPly\DealPlyIE.dll (DealPly)
Toolbar: HKLM - facemoods Toolbar - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoodsTlbr.dll (facemoods.com)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\delta.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrchddr.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Firefox\Extensions: [{ACAA314B-EEBA-48e4-AD47-84E31C44796C}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
Chrome:
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (DealPly Shopping) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\fmfnfnpmhcllokmkepffndflpnadjmma [2013-05-01]
CHR HKLM\...\Chrome\Extension: [ihflimipbcaljfnojhhknppphnnciiif] - C:\Program Files\facemoods.com\facemoods\1.4.17.5\facemoods.crx [2010-11-24]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 19:59 - 2014-09-17 20:01 - 00013240 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-19 16:35 - 2014-09-05 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-17 20:01 - 2014-09-17 19:59 - 00013240 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:58 - 2011-03-27 20:07 - 01065720 _____ () C:\Windows\WindowsUpdate.log
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Downloads\FRST.exe
2014-09-17 19:55 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-17 19:54 - 2011-08-13 18:42 - 00162981 _____ () C:\Windows\setupact.log
2014-09-17 19:54 - 2011-08-13 18:41 - 00219088 _____ () C:\Windows\PFRO.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-17 18:55 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-17 18:55 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 17:11 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 19:39 - 2014-09-10 15:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 17:11 - 2011-10-12 11:54 - 00000000 ____D () C:\Users\Administrator\.gimp-2.6
2014-08-19 00:26 - 2014-09-10 15:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 15:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-18 23:57 - 2014-09-10 15:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-18 23:57 - 2014-09-10 15:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-18 23:46 - 2014-09-10 15:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-18 23:45 - 2014-09-10 15:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-18 23:44 - 2014-09-10 15:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-18 23:44 - 2014-09-10 15:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-18 23:42 - 2014-09-10 15:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-18 23:39 - 2014-09-10 15:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-18 23:39 - 2014-09-10 15:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-18 23:37 - 2014-09-10 15:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-18 23:36 - 2014-09-10 15:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-18 23:36 - 2014-09-10 15:22 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-18 23:35 - 2014-09-10 15:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-18 23:30 - 2014-09-10 15:22 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-18 23:27 - 2014-09-10 15:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-18 23:22 - 2014-09-10 15:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-18 23:19 - 2014-09-10 15:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-18 23:17 - 2014-09-10 15:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-18 23:17 - 2014-09-10 15:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-18 23:15 - 2014-09-10 15:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-18 23:09 - 2014-09-10 15:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-18 23:08 - 2014-09-10 15:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-18 23:08 - 2014-09-10 15:22 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-18 23:07 - 2014-09-10 15:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-18 22:46 - 2014-09-10 15:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-18 22:38 - 2014-09-10 15:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-18 22:36 - 2014-09-10 15:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-18 16:04 - 2012-05-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-08-18 16:04 - 2012-05-08 15:18 - 00699568 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-08-18 16:04 - 2011-08-30 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
Files to move or delete:
====================
C:\ProgramData\dsgsdgdsgdsgw.pad
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-27 22:41
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-17 20:01:43
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Update for Microsoft Office 2007 (KB2508958) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}) (Version: - Microsoft)
µTorrent (HKLM\...\uTorrent) (Version: 3.0.0 - )
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Anchor Service CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Bridge CS4 (Version: 3 - Adobe Systems Incorporated) Hidden
Adobe CMaps CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color - Photoshop Specific CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color EU Recommended Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color JA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color NA Extra Settings CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Color Video Profiles CS CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Default Language CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe ExtendScript Toolkit CS4 (Version: 3.0.0 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Fonts All (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe Output Module (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop CS4 (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 Support (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Search for Help (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Service Manager Extension (Version: 1.0 - Adobe Systems Incorporated) Hidden
Adobe Setup (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Shockwave Player 12.1 (HKLM\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Adobe Type Support CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Update Manager CS4 (Version: 6.0.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin (Version: 1.1 - Adobe Systems Incorporated) Hidden
Adobe XMP Panels CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetCMYK (Version: 2.0 - Adobe Systems Incorporated) Hidden
AdobeColorCommonSetRGB (Version: 2.0 - Adobe Systems Incorporated) Hidden
Advertising Center (Version: 0.0.0.2 - Nero AG) Hidden
Audacity 2.0 (HKLM\...\Audacity_is1) (Version: - Audacity Team)
Avira (HKLM\...\{70e83cd8-4bd5-4039-ab5a-6b94a8abb641}) (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG)
Avira (Version: 1.1.21.25162 - Avira Operations GmbH & Co. KG) Hidden
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.6.570 - Avira)
Black and White (HKLM\...\{E51B4CD9-A0A6-4324-B26A-31B3F2DE26CE}) (Version: - )
CameraHelperMsi (Version: 13.25.1010.0 - Logitech) Hidden
Connect (Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 4.41.3.0173 - DT Soft Ltd)
DealPly (remove only) (HKLM\...\DealPly) (Version: 4.8.6.1 - DealPly Technologies Ltd.) <==== ATTENTION
Die Sims™ 3 (HKLM\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.26.89 - Electronic Arts)
Die Sims™ 3 Einfach tierisch (HKLM\...\{C12631C6-804D-4B32-B0DD-8A496462F106}) (Version: 10.0.96 - Electronic Arts)
Die Sims™ 3 Late Night (HKLM\...\{45057FCE-5784-48BE-8176-D9D00AF56C3C}) (Version: 6.0.81 - Electronic Arts)
DolbyFiles (Version: 2.0 - Nero AG) Hidden
erLT (Version: 1.20.138.34 - Logitech, Inc.) Hidden
Facemoods Toolbar (HKLM\...\facemoods) (Version: - ) <==== ATTENTION
Firebird SQL Server - MAGIX Edition (HKLM\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
Free YouTube to MP3 Converter version 3.12.5.628 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.5.628 - DVDVideoSoft Ltd.)
GIMP 2.6.11 (HKLM\...\WinGimp-2.0_is1) (Version: 2.6.11 - The GIMP Team)
Google+ Auto Backup (HKLM\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
ImagXpress (Version: 7.0.74.0 - Nero AG) Hidden
Java Auto Updater (Version: 2.0.3.1 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216022FF}) (Version: 6.0.240 - Oracle)
kuler (Version: 2.0 - Adobe Systems Incorporated) Hidden
Logitech QuickCam-Treiberpaket (HKLM\...\lvdrivers_11.70) (Version: - )
Logitech Webcam Software (HKLM\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
LWS Facebook (Version: 13.20.1166.0 - Logitech) Hidden
LWS Gallery (Version: 13.20.1166.0 - Logitech) Hidden
LWS Help_main (Version: 13.25.1016.0 - Logitech) Hidden
LWS Launcher (Version: 13.20.1166.0 - Logitech) Hidden
LWS Motion Detection (Version: 13.20.1176.0 - Logitech) Hidden
LWS Pictures And Video (Version: 13.25.1010.0 - Logitech) Hidden
LWS Twitter (Version: 13.20.1166.0 - Logitech) Hidden
LWS Video Mask Maker (Version: 13.10.1216.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.25.1005.0 - Logitech) Hidden
LWS Webcam Software (Version: 13.20.1168.0 - Logitech) Hidden
LWS WLM Plugin (Version: 1.20.1166.0 - Logitech) Hidden
LWS YouTube Plugin (Version: 13.20.1166.0 - Logitech) Hidden
MAGIX Speed burnR (MSI) (HKLM\...\MAGIX_{0D951CBB-743C-4A68-8C85-97D89A61D7CD}) (Version: 7.0.2.6 - MAGIX AG)
MAGIX Speed burnR (MSI) (Version: 7.0.2.6 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Designelemente) (HKLM\...\MX.{F6BDBD1F-A884-4510-8A9F-3DC6E5EBDFE3}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Designelemente) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Fotoshow Maker-Stile 1) (HKLM\...\MX.{828C109A-ABB5-4CDD-9927-349C79FC35DD}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Fotoshow Maker-Stile 1) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (HKLM\...\MX.{EA62B22F-AB0A-406B-80A9-8036D3CE3446}) (Version: 13.0.0.30 - MAGIX AG)
MAGIX Video deluxe 2014 (Titeleffekte) (HKLM\...\MX.{31D344AE-405C-44CC-B24B-BD080192F0BA}) (Version: 1.0.1.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Titeleffekte) (Version: 1.0.1.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Überblendeffekte) (HKLM\...\MX.{441E384F-5B2B-4DF6-936D-27B384B7AC60}) (Version: 1.0.0.0 - MAGIX AG)
MAGIX Video deluxe 2014 (Überblendeffekte) (Version: 1.0.0.0 - MAGIX AG) Hidden
MAGIX Video deluxe 2014 (Version: 13.0.0.30 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 1.61.0.1400 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.61.0.1400 - Malwarebytes Corporation)
Menu Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft IntelliType Pro 8.1 (HKLM\...\Microsoft IntelliType Pro 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliType Pro 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2007 (Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Templates - Starter Kit (Version: 9.4.6.0 - Nero AG) Hidden
Mozilla Firefox 32.0.1 (x86 de) (HKLM\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Nero 9 (HKLM\...\{be6b5eee-db60-4e8a-a1de-fa0fa06bc4ac}) (Version: - Nero AG)
Nero Burning ROM Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero BurnRights (Version: 3.4.11.100 - Nero AG) Hidden
Nero BurnRights Help (Version: 3.4.4.100 - Nero AG) Hidden
Nero ControlCenter (Version: 9.0.0.1 - Nero AG) Hidden
Nero DriveSpeed (Version: 4.4.11.100 - Nero AG) Hidden
Nero DriveSpeed Help (Version: 4.4.4.100 - Nero AG) Hidden
Nero Express Help (Version: 9.4.17.100 - Nero AG) Hidden
Nero InfoTool (Version: 6.4.11.100 - Nero AG) Hidden
Nero InfoTool Help (Version: 6.4.4.100 - Nero AG) Hidden
Nero Installer (Version: 4.4.9.0 - Nero AG) Hidden
Nero Recode Help (Version: 4.4.31.0 - Nero AG) Hidden
Nero Rescue Agent (Version: 2.4.12.100 - Nero AG) Hidden
Nero RescueAgent Help (Version: 2.4.4.100 - Nero AG) Hidden
Nero StartSmart (Version: 9.4.12.100 - Nero AG) Hidden
Nero StartSmart Help (Version: 9.4.12.100 - Nero AG) Hidden
Nero WaveEditor (Version: 5.4.32.0 - Nero AG) Hidden
NeroBurningROM (Version: 9.4.17.100 - Nero AG) Hidden
NeroExpress (Version: 9.4.17.100 - Nero AG) Hidden
neroxml (Version: 1.0.0 - Nero AG) Hidden
Nokia Ovi Suite (HKLM\...\Nokia Ovi Suite) (Version: 3.0.0.290 - Nokia)
Nokia Ovi Suite (Version: 3.0.0.290 - Nokia) Hidden
NVIDIA PhysX (HKLM\...\{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}) (Version: 9.09.0814 - NVIDIA Corporation)
Ovi Desktop Sync Engine (Version: 1.5.161.0 - Nokia) Hidden
OviMPlatform (Version: 2.7.44.2 - Nokia) Hidden
PC Connectivity Solution (HKLM\...\{D4AEC53C-1720-41D9-B6D7-6A60DE62D444}) (Version: 10.50.2.0 - Nokia)
PDF Settings CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
PDF-XChange Viewer (HKLM\...\{615666DE-89E6-4F92-8ED8-E424CC8E5B09}) (Version: 2.5.194.0 - Tracker Software Products Ltd.)
PhotoScape (HKLM\...\PhotoScape) (Version: - )
Photoshop Camera Raw (Version: 5.0 - Adobe Systems Incorporated) Hidden
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QCad 2.0.5.0 (remove only) (HKLM\...\QCad 2.0.5.0) (Version: - )
QuickTime (HKLM\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
RollerCoaster Tycoon 3 (HKLM\...\RollerCoaster Tycoon 3_is1) (Version: - Atari)
Shape Collage (HKLM\...\ShapeCollage) (Version: - Shape Collage Inc.)
Skype™ 6.14 (HKLM\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Suite Shared Configuration CS4 (Version: 1.0 - Adobe Systems Incorporated) Hidden
swMSM (Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4000.60 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4000.60 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4000.60 - TuneUp Software) Hidden
UltraStar 0.8.4 (HKLM\...\UltraStar) (Version: - )
Update for 2007 Microsoft Office System (KB967642) (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{EA54F104-79D2-48CC-9ABC-91A63C43D353}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
Update_DealPly (HKCU\...\DealPly) (Version: - ) <==== ATTENTION
VLC media player 1.1.8 (HKLM\...\VLC media player) (Version: 1.1.8 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.61 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live SOXE (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
14-08-2014 23:47:46 Windows Update
23-08-2014 18:52:32 Windows Update
29-08-2014 17:30:11 Windows Update
10-09-2014 13:05:32 Windows Update
17-09-2014 17:35:02 Removed Windows Movie Maker 2.6
17-09-2014 17:40:25 Removed Apple Software Update
17-09-2014 17:41:59 Removed Apple Application Support
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:04 - 2011-04-07 18:24 - 00000028 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {193D2E29-A9DA-4E30-8494-97DBF4247539} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-10-29] (Sun Microsystems, Inc.)
Task: {7A52D4F8-4236-4D15-A7F2-B2D991126706} - System32\Tasks\DealPlyUpdate => C:\Program <==== ATTENTION
Task: {9D8E7FD1-54BA-4211-8B29-88EAC8278914} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-08-18] (Adobe Systems Incorporated)
Task: {C583A00C-AC53-40F4-A48B-A16F758DA53A} - System32\Tasks\DealPly => C:\Users\Administrator\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe [2013-05-26] () <==== ATTENTION
Task: {D479A751-1B52-4A7B-B4B4-205419F1D2BC} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-03-16] (TuneUp Software)
Task: {FF063F40-C7D7-4DCF-9C51-8CA420EB7A67} - System32\Tasks\Microsoft_Hardware_Launch_IType_exe => C:\Program Files\Microsoft IntelliType Pro\IType.exe [2011-04-13] (Microsoft Corporation)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\ADMINI~1\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011.job => C:\Program Files\TuneUp Utilities 2011\OneClick.exe
==================== Loaded Modules (whitelisted) =============
2014-08-27 14:57 - 2014-08-27 14:57 - 00245760 _____ () C:\Program Files\Avira\My Avira\System.ComponentModel.Composition.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00139056 _____ () C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
2014-08-27 15:00 - 2014-08-27 15:00 - 00066864 _____ () C:\Program Files\Avira\My Avira\Avira.OE.AvConnectorNative.dll
2014-08-10 16:53 - 2014-08-27 15:00 - 00052472 _____ () C:\Users\Administrator\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
2014-09-13 16:43 - 2014-09-13 16:43 - 03716720 _____ () C:\Program Files\Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LWS => C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide
MSCONFIG\startupreg: Skype => "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (09/17/2014 07:32:05 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 32.0.1.5367, Zeitstempel: 0x541259dd
Name des fehlerhaften Moduls: mozalloc.dll, Version: 32.0.1.5367, Zeitstempel: 0x541225d2
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0xc58
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/05/2014 10:00:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.0.0, Zeitstempel: 0x48d3882e
Name des fehlerhaften Moduls: Save for Web.8BE, Version: 11.0.0.12, Zeitstempel: 0x48d3928d
Ausnahmecode: 0x40000015
Fehleroffset: 0x00337ed5
ID des fehlerhaften Prozesses: 0x7e8
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3
Error: (08/31/2014 00:06:17 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5310, Zeitstempel: 0x53c75e91
Name des fehlerhaften Moduls: mozalloc.dll, Version: 31.0.0.5310, Zeitstempel: 0x53c72e91
Ausnahmecode: 0x80000003
Fehleroffset: 0x0000141b
ID des fehlerhaften Prozesses: 0x6e8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (08/26/2014 06:59:08 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Name des fehlerhaften Moduls: ipmGui.exe, Version: 14.0.6.522, Zeitstempel: 0x53bec647
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000795b
ID des fehlerhaften Prozesses: 0xfd0
Startzeit der fehlerhaften Anwendung: 0xipmGui.exe0
Pfad der fehlerhaften Anwendung: ipmGui.exe1
Pfad des fehlerhaften Moduls: ipmGui.exe2
Berichtskennung: ipmGui.exe3
Error: (08/10/2014 11:34:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Photoshop.exe, Version: 11.0.0.0, Zeitstempel: 0x48d3882e
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x6e617254
ID des fehlerhaften Prozesses: 0xd34
Startzeit der fehlerhaften Anwendung: 0xPhotoshop.exe0
Pfad der fehlerhaften Anwendung: Photoshop.exe1
Pfad des fehlerhaften Moduls: Photoshop.exe2
Berichtskennung: Photoshop.exe3
Error: (08/04/2014 05:58:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: POWERPNT.EXE, Version: 12.0.6600.1000, Zeitstempel: 0x4de50c7e
Name des fehlerhaften Moduls: mso.dll, Version: 12.0.6683.5000, Zeitstempel: 0x51e6dff3
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00c59c78
ID des fehlerhaften Prozesses: 0x380
Startzeit der fehlerhaften Anwendung: 0xPOWERPNT.EXE0
Pfad der fehlerhaften Anwendung: POWERPNT.EXE1
Pfad des fehlerhaften Moduls: POWERPNT.EXE2
Berichtskennung: POWERPNT.EXE3
Error: (07/20/2014 11:16:59 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 16a0
Startzeit: 01cfa45fbd9db740
Endzeit: 49
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
Error: (07/20/2014 11:15:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 6ec
Startzeit: 01cfa45f78ece080
Endzeit: 41
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
Error: (07/20/2014 11:13:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1660
Startzeit: 01cfa45c2c569520
Endzeit: 0
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
Error: (07/20/2014 09:13:32 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Videodeluxe.exe, Version 13.0.0.30 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 91c
Startzeit: 01cfa44e44592920
Endzeit: 63
Anwendungspfad: C:\Program Files\MAGIX\Video deluxe 2014\Videodeluxe.exe
Berichts-ID:
System errors:
=============
Error: (09/17/2014 07:54:44 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/17/2014 07:54:44 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/17/2014 06:50:09 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/17/2014 06:50:09 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/17/2014 09:17:20 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/17/2014 09:17:20 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/15/2014 03:42:45 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/15/2014 03:42:45 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (09/14/2014 04:44:53 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (09/14/2014 02:11:48 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Microsoft Office Sessions:
=========================
Error: (02/11/2013 06:17:31 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2370 seconds with 120 seconds of active time. This session ended with a crash.
Error: (01/19/2013 04:50:35 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 7 seconds with 0 seconds of active time. This session ended with a crash.
Error: (12/20/2012 10:10:35 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 0, Application Name: Microsoft Office Word, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 225 seconds with 60 seconds of active time. This session ended with a crash.
==================== Memory info ===========================
Processor: AMD Athlon(tm) 64 X2 Dual Core Processor 3800+
Percentage of memory in use: 63%
Total physical RAM: 2046.55 MB
Available physical RAM: 749.72 MB
Total Pagefile: 4093.11 MB
Available Pagefile: 2385.89 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.41 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:146.39 GB) (Free:45.13 GB) NTFS
Drive d: (Meins) (Fixed) (Total:146.48 GB) (Free:127.18 GB) NTFS
Drive e: (Spiele) (Fixed) (Total:147.4 GB) (Free:146.93 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F505F505)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=146.4 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=146.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=147.4 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter MER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-09-17 21:07:20
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 ST3500320AS rev.SD15 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\kxldqpob.sys
---- System - GMER 2.1 ----
SSDT 8EAE8DE6 ZwCreateSection
SSDT 8EAE8DF0 ZwRequestWaitReplyPort
SSDT 8EAE8DEB ZwSetContextThread
SSDT 8EAE8DF5 ZwSetSecurityObject
SSDT 8EAE8DFA ZwSystemDebugControl
SSDT 8EAE8D87 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 83287A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 832C1212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 832C858C 4 Bytes [E6, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 832C88E8 4 Bytes [F0, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 832C892C 4 Bytes [EB, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 832C89A8 4 Bytes [F5, 8D, AE, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 832C89FC 4 Bytes [FA, 8D, AE, 8E]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8F43A000, 0x2D5378, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtCreateFile 777A5608 5 Bytes JMP 6450FC70 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtFlushBuffersFile 777A5998 5 Bytes JMP 644E942A C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtQueryFullAttributesFile 777A6028 5 Bytes JMP 6450F6B0 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtReadFile 777A62F8 5 Bytes JMP 644E9520 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtReadFileScatter 777A6308 5 Bytes JMP 64E099A8 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtWriteFile 777A6AA8 5 Bytes JMP 64510710 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!NtWriteFileGather 777A6AB8 5 Bytes JMP 64E09957 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] ntdll.dll!LdrLoadDll 777C22AE 5 Bytes JMP 69C31F42 C:\Program Files\Firefox\mozglue.dll
.text C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D 76CA94E6 7 Bytes JMP 64D77A24 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!QueryPerformanceCounter + 13 76CAC4E5 7 Bytes JMP 64D77A47 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] kernel32.dll!LoadAppInitDlls + 355 76CAF5A6 7 Bytes JMP 6450C5A7 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] USER32.dll!GetWindowInfo 76DE4B5E 5 Bytes JMP 64C7ECB7 C:\Program Files\Firefox\xul.dll
.text C:\Program Files\Firefox\firefox.exe[2644] GDI32.dll!GetViewportOrgEx + 26C 76F6884B 7 Bytes JMP 64D779A5 C:\Program Files\Firefox\xul.dll
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc02ec
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272cc02ec@fce55754c1cd 0xB5 0x85 0x77 0x77 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x63 0x08 0xE1 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x98 0x8F 0xF5 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0x9F 0xB1 0xEB ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc02ec (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272cc02ec@fce55754c1cd 0xB5 0x85 0x77 0x77 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x63 0x08 0xE1 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xF1 0x98 0x8F 0xF5 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x77 0x9F 0xB1 0xEB ...
---- EOF - GMER 2.1 ----
Avirafunde Code:
ATTFilter Exportierte Ereignisse:
10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\7725.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Rotbrow.K' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
17.09.2014 19:20 [Echtzeit-Scanner] Malware gefunden
In der Datei
'D:\$RECYCLE.BIN\S-1-5-21-1242816113-3164560358-2465018757-500\$RG5OXV4.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/MultiPlug.aob' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:09 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\7725.tmp'
wurde ein Virus oder unerwünschtes Programm 'TR/Drop.Rotbrow.K' [trojan]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
10.09.2014 15:21 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\Users\Administrator\AppData\Local\Temp\5B97.tmp'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BProtector.C' [adware]
gefunden.
Ausgeführte Aktion: Zugriff verweigern
|
|
17.09.2014, 20:27
| #2 |
| /// the machine /// TB-Ausbilder    | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen hi,
__________________Adware & Co. deinstallieren
Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
18.09.2014, 19:06
| #3 |
| | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Nabend,
__________________Danke für die schnelle Antwort! Es müsste soweit alles geklappt haben. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 18.09.2014 Suchlauf-Zeit: 18:36:37 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.18.05 Rootkit Datenbank: v2014.09.18.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x86 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 353714 Verstrichene Zeit: 15 Min, 33 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Warnen PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 18/09/2014 um 19:50:06
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzername : Administrator - WOLF-PC
# Gestartet von : C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Premium
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Gutscheinmieze
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\ConduitCommon
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\foxydeal.sqlite
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\invalidprefs.js
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\foxsearch.src
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Dealply
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKCU\Software\5bed688e068e815
Schlüssel Gelöscht : HKLM\SOFTWARE\5bed688e068e815
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_usenext_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_usenext_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF7BD87A-8024-11E2-F316-F3E56188709B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKCU\Software\BABSOLUTION
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\dt soft\daemon tools toolbar
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.1 (x86 de)
[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "088add4d000000000000001c4af2cbdf");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15901");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.21.518:35:18");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.21.5");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121563&tt=150713_9127&tsp=4944");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
[ Datei : C:\Users\Wolf2\AppData\Roaming\Mozilla\Firefox\Profiles\6exy0tw0.default\prefs.js ]
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [5338 octets] - [18/09/2014 19:07:52]
AdwCleaner[S0].txt - [5160 octets] - [18/09/2014 19:50:06]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5220 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.6 (09.18.2014:1)
OS: Windows 7 Ultimate x86
Ran by Administrator on 18.09.2014 at 19:56:29,30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1242816113-3164560358-2465018757-500\Software\sweetim
~~~ Files
Successfully deleted: [File] C:\Windows\Tasks\Dealply.job
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{00AA5727-DD7A-48DD-8382-AC070854C4E2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{027B32F5-A002-4A38-9663-B9413632CAB2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{02EA565D-99EB-4343-AE4D-6B747AEE6CA4}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{03EEE1F4-594D-475F-A827-7EC19E71714D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{049E780D-6085-449C-998F-22DD076A9E79}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{05C80E40-8F6B-4B84-9A4F-BE83487CCB1E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{061D0243-B5B9-4357-8466-821C56973DC5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{078E3EC1-CC85-4E19-8C9A-C6ED377201AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{07EA176D-92F7-4793-8D7E-650A907D42BE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{07FF2065-F299-4218-BF38-02223CDBB19D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{089348E6-A395-479C-A198-AAC90BA81B4B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{08CD86CF-3918-4EC7-B637-718315006343}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{096717E9-4103-4E18-B860-E5522819B26B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{09BDD3B9-A818-4918-B323-1F1F678600DB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{09E7EAA5-3FD0-486F-BCE2-5C7C58ADEF07}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0AF84CAE-E3D2-4EE0-9C45-2C0E83E1F0A8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0BB7C8FD-47BC-4FF6-B1DF-81346A2F30CF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0CCCDC8B-F343-4B11-AFC7-176CB4447307}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0D7023AC-0107-4791-9393-E48C0FFC234E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0D7A40B4-77EF-4141-B0EA-8933F30A815A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0E1EB78A-E60E-4FB5-BFA6-0880E0B87F31}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0F307E0E-4FE2-4A77-8226-25217C4DDFDC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{0FDF8BEB-6EEE-423D-BEDE-2F0E54BB2F2C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{124218DE-1773-4EEA-A0A4-C3D20687A6AE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{12B83BF8-8465-41FD-ABBE-A0176995ECBA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1541D635-87EC-46F1-9F86-8F2A78660C32}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1558C57E-4C62-4F0F-890F-22C5A03351B6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{15C45232-6FAF-4F94-B5B7-5BF41E22DB59}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1A0DF523-99DF-4664-B8C8-C6F94B1C71F9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{1B05221A-04A7-47F1-B7AB-3628CD51FC6F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{200065EB-BC39-4ACB-92B3-7F2118D44A6E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{23F0EAD7-1FF1-4F37-A867-641A995CAF44}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{25A5E605-8D7A-4B50-B25F-D03186CF77AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{26449F08-1202-4F9E-889D-2D95FEE36F69}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{267AEB08-15C0-4087-B773-0BAF3D781B99}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2778846D-1749-41B9-A24B-E65E126953AA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{28F8F324-A813-4B3C-9B3C-6F488FBD7D5A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{29451743-5A1C-4514-9290-7C6720327836}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{294EF43F-6356-4A58-8AB6-CEA99DD18965}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{29AAA2CA-9577-4AC7-AAF0-60FCA3C05557}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2B33A253-12F5-4B23-9B4D-1AD703875C11}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2B4D4560-BC7F-4DDE-BF23-586E3764B28F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2F1E7E73-D654-475E-97BF-9BFB4D570C50}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2F84EF9A-7CCA-475C-9FE6-EEAAF32B89FA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2FA4C1E3-4D2D-486E-9913-919282BD3120}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{2FF4B748-4281-4F6E-9989-666A6D8156E5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{30113FE4-96E4-432C-B4BB-8B456A4980F3}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3126FFF2-A0CA-4FA5-ACE5-146241F4013E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{31B0C9CD-E541-4FDC-8BC8-AAA0F97389D1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{320419FC-5EEB-49DD-8DEF-FA9AC39FD546}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{32CE709C-8C11-4C83-AC2B-D951E75D3B95}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3397ECC0-D03B-4228-B91F-383D253AAC80}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{33DC7160-224E-4798-8077-2F800E8B84E8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{344CE6C3-580B-408D-AB7D-8419A0904C53}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{35D3825C-399D-4DF4-850D-D812992C81C9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3746A931-1CCF-4A52-A621-5C20576CEBD2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{39694A3A-8A28-4673-BFCF-62617CF00747}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3C579D75-CA10-45DD-8AD6-2589295FD82F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{3D05CD43-B0E2-4B91-B9D9-72DC3A3DA975}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{401A0665-5071-4BD8-B7F8-4350BE05FA6B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{401FE919-F656-4CA6-845C-C31F2B4D7B86}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{40775414-ED3D-4BC2-B4A3-01920DB815ED}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{421B3F07-F9C0-49EB-8963-595FEAB7163D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{42494C68-F6CD-4F6B-BC0D-B1A6D504E5F5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4303163D-533C-4776-A108-BD0A208D6941}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{45920D91-BADA-4227-9A6D-040D36CA1B6E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{463E6EE2-E7F2-4CE5-AB55-6BAF8C2938BC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{46F679E0-28E0-41FF-8FE8-4E4492B13B7F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{47BA274B-F644-456F-9004-56D4C6630A5D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4BDCC5EA-E933-4D12-9DA4-F8D50C5047FA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4CF1F396-CAC3-49F3-A277-923F277753C8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4DF61B03-6FE4-4909-B28C-273E9CAB7658}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4ECA6516-0984-483F-BFFF-8C6A18DC007F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{4EFB7323-76B5-4532-8EB2-78AA24C978B9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5006F0CD-F540-4DA0-9DBE-BAF13AC38A27}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{50932DA9-44FF-4E1D-8EFB-95CE07EEFD7D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{50A6BB73-AEEF-4495-AA45-5018DA601D69}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5110D7DC-0668-42A1-BF86-7EFC11360B2E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5272D806-0971-4FC0-A47E-9ED99C537365}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{54483DFC-D518-433C-81A2-48A85A623FDC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5585E72A-D835-4B34-8BB6-B4606B38FD14}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{55D98D74-6461-4E0D-A02F-337775A5D8ED}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{56AE47CD-5895-4538-BE42-44E01B4077C0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{56C03772-3AF1-46BB-9191-54ABF8993130}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{570CBA08-B19C-487A-ABAE-3CA7DB29346F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{571F156E-1113-41B5-8D94-91D0E3DADBFC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5771E7B7-D534-470A-BDF3-A4EBC21696C5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5A05178C-6CD1-4E77-AB6A-204767E04FF2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5CA82FAB-1956-4CC8-B96E-1EE4161736DD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5D2FC71C-9D2F-424A-8B54-53BFE45F994D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5F0BD469-6636-4F19-B64A-262723E68340}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{5F34C0F5-13CF-4754-BE78-79B10652D56B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6006A6A1-B86A-435B-894E-570B220B3517}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6123160C-CD73-434D-A8C8-579038782BB2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{642C0FD7-1E48-4C3C-8467-4F8D5FA7D313}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{65174C9D-D96D-4282-8878-EDE84A2A6A44}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{662D84CA-A1FB-4990-99F3-CC4775D253D1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{686C65B2-0D99-48E0-8C23-884CAD6144AD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{699C4446-3142-4054-A901-894A64EA8293}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6D20DC5C-154F-4ABA-AB88-DF19D95CE211}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6D42BB08-34D2-48D0-9245-CE1BA965FB03}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6D8E95A7-D3C3-4956-86AE-C0756156A631}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6F10C994-43DA-4DB0-A8D8-C314F0A939D8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6F125F56-5BAA-4394-8613-F3AEF5FB252C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{6F64B148-47DF-414F-BF46-56B26659EE6B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7098DE43-8811-4FA3-80EA-14870C832215}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{738BB6B5-75C9-41D2-839C-AEF6E4D3023A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7796148C-0562-4C7D-9D37-E8A896C84642}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{77C9B138-BD0A-4C31-A55D-6D8B64009322}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{78A385F3-4C48-4646-8AC3-F924182718CC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7AE00891-4BF0-4DDF-B8BF-253A49A870D7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7B4E02B0-064F-4899-96E5-20CA7E952F41}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7BECDB1B-ADA5-42E3-93BF-69B5EB77CB4D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7D179FB2-FC57-4D53-9107-0E385D03D733}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7D2F2333-87A6-45F5-8E14-90689B322721}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7DE78E93-80A1-437A-A979-E8EEC52CC9EE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7E8ADF27-AE83-4E20-A451-0855294CF1AB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7EB71B58-933E-4302-8D6C-7361AC3745B7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7EF5EC32-33ED-427F-8533-F0D9CEA68654}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{7F001CC2-39F4-4551-A562-46F4C5D9874A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8207E4D8-8C85-4945-9930-4D995B946521}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{86778693-C73E-427E-9E15-E730C0DEBDBF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8699BCA2-4D21-447D-86D7-AE174F0FBE99}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{87BC98CD-7D00-4C37-BD83-AB97D8B3D3FF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{87D9921E-8446-4214-9CFE-C49C85E0FB0E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{88830458-22C6-4507-AB5A-42E5CAF0E2E9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8A82F9F8-3413-48B6-B765-28B3EF481CEF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8D61429E-74AD-4523-B949-BD132A80D600}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8E9F760F-A925-4380-9391-B51D96844804}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8EAC0F4F-612B-4EE9-A10E-6858D49917DD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{8FD6376D-A84E-4C4B-A94D-8EE5C348F0C9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{91ECD8F2-9E8A-407A-898A-657CF342CAD8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{920C1BD2-B69C-40E3-8237-91E999B5AC42}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{93AE4569-AB36-4760-81E1-C84C148EFF5D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{940551F2-D89F-4F89-B292-24CEC919FD9E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{97500A6B-6C8E-49A8-82F7-FB54EA23BAFA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{97DB7739-56FE-4228-B311-2B943B45A229}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9812ED64-7624-482D-9037-7A3AB1ED6F35}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{98FEB8A4-B0D5-49C0-811B-550FB997F6D9}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9C32C7A5-F9E4-4921-88F7-41A1764EA1E1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9E94A999-8F09-4557-9C67-1BC24E2936DB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{9F4BEF24-0F0C-4FC2-B65F-CB5DEC5FF5D6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A01C21FD-9A10-46AE-A69E-2279C79CADE0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A0983AC6-FE03-4DC0-B2CD-16250668C7EE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A0DC223B-EE1B-41B1-BF8F-68C24B3EC422}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A2656A21-1AD4-4309-9A9D-A46BB012D5AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A2DF1152-03E8-4174-BABF-193551383AAA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A31C8E26-D02A-43EF-BCE3-92AC90A949B1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A3CE7047-4498-4CE4-AC68-384757D9B007}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A413B210-49C3-4BC9-B138-3010648088AC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A571E932-A6E0-422B-9C68-E1BFCFB73FFB}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A75EC58E-9AAA-4C88-9CF1-3F806E56EF25}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{A7CF451D-0BDF-4211-89E1-9A8B39318A4C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{AA8F90A5-2208-4C1A-9240-8024215CC3F7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{AAA0C9B7-353B-4455-8236-78F8D8D610C3}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B015C33C-EA7E-437F-A9CA-38050B348484}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B0581A2D-50AD-4FBF-B4ED-D79B7EB32447}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B0B34383-1541-4286-8CF2-DC2398FAC2FA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B1136C04-BA61-4712-BD59-763BB8C5BBA5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B27276B7-E671-4E13-BDFA-F5D1CBD87858}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B2A8CC10-90A5-40F9-AE04-58B4316D8051}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B306BA45-AE5A-40E0-9726-4E6CCC9C545E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B36157E1-1640-460D-8BB5-4C99E92A99E3}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B5003F6D-F1D3-40A4-BC23-59D798FF8D32}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B569C79C-962E-4BED-A8D5-C9EA1A7C2901}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B5DB5BFE-D33B-4B49-9771-53C5816F66B8}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B62F31A7-ADAF-46B8-A086-BB611032F5F7}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B7921414-0B58-4728-84CE-F122B1BC07C5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{B8AE39C4-A2B8-40CC-AB87-4D3AF16FA2F6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BA3D093A-CE80-4670-BDD3-7A72762F5441}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BB0D83E7-7469-48EA-B345-B5D1516E33B5}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BB8BE1F2-39CF-410C-A73C-4A338D4A2967}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BBA017E4-CFB4-49D4-B802-C8A2A34102D6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BD4D26E4-E6AB-437D-9278-740100A388CD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BDA2DA9E-E556-4171-B4F6-2EE8ED413514}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{BEEBDD98-009A-414B-94BD-B807CB2CD78C}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C1192A4C-611F-428D-B887-9909720A51AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C3033550-FC24-4F65-9A81-69719406B361}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C32E613D-0E6D-4CB4-BB52-F14E3AC81C94}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C42D7623-024E-474E-AD9A-983BD024E1D2}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C4BF2B0D-65A0-461A-BC80-39B4C6E6EE20}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C5A65C2E-99B3-4ADA-83EF-94F66B72CE73}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C61FB34A-AB5E-4986-895D-CB97E16F3AC1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C71C5FEE-C34A-46DB-99DD-F48446139CDD}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C7360B2A-7878-49FB-BFAA-4B3276690A72}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C74AC78C-28F3-4B46-8D6D-356487989904}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C77FE689-2C99-4287-9577-1B8230D2574E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{C88BDFEE-207D-49C4-9A99-93D8D06B59D1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{CB426ED8-15CB-455B-BC3C-E7EF890A2FEF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{CB706A49-948E-4319-B9D6-7230DCCE809F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{CD281C72-A676-4A04-A64B-A93713BA6915}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D04D561F-0DF4-44CB-AB1A-59C193425C1B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D0AA69EE-EABA-4D6D-99AB-05A81E5D0099}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D2BC596F-CA96-411D-A9FD-E7EDAB09D0BC}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D2CEA4F2-4A1F-4483-8325-49F2013D6127}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D625801D-53E9-4EF8-9DA9-C4A74C5F7032}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D88A5616-2768-4F42-8205-18134D7E6BC6}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D925B8FF-3648-489E-8003-0415E6EEFB7B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D9683EFF-3391-4A7A-89BC-779B5F526BD0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{D9D3EF1E-4557-4E42-984B-5F0EF9FFF95A}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DCC7AD0F-F60E-4B83-A247-897CCB3DB7CE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DDAA03A4-5164-48B4-B948-5F3BD3BB4A9B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DDBFF20B-500F-4763-A88D-E9000E6E28CA}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{DEF8A80A-ED9E-4995-AFCF-B246A014CBDF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E1D00B0B-CF7C-415F-BAF7-00CB86088A9F}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E1FDDD35-281C-4EAD-9972-D27A44B34D9D}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E2846E9B-0C71-4E4B-B51A-8025E1DFBCA1}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E2A3DBFD-6BD6-41B2-AD39-E7EAA6739437}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E4358B6B-96D8-4FDB-B2F3-386FEBE4FF95}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E48BCD84-D53F-494C-9E5A-02B09CB53665}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E4D2AE3F-766F-4AC9-9807-D860D7C6D3FE}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E5327DB3-2C40-43C9-9EC7-F556C0824668}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E6B057B6-BB49-417C-8A40-A5C179403874}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E770FB54-C5F2-400C-9F9C-8D23187604DF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{E8ACDD6F-719F-47C0-98F0-A10211A56772}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{EC8EA330-ECF0-4FFB-8E82-E7732C6A66AF}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{ED4E9A6E-FCBB-44DB-AFB9-CC0F5A19CC58}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{EDD92001-8702-4820-AF5D-DBFA1CAEC1D0}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F2ECF226-E3DB-4E02-929B-99BF8AA38606}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F2F944CC-C041-4344-9618-B444236BF185}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F499B186-9663-4635-96D5-65DB78A97166}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F4A8BDA2-E2D8-41A3-A73B-D0266D4B9D8B}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{F4CA1661-FA21-4F78-8A5E-F380901E741E}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{FD38768D-AA1B-438D-B9F8-BF928BCF4376}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{FEBA6471-3AD6-4B74-A9D7-5C2661B4D635}
Successfully deleted: [Empty Folder] C:\Users\Administrator\appdata\local\{FECCAE3D-ECB3-4358-A084-3D9EDDC06689}
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.09.2014 at 19:59:14,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 18-09-2014 19:59:30
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Thisisu) C:\Users\Administrator\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
Chrome:
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:54 - 2014-09-18 19:59 - 00010788 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 19:06 - 2014-09-18 19:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:35 - 2014-09-18 18:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 18:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:01 - 2014-09-17 22:06 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 19:59 - 2014-09-18 19:59 - 00000000 ____D () C:\FRST
2014-09-17 19:59 - 2014-09-17 20:06 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-19 16:35 - 2014-09-05 20:09 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:59 - 2014-09-18 19:54 - 00010788 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:59 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:56 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 19:56 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:51 - 2011-08-13 18:42 - 00163149 _____ () C:\Windows\setupact.log
2014-09-18 19:51 - 2011-08-13 18:41 - 00233326 _____ () C:\Windows\PFRO.log
2014-09-18 19:50 - 2014-09-18 19:06 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:50 - 2011-03-27 20:07 - 01159019 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:36 - 2014-09-18 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 22:06 - 2014-09-17 20:01 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:06 - 2014-09-17 19:59 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:55 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-14 17:11 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-08-19 19:39 - 2014-09-10 15:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 17:11 - 2011-10-12 11:54 - 00000000 ____D () C:\Users\Administrator\.gimp-2.6
2014-08-19 00:26 - 2014-09-10 15:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:08 - 2014-09-10 15:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-27 22:41
==================== End Of Log ============================
--- --- --- |
|
19.09.2014, 09:50
| #4 |
| /// the machine /// TB-Ausbilder | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernenESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
19.09.2014, 21:07
| #5 |
| | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernenCode:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=c7d7ce63f261bc449b99d65e158a9ed1
# engine=20232
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=false
# utc_time=2014-09-19 06:33:53
# local_time=2014-09-19 08:33:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Avira Desktop'
# compatibility_mode=1810 16777213 100 100 93475 155654407 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 37589776 162782824 0 0
# scanned=229403
# found=30
# cleaned=0
# scan_time=5064
sh=A7C95FD3F6B65F27755CBEC812DF32029A102020 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Backup\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\prefs_18_09_2014_19_50_11.js"
sh=2550AA985F7FA25EC09949903BCBBF16D7A3E121 ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\invalidprefs.js.vir"
sh=3CA954D939594770595C57C933BFD509BF80684A ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\user.js.vir"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnic.dll"
sh=FFA8B6510D624A55F3EB7FFD6D5221A44944681C ft=1 fh=3386eb0d6ed0e5e1 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apnstub.exe"
sh=1A3F14C0A66F9AF050D1F34FBACBAADC31751A07 ft=1 fh=2704a03a0f47b728 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\apntoolbarinstaller.exe"
sh=4B553651EF610C0614F8393D6C25ABA0A8F09ECA ft=1 fh=92ef1bb072edf568 vn="Variante von Win32/Bundled.Toolbar.Ask.D potenziell unsichere Anwendung" ac=I fn="C:\Program Files\Avira\AntiVir Desktop\Offercast_AVIRAV7_.exe"
sh=7D46D39AEE256EED7AB0AA6EF0E9A422831C01DC ft=1 fh=5623ddb773ac081b vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="C:\Program Files\FreeYouTubeToMP3Converter5628.exe"
sh=B3AF5A564682593BC3BCAB06F133942F2DCDCF72 ft=0 fh=0000000000000000 vn="HTML/Ransom.B Trojaner" ac=I fn="C:\ProgramData\nzzklwbnbveeryt\main.html"
sh=AC76360969B4C1DEABBF392242705FF7A8BF5922 ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C54B8NJ4\pack[1].7z"
sh=3893C701FC34D1821AD7219306ECFBD1EDE3AF8F ft=0 fh=0000000000000000 vn="Variante von Win32/bProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C54B8NJ4\pack[2].7z"
sh=93D7AD0FC7A7EC62E220FBD9A5501C61B0743EC9 ft=0 fh=0000000000000000 vn="Win32/bProtector.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C54B8NJ4\pack[3].7z"
sh=71435DDB11E00D0243380C4902324853FE4ECE8F ft=1 fh=12b0cd2dde452d65 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRPBR5HQ\ApnIC[1].0"
sh=B828F25BC53E9F7F550C99FF76F6C98A579D90DD ft=0 fh=0000000000000000 vn="Win32/bProtector.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PRPBR5HQ\pack[1].7z"
sh=CDAF70367608E1F69C3D41A408A4948ECF94412B ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\~nsu.tmp\nsfC078.tmp"
sh=3E30150D840AC9A0C0A7969D2FFD45118BE827D6 ft=1 fh=afbdb7c39edb934a vn="Variante von Win32/Toolbar.Conduit.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll"
sh=B636474A8E79343C460A8845754EECB721E657A5 ft=0 fh=0000000000000000 vn="Variante von Java/Exploit.CVE-2012-1723.DO Trojaner" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2\162e0902-738db15c"
sh=5C723F16EF625D81C6D92F3BEA4354EB76D90138 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32\10f6c1e0-11fdbb43"
sh=6965057F60010BBF9E03E1F3FA5F69362F73817C ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.QQD Trojaner" ac=I fn="C:\Users\Administrator\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61\7cebedbd-58c65d39"
sh=0B273B8F6708D9E5F08A79F32838E88FEDD3079A ft=0 fh=0000000000000000 vn="JS/SecurityDisabler.A.Gen evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\prefs.js"
sh=3DE38703FE86170F8319BFC70367FB87DF691728 ft=1 fh=de0cba27e1789651 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Documents\MAGIX Downloads\Installationsmanager\Video_deluxe_2014_DLV_de-DE_130823_15-58_13_0_0_30.exe"
sh=08BF6F871199BCDB95F0361EC920DF406BD3597A ft=1 fh=c0776f02905eb6da vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Documents\avira_free_antivirus_de.exe"
sh=897FD37A4F97BA9BBC92108AA1FB16C970EACBF0 ft=1 fh=58662848aaacab1c vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Administrator\Downloads\FreeYouTubeDownload_3.1.42.1212.exe"
sh=44A7AE70AA7AC181E962591F263CFA55C823B4FC ft=1 fh=cf972a16567b49c6 vn="Win32/Bundled.Toolbar.Google.D potenziell unsichere Anwendung" ac=I fn="C:\Users\Administrator\Downloads\Shockwave_Installer_Slim.exe"
sh=B3AF5A564682593BC3BCAB06F133942F2DCDCF72 ft=0 fh=0000000000000000 vn="HTML/Ransom.B Trojaner" ac=I fn="C:\Users\All Users\nzzklwbnbveeryt\main.html"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L2DB74LS\ApnIC[1].0"
sh=40E49124AD0B55A25F947333CA88E9D0BC30A7E3 ft=1 fh=e26ad988592b2af9 vn="Variante von Win32/Bundled.Toolbar.Ask potenziell unsichere Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YQ3JOGQ1\ApnIC[1].0"
sh=9982D0D388B2A114551373D690AAA9E46DA5387B ft=1 fh=05a5d4a1a2239f3c vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\wasistdas\magix_video_deluxe_2014_188mb_chip_de.exe"
sh=B001F7D0F1F9A7E61C5499E5C8350F497B5A3E18 ft=1 fh=2a21627c0d99789c vn="Win32/OpenCandy potenziell unsichere Anwendung" ac=I fn="G:\Kata\Fotos\Blog\wierd stuff\DTLite4413-0173.exe"
sh=3DE38703FE86170F8319BFC70367FB87DF691728 ft=1 fh=de0cba27e1789651 vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="G:\PC save\MAGIX Downloads\Installationsmanager\Video_deluxe_2014_DLV_de-DE_130823_15-58_13_0_0_30.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x86
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
Avira Desktop
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
TuneUp Utilities 2011
TuneUp Utilities Language Pack (de-DE)
Java(TM) 6 Update 24
Java version out of Date!
Adobe Flash Player 14.0.0.179
Mozilla Firefox (32.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014
Ran by Administrator (administrator) on WOLF-PC on 19-09-2014 21:30:38
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avcenter.exe
(Nullsoft, Inc.) C:\Program Files\Winamp\winamp.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
() C:\Users\Administrator\Downloads\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: 127.0.0.1 activate.adobe.com
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
Chrome:
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 00000000 ____D () C:\Program Files\ESET
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:54 - 2014-09-19 21:31 - 00010922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 19:06 - 2014-09-18 19:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:35 - 2014-09-18 18:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 18:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:01 - 2014-09-17 22:06 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 19:59 - 2014-09-19 21:30 - 00000000 ____D () C:\FRST
2014-09-17 19:59 - 2014-09-17 20:06 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-13 16:42 - 2014-09-13 16:43 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-08 14:11 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-23 20:53 - 2014-05-14 18:23 - 01973728 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00054240 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-23 20:53 - 2014-05-14 18:23 - 00045536 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-23 20:53 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 02425856 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-23 20:53 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-23 20:52 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-23 20:52 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 21:31 - 2014-09-18 19:54 - 00010922 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-19 21:30 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-19 21:28 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 21:24 - 2011-08-13 18:42 - 00163429 _____ () C:\Windows\setupact.log
2014-09-19 19:54 - 2014-09-19 19:54 - 00000000 ____D () C:\Users\Administrator\Desktop\Neuer Ordner
2014-09-19 19:03 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 00000000 ____D () C:\Program Files\ESET
2014-09-19 18:47 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 18:47 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 22:00 - 2011-03-27 20:07 - 01195533 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:51 - 2011-08-13 18:41 - 00233326 _____ () C:\Windows\PFRO.log
2014-09-18 19:50 - 2014-09-18 19:06 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:54 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:36 - 2014-09-18 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 22:06 - 2014-09-17 20:01 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:06 - 2014-09-17 19:59 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-15 15:42 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-13 16:43 - 2014-09-13 16:42 - 00000000 ____D () C:\Program Files\Firefox
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-08 14:11 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-30 14:09 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-08-23 03:46 - 2014-08-29 19:04 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 02:42 - 2014-08-29 19:04 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 14:42 - 2014-08-20 14:42 - 00144288 _____ () C:\Windows\Minidump\082014-20872-01.dmp
2014-08-20 14:42 - 2011-08-13 19:18 - 211386464 _____ () C:\Windows\MEMORY.DMP
2014-08-20 14:42 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\SIntf16.dll
C:\Users\Administrator\AppData\Local\Temp\SIntf32.dll
C:\Users\Administrator\AppData\Local\Temp\SIntfNT.dll
C:\Users\Administrator\AppData\Local\Temp\tbuTor.dll
C:\Users\Administrator\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2013-08-27 22:41
==================== End Of Log ============================
--- --- --- --- --- --- Dankeschön für die Hilfe! Wird sich zeigen ob es sich verbessert hat, den Alarm beim Papierkorb durchsuchen kriege ich zumindest nicht mehr!  |
|
20.09.2014, 15:22
| #6 |
| /// the machine /// TB-Ausbilder | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\All Users\nzzklwbnbveeryt
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Downloade dir bitte  Farbar Service Scanner
Poste bitte den Inhalt hier.
__________________ --> ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen |
|
21.09.2014, 13:19
| #7 |
| | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Alles erledigt.  Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-09-2014
Ran by Administrator at 2014-09-21 14:00:47 Run:1
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
C:\Users\All Users\nzzklwbnbveeryt
*****************
C:\Users\All Users\nzzklwbnbveeryt => Moved successfully.
==== End of Fixlog ====
Code:
ATTFilter Farbar Service Scanner Version: 21-07-2014
Ran by Administrator (administrator) on 21-09-2014 at 14:14:42
Running from "C:\Users\Administrator\Downloads"
Microsoft Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Demand. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.
Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\ipnathlp.dll => File is digitally signed
C:\Windows\system32\iphlpsvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
**** End of log ****
|
|
22.09.2014, 09:27
| #8 |
| /// the machine /// TB-Ausbilder | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen
 Frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.09.2014, 15:56
| #9 |
| | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernenFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-09-2014 (ATTENTION: ====> FRST version is 11 days old and could be outdated)
Ran by Administrator (administrator) on WOLF-PC on 23-09-2014 16:45:17
Running from C:\Users\Administrator\Desktop
Platform: Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
(Nero AG) C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliType Pro\itype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(MAGIX AG) C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
(Mozilla Corporation) C:\Program Files\Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [itype] => C:\Program Files\Microsoft IntelliType Pro\itype.exe [1298320 2011-04-13] (Microsoft Corporation)
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [751184 2014-08-06] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira Systray] => C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe [164656 2014-08-27] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [] => [X]
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [20924576 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {1f43a026-c5cd-11e0-9ce5-6cf049925e28} - G:\pushinst.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {82215e22-5988-11e0-8644-000272cc02ec} - K:\Setupx.exe
HKU\S-1-5-21-1242816113-3164560358-2465018757-500\...\MountPoints2: {cc98b0c0-f97a-11e0-be2d-806e6f6e6963} - G:\Autorun.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x60FB5BE5B7ECCB01
URLSearchHook: HKCU - (No Name) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No File
Toolbar: HKCU - No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\searchplugins\ADelta.xml
FF Extension: Avira Browser Safety - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\abs@avira.com [2014-09-05]
FF Extension: PCCSyncFactory - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{D7919E63-B02E-1153-9E5F-DE727E353E59} [2013-12-19]
FF Extension: Heart Button - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\ffextension@weheartit.com.xpi [2012-05-10]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\nomz79bw.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-10-10]
FF HKLM\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF Extension: Java String Helper - C:\Users\Administrator\AppData\Roaming\11001 [2012-03-19]
FF HKLM\...\Thunderbird\Extensions: [{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}] - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension
FF Extension: Thunderbird Address Book Synchronisation Extension - C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension [2011-04-17]
FF HKCU\...\Firefox\Extensions: [{184AA5E6-741D-464a-820E-94B3ABC2F3B4}] - C:\Users\Administrator\AppData\Roaming\11001
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox\firefox.exe
Chrome:
=======
CHR CustomProfile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [430160 2014-08-06] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe [160048 2014-08-27] (Avira Operations GmbH & Co. KG)
R2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
S3 ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [628736 2010-12-08] (Nokia) [File not signed]
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [428640 2011-04-01] (Logitech Inc.)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 1394ohci; C:\Windows\system32\drivers\1394ohci.sys [164864 2010-11-20] (Microsoft Corporation) [File not signed]
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [97648 2014-07-06] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [136216 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [37352 2013-11-14] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [4352 2007-01-26] (AVM Berlin) [File not signed]
R3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [265088 2007-01-26] (AVM GmbH)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [443448 2011-10-18] (Duplex Secure Ltd.)
R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2013-04-04] (Avira GmbH)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-22 20:39 - 2014-09-22 20:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-09-22 20:39 - 2014-09-22 20:39 - 00000000 ____D () C:\RegBackup
2014-09-22 17:00 - 2014-09-22 17:00 - 00003392 ____N () C:\bootsqm.dat
2014-09-22 16:52 - 2014-09-22 16:52 - 00002117 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-22 16:51 - 2014-09-22 16:51 - 09700040 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-21 15:51 - 2014-09-21 15:51 - 00638464 _____ () C:\Windows\Minidump\092114-28048-01.dmp
2014-09-21 15:46 - 2014-09-21 15:29 - 803108864 _____ () C:\Users\Administrator\Desktop\mooom.MPG
2014-09-21 14:14 - 2014-09-21 14:14 - 00003002 _____ () C:\Users\Administrator\Downloads\FSS.txt
2014-09-21 14:13 - 2014-09-21 14:13 - 00415232 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2014-09-21 14:02 - 2014-09-21 14:02 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2014-09-21 13:59 - 2014-09-21 13:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-09-21 13:53 - 2014-09-21 13:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 13:53 - 2014-09-21 13:52 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-21 13:52 - 2014-09-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 13:51 - 2014-09-21 13:51 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall(1).exe
2014-09-21 13:41 - 2014-09-21 13:53 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 13:35 - 2014-09-21 13:35 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
2014-09-20 10:13 - 2014-09-21 13:34 - 00000000 ____D () C:\Program Files\Firefox
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:54 - 2014-09-23 16:45 - 00010752 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-18 19:08 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-09-18 19:06 - 2014-09-18 19:50 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:35 - 2014-09-18 18:36 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-18 18:34 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:01 - 2014-09-17 22:06 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 19:59 - 2014-09-23 16:45 - 00000000 ____D () C:\FRST
2014-09-17 19:59 - 2014-09-17 20:06 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-11 14:37 - 2014-09-11 14:57 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-10 15:22 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 15:22 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 15:22 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 15:22 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 15:22 - 2014-08-18 23:57 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 15:22 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 15:22 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 15:22 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 15:22 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 15:22 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 15:22 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 15:22 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 15:22 - 2014-08-18 23:36 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 15:22 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 15:22 - 2014-08-18 23:30 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 15:22 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 15:22 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 15:22 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 15:22 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 15:22 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 15:22 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 15:22 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 15:22 - 2014-08-18 23:08 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 15:22 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 15:22 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 15:22 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 15:22 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 12:31 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-09 12:30 - 2014-09-09 14:12 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-05 11:43 - 2014-09-23 16:48 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-08-29 19:04 - 2014-08-23 03:46 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 19:04 - 2014-08-23 02:42 - 02352640 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-23 16:52 - 2014-09-18 19:54 - 00010752 _____ () C:\Users\Administrator\Desktop\FRST.txt
2014-09-23 16:48 - 2014-09-05 11:43 - 00000000 ____D () C:\Users\Administrator\Desktop\holland
2014-09-23 16:45 - 2014-09-17 19:59 - 00000000 ____D () C:\FRST
2014-09-23 16:45 - 2011-10-23 20:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Skype
2014-09-23 16:27 - 2012-05-10 15:58 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-23 16:27 - 2012-05-08 15:18 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-09-23 16:27 - 2011-08-30 15:47 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-09-23 16:10 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-23 16:10 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-23 16:05 - 2011-03-27 20:35 - 01480602 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-23 16:02 - 2011-03-28 21:44 - 00149944 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-23 16:01 - 2011-08-13 18:42 - 00165943 _____ () C:\Windows\setupact.log
2014-09-23 16:01 - 2009-07-14 10:56 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-09-23 16:01 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-23 16:01 - 2009-07-14 06:33 - 02416904 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-23 16:00 - 2011-08-13 18:41 - 00234466 _____ () C:\Windows\PFRO.log
2014-09-23 16:00 - 2009-07-14 10:56 - 00000000 ____D () C:\Windows\CSC
2014-09-22 20:48 - 2011-03-27 20:07 - 01358487 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 20:39 - 2014-09-22 20:39 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WOLF-PC-Microsoft-Windows-7-Ultimate-(32-bit).dat
2014-09-22 20:39 - 2014-09-22 20:39 - 00000000 ____D () C:\RegBackup
2014-09-22 17:00 - 2014-09-22 17:00 - 00003392 ____N () C:\bootsqm.dat
2014-09-22 16:52 - 2014-09-22 16:52 - 00002117 _____ () C:\Users\Administrator\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-09-22 16:52 - 2014-09-22 16:52 - 00000000 ____D () C:\Program Files\Tweaking.com
2014-09-22 16:51 - 2014-09-22 16:51 - 09700040 _____ () C:\Users\Administrator\Downloads\tweaking.com_windows_repair_aio_setup.exe
2014-09-21 15:51 - 2014-09-21 15:51 - 00638464 _____ () C:\Windows\Minidump\092114-28048-01.dmp
2014-09-21 15:51 - 2012-04-27 13:46 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-09-21 15:51 - 2011-08-13 19:18 - 180539632 _____ () C:\Windows\MEMORY.DMP
2014-09-21 15:51 - 2011-08-13 19:18 - 00000000 ____D () C:\Windows\Minidump
2014-09-21 15:29 - 2014-09-21 15:46 - 803108864 _____ () C:\Users\Administrator\Desktop\mooom.MPG
2014-09-21 14:14 - 2014-09-21 14:14 - 00003002 _____ () C:\Users\Administrator\Downloads\FSS.txt
2014-09-21 14:13 - 2014-09-21 14:13 - 00415232 _____ (Farbar) C:\Users\Administrator\Downloads\FSS.exe
2014-09-21 14:02 - 2014-09-21 14:02 - 00448512 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\TFC.exe
2014-09-21 13:59 - 2014-09-21 13:59 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Oracle
2014-09-21 13:53 - 2014-09-21 13:53 - 00000000 ____D () C:\Program Files\Common Files\Java
2014-09-21 13:53 - 2014-09-21 13:41 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-21 13:52 - 2014-09-21 13:53 - 00272808 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00175528 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-09-21 13:52 - 2014-09-21 13:52 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-09-21 13:52 - 2014-09-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-09-21 13:52 - 2011-03-27 23:00 - 00000000 ____D () C:\Program Files\Java
2014-09-21 13:51 - 2014-09-21 13:51 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall(1).exe
2014-09-21 13:35 - 2014-09-21 13:35 - 00918952 _____ (Oracle Corporation) C:\Users\Administrator\Downloads\jxpiinstall.exe
2014-09-21 13:34 - 2014-09-20 10:13 - 00000000 ____D () C:\Program Files\Firefox
2014-09-19 21:27 - 2014-09-19 21:27 - 00854417 _____ () C:\Users\Administrator\Downloads\SecurityCheck.exe
2014-09-19 18:59 - 2014-09-19 18:59 - 02347384 _____ (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2014-09-18 19:59 - 2014-09-18 19:59 - 00026645 _____ () C:\Users\Administrator\Desktop\JRT.txt
2014-09-18 19:56 - 2014-09-18 19:56 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 19:55 - 2014-09-18 19:55 - 01016830 _____ (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2014-09-18 19:50 - 2014-09-18 19:06 - 00000000 ____D () C:\AdwCleaner
2014-09-18 19:05 - 2014-09-18 19:05 - 01373475 _____ () C:\Users\Administrator\Downloads\AdwCleaner_3.310.exe
2014-09-18 18:56 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Globalization
2014-09-18 18:53 - 2014-09-18 18:53 - 00001164 _____ () C:\Users\Administrator\Desktop\mbam.txt
2014-09-18 18:36 - 2014-09-18 18:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 18:34 - 2014-09-18 18:34 - 00001060 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2014-09-18 18:34 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Malwarebytes
2014-09-18 18:34 - 2012-03-19 11:11 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-18 18:31 - 2014-09-18 18:31 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-17 22:06 - 2014-09-17 20:01 - 00031839 _____ () C:\Users\Administrator\Downloads\Addition.txt
2014-09-17 21:45 - 2014-09-17 21:45 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2014-09-17 21:45 - 2014-09-17 21:45 - 00001222 _____ () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2014-09-17 21:45 - 2014-09-17 21:45 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-09-17 20:37 - 2014-09-17 20:37 - 00380416 _____ () C:\Users\Administrator\Desktop\Gmer-19357.exe
2014-09-17 20:31 - 2014-09-17 20:31 - 00004646 _____ () C:\Users\Administrator\Documents\Ereignisses.txt
2014-09-17 20:30 - 2014-09-17 20:30 - 00001768 _____ () C:\Users\Administrator\Documents\Ereignisse.txt
2014-09-17 20:06 - 2014-09-17 19:59 - 00028849 _____ () C:\Users\Administrator\Downloads\FRST.txt
2014-09-17 19:57 - 2014-09-17 19:57 - 01097728 _____ (Farbar) C:\Users\Administrator\Desktop\FRST.exe
2014-09-17 19:53 - 2014-09-17 19:53 - 00000718 _____ () C:\Users\Administrator\Downloads\defogger_disable.log
2014-09-17 19:53 - 2014-09-17 19:53 - 00000176 _____ () C:\Users\Administrator\defogger_reenable
2014-09-17 19:53 - 2011-03-28 21:25 - 00000000 ____D () C:\Users\Administrator
2014-09-17 19:52 - 2014-09-17 19:52 - 00050477 _____ () C:\Users\Administrator\Downloads\Defogger.exe
2014-09-17 19:43 - 2011-08-14 15:23 - 00000000 ____D () C:\Program Files\Electronic Arts
2014-09-17 19:42 - 2009-07-14 06:52 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-17 19:34 - 2014-09-17 19:34 - 00003038 _____ () C:\Windows\DPINST.LOG
2014-09-17 19:34 - 2011-08-14 15:23 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2014-09-11 16:45 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-09-11 14:57 - 2014-09-11 14:37 - 00000000 ____D () C:\Users\Administrator\Desktop\BreakingBad
2014-09-11 14:35 - 2013-08-08 21:07 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 14:34 - 2014-09-11 14:34 - 00001095 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-09-11 14:34 - 2014-08-10 16:53 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-11 14:34 - 2013-04-05 14:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-09-11 14:34 - 2013-04-05 14:35 - 00000000 ____D () C:\Program Files\Avira
2014-09-10 15:23 - 2011-03-28 22:32 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-10 15:06 - 2011-03-28 23:09 - 98758480 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 14:12 - 2014-09-09 12:30 - 00000000 ____D () C:\Users\Administrator\Desktop\mucke
2014-09-09 12:30 - 2014-06-16 12:39 - 00000000 ____D () C:\Users\Administrator\Desktop\gut
2014-09-05 20:09 - 2014-08-19 16:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2014-08-29 13:56 - 2012-06-21 16:41 - 00000000 ____D () C:\Windows\system32\Adobe
2014-08-24 14:41 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-23 16:43
==================== End Of Log ============================
Bisher keine weiteren Vorfälle.  |
|
24.09.2014, 10:38
| #10 |
| /// the machine /// TB-Ausbilder | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
25.09.2014, 18:50
| #11 |
| | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Alles paletti, wunderbar! Nochmals tausend Dank für die rasante Unterstützung. |
|
26.09.2014, 12:20
| #12 |
| /// the machine /// TB-Ausbilder | ADWARE/MultiPlug.aob, ADWARE/BProtector.C und Co. entfernen Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
