| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.09.2014, 18:01
| #1 |
 |  Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Hallo Board, ich sitze gerade an einem Win7 Pro PC, der scheinbar einiges an Malware abbekommen hat. Laut Benutzer wurde eine Software installiert, daraufhin haben sich "alle möglichen anderen Tools mit installiert". Der Benutzer hat scheinbar versucht selbst mit diversen Tools (PC Speed Maximizer, DriverRestore, etc.) für Abhilfe zu sorgen, sich dabei aber wohl noch mehr Malware eingefangen. Momentan äußert sich der Befall durch Pop-Ups in sämtlichen Browsern, sowie Werbeeinblendungen und dem Umleiten von Suchanfragen. Ein erster Lauf von FRST erzeugte folgende Dateien: FRST.txt: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Minnich (administrator) on MINNICH-PC on 19-09-2014 18:59:55
Running from C:\Users\Minnich\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
() C:\Program Files\005\cyycfhtzro64.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
() C:\Windows\score.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7}] => %SYSTEMDRIVE%\restore\createrestore.exe /r
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_de_53] => [X]
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [OneMoreGame] => C:\Users\Minnich\AppData\Roaming\OneMoreGame\OMG.exe
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134968 2014-04-28] (Smart PC Solutions)
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [Gameo] => C:\Users\Minnich\AppData\Roaming\Gameo\gameo.exe [41402880 2014-08-25] ()
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [300840 2014-08-08] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MF92BE761-D608-4647-83D0-3881FB749AC8&SearchSource=58&CUI=&UM=6&UP=SP8C0EDAF5-C883-4ED5-A6B4-0B4989531E5B&q={searchTerms}&SSPV=&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F6F5001999962E10&affID=129280&tt=020914_onst&tsp=5362
SearchScopes: HKCU - {2B37E792-BCB1-4CE3-A0BA-E9C5B53FA524} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=129360&tt=020914_onst&mntrid=F6F5001999962E10&tsp=5361&q={searchTerms}&r=667
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll No File
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default
FF NewTab: chrome://quick_start/content/index.html
FF DefaultSearchEngine: Search The Web
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\Minnich\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Groovorio.xml
FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\onlysearchkms.xml
FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Start - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\faststartff@gmail.com [2014-09-03]
FF Extension: Internet Download Manager Squared - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08]
FF Extension: SaveClicker - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\jstrj2otka@kuxbzdmdd-.com [2014-09-03]
FF Extension: No Name - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\staged [2014-09-19]
FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08]
FF Extension: Groovorio - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-09-04]
FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07]
FF Extension: Iminent - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\firefoxmini@go.im.xpi [2014-09-03]
FF Extension: NoScript - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SaveClicker) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-09-04]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllDaySavingsService64; C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-03] (Just Develop It)
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG)
R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-04] () [File not signed]
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-03] (Cherished Technololgy LIMITED)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] ()
R2 scores; C:\Windows\score.exe [4823040 2014-09-02] () [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-09-03] (StdLib)
R1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64; C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [61064 2014-09-04] (StdLib)
S3 cpuz134; \??\C:\Users\Minnich\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:05 - 2014-09-19 19:00 - 00016325 _____ () C:\Users\Minnich\Desktop\FRST.txt
2014-09-19 17:05 - 2014-09-19 18:59 - 00065987 _____ () C:\Users\Minnich\Desktop\FRST_.txt
2014-09-19 17:05 - 2014-09-19 18:59 - 00000000 ____D () C:\FRST
2014-09-19 17:05 - 2014-09-19 17:06 - 00023349 _____ () C:\Users\Minnich\Desktop\Addition_.txt
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe
2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten
2014-09-19 13:43 - 2014-09-19 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-11 11:01 - 2014-09-19 07:54 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\Documents\PCSpeedUp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\AppData\Local\20777
2014-09-11 11:00 - 2014-09-19 17:46 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-09-11 11:00 - 2014-09-19 07:57 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\Minnich\Desktop\PC Speed Up.lnk
2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 08:17 - 2014-09-19 09:13 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\PC Speed Maximizer
2014-09-09 08:13 - 2014-09-19 16:49 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo
2014-09-09 08:13 - 2014-09-19 08:13 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan
2014-09-09 08:13 - 2014-09-19 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan
2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\Minnich\Desktop\Play Goodgame Empire.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\Minnich\Desktop\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\Desktop\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 08:12 - 2014-09-19 10:00 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\Minnich\Desktop\PC Speed Maximizer.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe
2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\Minnich\Desktop\Sync Folder.lnk
2014-09-09 07:40 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Genesis_09090540
2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\Minnich\Desktop\MyPC Backup.lnk
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup(1).exe
2014-09-09 07:37 - 2014-09-09 07:38 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup.exe
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP
2014-09-07 11:19 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files\Reimage
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe
2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380
2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser
2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser
2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard
2014-09-05 08:26 - 2014-09-04 19:53 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
2014-09-05 08:05 - 2014-09-06 14:55 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-05 08:05 - 2014-09-06 11:03 - 00000003 _____ () C:\Users\Minnich\AppData\Local\proxy.log
2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\rightbackup
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG
2014-09-04 16:56 - 2014-09-19 18:51 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-04 16:56 - 2014-09-05 08:03 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Probit Software
2014-09-04 16:55 - 2014-09-06 14:48 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\Minnich\AppData\Roaming\KWHF.exe
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-09-04 16:50 - 2014-09-05 08:05 - 00000529 _____ () C:\END
2014-09-04 16:50 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files\005
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\Minnich\Downloads\javaupdate_setup.exe
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-04 16:01 - 2014-09-07 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-09-04 16:01 - 2014-09-04 16:21 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-09-04 16:01 - 2014-09-04 16:08 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAD00.tmp
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com
2014-09-04 07:24 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Activeris
2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-03 19:45 - 2014-09-05 08:05 - 00001889 _____ () C:\Users\Minnich\Desktop\Search.lnk
2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-03 19:44 - 2014-09-06 10:48 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Smartbar
2014-09-03 19:43 - 2014-09-06 20:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-03 19:43 - 2014-09-06 10:21 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+
2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:46 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\Minnich\Documents\PC Speed Maximizer
2014-09-03 15:43 - 2014-09-06 10:39 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Chromatic Browser
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\Minnich\AppData\Local\globalUpdate
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-03 15:41 - 2014-09-06 10:49 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\istartsurf
2014-09-03 15:41 - 2014-09-06 10:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-03 15:41 - 2014-09-03 15:42 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-03 15:19 - 2014-09-03 02:49 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-03 15:18 - 2014-09-06 10:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\fabulous_09031318
2014-09-03 13:31 - 2014-09-06 10:16 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAFFC.tmp
2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\Minnich\AppData\Roaming\aps.uninstall.scan.results
2014-09-03 13:30 - 2014-09-05 08:05 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-09-03 13:27 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Systweak
2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-03 13:27 - 2014-05-08 12:31 - 00019968 _____ (Activeris) C:\Windows\system32\roboot64.exe
2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\Minnich\Documents\Optimizer Pro
2014-09-03 13:14 - 2014-09-05 08:15 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe
2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-19 19:00 - 2014-09-19 17:05 - 00016325 _____ () C:\Users\Minnich\Desktop\FRST.txt
2014-09-19 19:00 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-19 19:00 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-19 18:59 - 2014-09-19 17:05 - 00065987 _____ () C:\Users\Minnich\Desktop\FRST_.txt
2014-09-19 18:59 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST
2014-09-19 18:51 - 2014-09-04 16:56 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-19 18:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-19 17:46 - 2014-09-11 11:00 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:06 - 2014-09-19 17:05 - 00023349 _____ () C:\Users\Minnich\Desktop\Addition_.txt
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten
2014-09-19 16:49 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo
2014-09-19 13:43 - 2014-09-19 13:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 13:43 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 10:00 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-19 09:39 - 2014-06-05 16:01 - 01089713 _____ () C:\Windows\WindowsUpdate.log
2014-09-19 09:13 - 2014-09-09 08:17 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-09-19 08:13 - 2014-09-09 08:13 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan
2014-09-19 08:13 - 2014-09-09 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan
2014-09-19 07:57 - 2014-09-11 11:00 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-09-19 07:54 - 2014-09-11 11:01 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-19 07:52 - 2013-09-12 10:48 - 00029455 _____ () C:\Windows\setupact.log
2014-09-19 07:52 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Adobe
2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\Minnich\Documents\Loewe
2014-09-15 12:57 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-15 12:57 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-15 12:57 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\Minnich\AppData\Roaming\ShiftN.ini
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP
2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan
2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\Documents\PCSpeedUp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\Minnich\AppData\Local\20777
2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\Minnich\Desktop\PC Speed Up.lnk
2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 08:21 - 2010-11-21 05:47 - 00037824 _____ () C:\Windows\PFRO.log
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\PC Speed Maximizer
2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\Minnich\Desktop\Play Goodgame Empire.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\Minnich\Desktop\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\Desktop\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\Minnich\Desktop\PC Speed Maximizer.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-09 08:12 - 2014-09-03 15:46 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-09-09 08:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-09 07:59 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Genesis_09090540
2014-09-09 07:59 - 2014-09-04 07:24 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Activeris
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe
2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\Minnich\Desktop\Sync Folder.lnk
2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\Minnich\Desktop\MyPC Backup.lnk
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup(1).exe
2014-09-09 07:38 - 2014-09-09 07:37 - 01255552 _____ () C:\Users\Minnich\Downloads\Setup.exe
2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log
2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\Minnich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-08 09:56 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Reimage
2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP
2014-09-08 09:41 - 2014-09-03 13:27 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Systweak
2014-09-07 16:01 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder
2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 20:50 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Deutsche Telekom AG
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe
2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-06 14:55 - 2014-09-05 08:05 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:48 - 2014-09-04 16:55 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 11:03 - 2014-09-05 08:05 - 00000003 _____ () C:\Users\Minnich\AppData\Local\proxy.log
2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 10:49 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\istartsurf
2014-09-06 10:48 - 2014-09-03 19:44 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Smartbar
2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380
2014-09-06 10:39 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 10:26 - 2014-09-03 15:18 - 00000000 ____D () C:\Users\Minnich\AppData\Local\fabulous_09031318
2014-09-06 10:21 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+
2014-09-06 10:19 - 2014-09-03 15:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 10:16 - 2014-09-03 13:31 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser
2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser
2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard
2014-09-05 08:15 - 2014-09-03 13:14 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\rightbackup
2014-09-05 08:05 - 2014-09-04 16:50 - 00000529 _____ () C:\END
2014-09-05 08:05 - 2014-09-03 19:45 - 00001889 _____ () C:\Users\Minnich\Desktop\Search.lnk
2014-09-05 08:05 - 2014-09-03 13:30 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-09-05 08:03 - 2014-09-04 16:56 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Probit Software
2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:53 - 2014-09-05 08:26 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\Minnich\AppData\Roaming\KWHF.exe
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-09-04 16:51 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\Minnich\Downloads\javaupdate_setup.exe
2014-09-04 16:21 - 2014-09-04 16:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 16:08 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAD00.tmp
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com
2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Mozilla
2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\Minnich\Documents\PC Speed Maximizer
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Chromatic Browser
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\Minnich\AppData\Local\globalUpdate
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-03 15:42 - 2014-09-03 15:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\Minnich\AppData\Local\nsrAFFC.tmp
2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\Minnich\AppData\Roaming\aps.uninstall.scan.results
2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\Minnich\Documents\Optimizer Pro
2014-09-03 02:49 - 2014-09-03 15:19 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe
2014-09-02 14:11 - 2014-09-03 19:42 - 04823040 _____ () C:\Windows\score.exe
2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe
2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Files to move or delete:
====================
C:\ProgramData\Setup.exe
Some content of TEMP:
====================
C:\Users\Minnich\AppData\Local\Temp\294823_.exe
C:\Users\Minnich\AppData\Local\Temp\332023.exe.exe
C:\Users\Minnich\AppData\Local\Temp\510_obw_webssearches11-6.exe
C:\Users\Minnich\AppData\Local\Temp\AllDaySavings.exe
C:\Users\Minnich\AppData\Local\Temp\BackupSetup.exe
C:\Users\Minnich\AppData\Local\Temp\CloudBackup593.exe
C:\Users\Minnich\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Minnich\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Minnich\AppData\Local\Temp\ICSW_0C1I1L1R1J0C1F1G1G1P1R2Z.exe
C:\Users\Minnich\AppData\Local\Temp\ins6F36.tmp.exe
C:\Users\Minnich\AppData\Local\Temp\Launcher.exe
C:\Users\Minnich\AppData\Local\Temp\nsg58FE.tmp.exe
C:\Users\Minnich\AppData\Local\Temp\OnlineBackup.exe
C:\Users\Minnich\AppData\Local\Temp\optprosetup.exe
C:\Users\Minnich\AppData\Local\Temp\post1.exe
C:\Users\Minnich\AppData\Local\Temp\post2.dll
C:\Users\Minnich\AppData\Local\Temp\post2.exe
C:\Users\Minnich\AppData\Local\Temp\ReimageExpressPackage.exe
C:\Users\Minnich\AppData\Local\Temp\ReimageExpressSetup.exe
C:\Users\Minnich\AppData\Local\Temp\ReimagePackage.exe
C:\Users\Minnich\AppData\Local\Temp\rt-installer.exe
C:\Users\Minnich\AppData\Local\Temp\Shop2.exe
C:\Users\Minnich\AppData\Local\Temp\Softonic_DE_1-5-11_DE-Production_10_CleanRelease.exe
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite10413.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite10830.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite10963.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite11111.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite11324.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite11424.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite12460.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite13890.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite19289.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite19536.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite20833.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite21755.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite22111.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite22994.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite23785.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite27527.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite27824.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite29607.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite29971.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite36167.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite37796.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite38292.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite49748.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite52964.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite54966.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite56438.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite57155.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite59499.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite60321.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite61327.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite62501.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite62637.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite62901.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite64115.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite65148.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite66181.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite74865.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite76010.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite77804.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite78893.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite81326.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite82756.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite84451.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite86737.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite86905.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite87589.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite89086.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite89208.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite90816.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite91583.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite91869.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94357.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94552.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94710.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite94896.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite97107.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite97198.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite98329.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite99223.dll
C:\Users\Minnich\AppData\Local\Temp\System.Data.SQLite99475.dll
C:\Users\Minnich\AppData\Local\Temp\UpdateOMG.exe
C:\Users\Minnich\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Minnich\AppData\Local\Temp\Vuupc_setup.exe
C:\Users\Minnich\AppData\Local\Temp\WebsSearches_Installer_20140723.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-17 11:49
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Minnich at 2014-09-19 19:00:15
Running from C:\Users\Minnich\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG)
DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.)
Easy PDF Reader Packages (HKCU\...\Easy PDF Reader Packages) (Version: - ) <==== ATTENTION
Gameo (HKCU\...\Gameo) (Version: 0.9.1 - Fried Cookie Software)
InfoTip 2001 (HKLM-x32\...\It2001) (Version: - )
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG)
MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.1 (x86 de)) (Version: 32.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - Smart PC Solutions)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.6.6.0 - Speedchecker Limited)
Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden
PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH)
simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-09-2014 05:50:26 Windows Defender Checkpoint
08-09-2014 07:48:44 Advanced-System Protector
08-09-2014 08:06:10 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
08-09-2014 12:26:08 Removed Microsoft Silverlight
09-09-2014 06:00:18 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
10-09-2014 06:16:46 Windows Update
10-09-2014 16:44:55 Windows Update
17-09-2014 06:11:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-08 11:33 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 d3oxij66pru1i3.cloudfront.net
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2A4D46E6-8FE6-40DD-A3B5-AC8F8EE8F7D1} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3DE0C654-65C3-4DC0-BA6A-ED7D570CC9D0} - System32\Tasks\ASP => C:\Program Files (x86)\Tuneup Pro\systweakasp.exe
Task: {4E4AE86A-7632-4E08-9764-6584860DDA84} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5E3F9F07-75C9-445E-A111-E0E250E7E9F5} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] ()
Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
Task: {A1820847-BBED-4884-B07D-3C10505F6329} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-09-03] (MyPC Backup) <==== ATTENTION
Task: {C589CB52-199A-4B7F-B043-3CCFA7869176} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CBB2E0FD-42FD-4E94-8195-0F713F4F7247} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] ()
Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DF95028E-2707-4B06-9739-E3D7ECB40BFE} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions)
Task: {EEBE72F4-74A5-4C29-B771-ED972BB6F001} - System32\Tasks\AmiUpdXp => C:\Users\Minnich\AppData\Local\20777\a12408.exe [2014-09-11] () <==== ATTENTION
Task: {FFEBAE56-E35C-444C-9303-D2354008698E} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-08-08] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\Minnich\AppData\Local\20777\a12408.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\KWHF.job => C:\Users\Minnich\AppData\Roaming\KWHF.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
==================== Loaded Modules (whitelisted) =============
2014-09-11 11:00 - 2014-08-08 13:43 - 00430888 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2014-07-31 22:20 - 2014-07-31 22:20 - 00172544 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe
2014-07-31 22:20 - 2014-07-31 22:20 - 00110080 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\nfapi.dll
2014-07-31 22:20 - 2014-07-31 22:20 - 00456192 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ProtocolFilters.dll
2014-08-21 12:33 - 2014-09-03 15:42 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-08-21 12:32 - 2014-09-03 15:41 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-09-04 16:51 - 2014-09-04 16:51 - 00709120 _____ () C:\Program Files\005\cyycfhtzro64.exe
2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe
2014-09-11 11:00 - 2014-08-08 13:43 - 00585600 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-08-21 12:33 - 2014-09-03 15:42 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-09-19 13:43 - 2014-09-19 13:43 - 03716720 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7
Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213
Ausnahmecode: 0x80000003
Fehleroffset: 0x00357aad
ID des fehlerhaften Prozesses: 0x13dc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7
Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213
Ausnahmecode: 0x80000003
Fehleroffset: 0x00357aad
ID des fehlerhaften Prozesses: 0xbb8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: Minnich-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
Error: (09/17/2014 08:07:39 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/16/2014 07:24:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/15/2014 07:43:36 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
System errors:
=============
Error: (09/19/2014 07:53:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ttnfd
Error: (09/19/2014 07:53:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/19/2014 07:53:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/19/2014 07:53:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ttnfd
Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/19/2014 07:50:50 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/18/2014 07:44:44 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ttnfd
Error: (09/18/2014 07:44:43 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Downloads\esetsmartinstaller_deu.exe
Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aad13dc01cfd418d87e3b37C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll234117ff-400c-11e4-bd3d-001999962e10
Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aadbb801cfd417e0d5d892C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll09ca037a-400c-11e4-bd3d-001999962e10
Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: Minnich-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
Error: (09/17/2014 08:07:39 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/16/2014 07:24:42 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/15/2014 07:43:36 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 36%
Total physical RAM: 3967.61 MB
Available physical RAM: 2504.04 MB
Total Pagefile: 8233.41 MB
Available Pagefile: 6719.95 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:180.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C)
Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27)
Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Besten Gruß. |
|
19.09.2014, 18:08
| #2 |
| /// the machine /// TB-Ausbilder    | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC hi,
__________________Adware & Co. deinstallieren
Scan mit Combofix
__________________ |
|
20.09.2014, 09:09
| #3 | |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCZitat:
aufgrund andauernder Gewitter konnte gestern leider nicht mehr weiter gemacht werden. Jetzt geht es weiter. Folgendes Programm wird zwar im FRST Logfile mit "ATTENTION" markiert, ist aber nicht im Revo Uninstaller aufgeführt: Code:
ATTFilter MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
Anbei nochmal ein neuer Scan von FRST nach einem Neustart. Ich weiß nicht, wie lange der befallene PC gestern schon lief, bzw. was unternommen wurde, _bevor_ ich den ersten Scan gestartet hatte. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by PcUser (administrator) on PcUser-PC on 20-09-2014 10:12:32
Running from C:\Users\PcUser\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
() C:\Program Files (x86)\PC Speed Up\PCSUService.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
() C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe
(Smart PC Solutions) C:\Program Files (x86)\PC Speed Maximizer\SPMSmartScan.exe
() C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe
() C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
(MyPCBackup.com) C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe
() C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe
() C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe
() C:\Program Files (x86)\SupTab\HpUI.exe
() C:\Program Files (x86)\SupTab\Loader64.exe
() C:\Program Files (x86)\SupTab\Loader32.exe
(SIEN S.A.) C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe
() C:\Windows\score.exe
() C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7}] => %SYSTEMDRIVE%\restore\createrestore.exe /r
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mbot_de_53] => [X]
HKLM-x32\...\Run: [Registry Helper] => "C:\Program Files (x86)\Registry Helper\RegistryHelper.Exe" /boot
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKLM-x32\...\Run: [OneMoreGame] => C:\Users\PcUser\AppData\Roaming\OneMoreGame\OMG.exe
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PC Speed Maximizer] => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [134968 2014-04-28] (Smart PC Solutions)
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [Gameo] => C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe [41402880 2014-08-25] ()
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [PCSpeedUp] => C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe [300840 2014-08-08] ()
IFEO\DatamngrCoordinator.exe: [Debugger] tasklist.exe
Startup: C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {CC865B26-C31D-4D23-B17B-96548EEF03F6} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms}
SearchScopes: HKCU - DefaultScope {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir=
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=MF92BE761-D608-4647-83D0-3881FB749AC8&SearchSource=58&CUI=&UM=6&UP=SP8C0EDAF5-C883-4ED5-A6B4-0B4989531E5B&q={searchTerms}&SSPV=&SSPV=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.only-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=F6F5001999962E10&affID=129280&tt=020914_onst&tsp=5362
SearchScopes: HKCU - {2B37E792-BCB1-4CE3-A0BA-E9C5B53FA524} URL = hxxp://www.only-search.com/?babsrc=SP_kms&affID=129360&tt=020914_onst&mntrid=F6F5001999962E10&tsp=5361&q={searchTerms}&r=667
SearchScopes: HKCU - {3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} URL = hxxp://www.mystart.com/results.php?gen=ms&pr=vmn&id=mystarttb&v=5_4&ent=ch_5108&q={searchTerms}
BHO: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: TermTutor -> {6CB99040-7828-4C37-AC01-F15758F43E4D} -> C:\Program Files\TermTutor\IE\TermTutorClientIE.dll No File
BHO: IMinent WebBooster (BHO) -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> C:\Program Files (x86)\Iminent\Minibar.InternetExplorer.BHOx64.dll No File
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Shopping Helper SmartbarEngine -> {31ad400d-1b06-4e33-a59a-90c2c140cba0} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: IETabPage Class -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} -> C:\Program Files (x86)\SupTab\SupTab.dll (Thinknice Co. Limited)
BHO-x32: No Name -> {84FF7BD6-B47F-46F8-9130-01B2696B36CB} -> No File
BHO-x32: No Name -> {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} -> No File
Toolbar: HKLM - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Shopping Helper Smartbar - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Users\PcUser\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Groovorio.xml
FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\onlysearchkms.xml
FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\trovi-search.xml
FF SearchPlugin: C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\istartsurf.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mystarttb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\StartWeb.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Fast Start - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\faststartff@gmail.com [2014-09-03]
FF Extension: Internet Download Manager Squared - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08]
FF Extension: SaveClicker - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\jstrj2otka@kuxbzdmdd-.com [2014-09-03]
FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08]
FF Extension: Groovorio - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73843edf-1075-4a55-947c-e13e0dc9349e} [2014-09-04]
FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07]
FF Extension: Iminent - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\firefoxmini@go.im.xpi [2014-09-03]
FF Extension: NoScript - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF HKLM-x32\...\Firefox\Extensions: [termtutor@termtutor.com] - C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (SaveClicker) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03]
CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08]
CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07]
CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07]
CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10]
CHR Extension: (No Name) - C:\Users\PcUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb [2014-09-04]
CHR HKLM-x32\...\Chrome\Extension: [dghncoeocefmhkhiphdgikkamjeglbfh] - C:\Program Files (x86)\mystarttb\chrome-newtab-search.crx []
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AllDaySavingsService64; C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [172544 2014-07-31] () [File not signed]
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-09-03] (Just Develop It)
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG)
S2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-04] () [File not signed]
R2 GlobalUpdater; C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [378152 2014-08-13] (SIEN S.A.)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [715656 2014-09-03] (Cherished Technololgy LIMITED)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 PCSUService; C:\Program Files (x86)\PC Speed Up\PCSUService.exe [430888 2014-08-08] ()
R2 scores; C:\Windows\score.exe [4823040 2014-09-02] () [File not signed]
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-07-31] (NetFilterSDK.com)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64; C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [61072 2014-09-03] (StdLib)
R1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64; C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [61064 2014-09-04] (StdLib)
S3 cpuz134; \??\C:\Users\PcUser\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
S1 ttnfd; system32\drivers\ttnfd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-20 10:09 - 2014-09-20 10:09 - 00025708 _____ () C:\Users\PcUser\Desktop\Addition.txt
2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\PcUser\Desktop\Revo Uninstaller.lnk
2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\PcUser\Desktop\revosetup95.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\PcUser\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\PcUser\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\PcUser\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PcUser\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\PcUser\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:05 - 2014-09-20 10:12 - 00016387 _____ () C:\Users\PcUser\Desktop\FRST.txt
2014-09-19 17:05 - 2014-09-20 10:12 - 00000000 ____D () C:\FRST
2014-09-19 17:05 - 2014-09-19 19:00 - 00066173 _____ () C:\Users\PcUser\Desktop\FRST_.txt
2014-09-19 17:05 - 2014-09-19 19:00 - 00024188 _____ () C:\Users\PcUser\Desktop\Addition_.txt
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\PcUser\Desktop\FRST64.exe
2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\PcUser\Desktop\mal.txt
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\PcUser\Desktop\Alte Browser7-Daten
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-11 11:01 - 2014-09-20 10:12 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\Documents\PCSpeedUp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\AppData\Local\20777
2014-09-11 11:00 - 2014-09-20 10:10 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-09-11 11:00 - 2014-09-19 19:37 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\PcUser\Desktop\PC Speed Up.lnk
2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 08:17 - 2014-09-20 10:10 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\SumatraPDF
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\PC Speed Maximizer
2014-09-09 08:13 - 2014-09-20 10:10 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Gameo
2014-09-09 08:13 - 2014-09-20 08:14 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan
2014-09-09 08:13 - 2014-09-20 08:14 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan
2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\PcUser\Desktop\Play Goodgame Empire.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\PcUser\Desktop\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\Desktop\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\PcUser\AppData\Roaming\GoldenGate
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 08:12 - 2014-09-20 08:14 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\PcUser\Desktop\PC Speed Maximizer.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair(1).exe
2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\PcUser\Desktop\Sync Folder.lnk
2014-09-09 07:40 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Genesis_09090540
2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\PcUser\Desktop\MyPC Backup.lnk
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup(1).exe
2014-09-09 07:37 - 2014-09-09 07:38 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup.exe
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\PcUser\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP
2014-09-07 11:19 - 2014-09-08 09:56 - 00000000 ____D () C:\Program Files\Reimage
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\DriverFinder
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7_setup.exe
2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380
2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\PcUser\AppData\Local\speed browser
2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser
2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard
2014-09-05 08:26 - 2014-09-04 19:53 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
2014-09-05 08:05 - 2014-09-06 14:55 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-05 08:05 - 2014-09-06 11:03 - 00000003 _____ () C:\Users\PcUser\AppData\Local\proxy.log
2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\rightbackup
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\PcUser\AppData\Roaming\WB.CFG
2014-09-04 16:56 - 2014-09-20 08:22 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-04 16:56 - 2014-09-05 08:03 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Probit Software
2014-09-04 16:55 - 2014-09-06 14:48 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\PcUser\AppData\Roaming\KWHF.exe
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-09-04 16:50 - 2014-09-05 08:05 - 00000529 _____ () C:\END
2014-09-04 16:50 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files\005
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\PcUser\Downloads\javaupdate_setup.exe
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\PcUser\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-04 16:01 - 2014-09-07 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-09-04 16:01 - 2014-09-04 16:21 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-09-04 16:01 - 2014-09-04 16:08 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAD00.tmp
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\PcUser\AppData\Local\com
2014-09-04 07:24 - 2014-09-09 07:59 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Activeris
2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-03 19:45 - 2014-09-05 08:05 - 00001889 _____ () C:\Users\PcUser\Desktop\Search.lnk
2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-03 19:44 - 2014-09-06 10:48 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Smartbar
2014-09-03 19:43 - 2014-09-06 20:50 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-03 19:43 - 2014-09-06 10:21 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+
2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:46 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\PcUser\Documents\PC Speed Maximizer
2014-09-03 15:43 - 2014-09-06 10:39 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Chromatic Browser
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\PcUser\AppData\Local\globalUpdate
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-03 15:41 - 2014-09-06 10:49 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\istartsurf
2014-09-03 15:41 - 2014-09-06 10:19 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-03 15:41 - 2014-09-03 15:42 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-03 15:19 - 2014-09-03 02:49 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-03 15:18 - 2014-09-06 10:26 - 00000000 ____D () C:\Users\PcUser\AppData\Local\fabulous_09031318
2014-09-03 13:31 - 2014-09-06 10:16 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAFFC.tmp
2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\PcUser\AppData\Roaming\aps.uninstall.scan.results
2014-09-03 13:30 - 2014-09-05 08:05 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-09-03 13:27 - 2014-09-08 09:41 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Systweak
2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-03 13:27 - 2014-05-08 12:31 - 00019968 _____ (Activeris) C:\Windows\system32\roboot64.exe
2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\PcUser\Documents\Optimizer Pro
2014-09-03 13:14 - 2014-09-05 08:15 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\QuickScan
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\PcUser\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\PcUser\Desktop\guiformat.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\PcUser\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\PcUser\Downloads\Install.exe
2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-20 10:12 - 2014-09-19 17:05 - 00016387 _____ () C:\Users\PcUser\Desktop\FRST.txt
2014-09-20 10:12 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST
2014-09-20 10:12 - 2014-09-11 11:01 - 00000374 _____ () C:\Windows\Tasks\AmiUpdXp.job
2014-09-20 10:10 - 2014-09-11 11:00 - 00000000 ____D () C:\Program Files (x86)\PC Speed Up
2014-09-20 10:10 - 2014-09-09 08:17 - 00003260 _____ () C:\Windows\System32\Tasks\PC Speed Maximizer Schedule
2014-09-20 10:10 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Gameo
2014-09-20 10:10 - 2014-06-05 16:01 - 01117506 _____ () C:\Windows\WindowsUpdate.log
2014-09-20 10:10 - 2013-09-12 10:48 - 00029679 _____ () C:\Windows\setupact.log
2014-09-20 10:10 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-20 10:09 - 2014-09-20 10:09 - 00025708 _____ () C:\Users\PcUser\Desktop\Addition.txt
2014-09-20 09:49 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-20 09:49 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-20 09:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-20 09:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-20 09:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 09:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-20 08:46 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-20 08:22 - 2014-09-04 16:56 - 00000000 ____D () C:\Program Files\AllDaySavings
2014-09-20 08:14 - 2014-09-09 08:13 - 00003754 _____ () C:\Windows\System32\Tasks\DriverRestore_ScheduledScan
2014-09-20 08:14 - 2014-09-09 08:13 - 00003600 _____ () C:\Windows\System32\Tasks\DriverRestore_DailyScan
2014-09-20 08:14 - 2014-09-09 08:12 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-19 19:37 - 2014-09-11 11:00 - 00000344 _____ () C:\Windows\Tasks\PC SpeedUp Service Deactivator.job
2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\PcUser\Desktop\Revo Uninstaller.lnk
2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\PcUser\Desktop\revosetup95.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 19:00 - 2014-09-19 17:05 - 00066173 _____ () C:\Users\PcUser\Desktop\FRST_.txt
2014-09-19 19:00 - 2014-09-19 17:05 - 00024188 _____ () C:\Users\PcUser\Desktop\Addition_.txt
2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\PcUser\Desktop\mal.txt
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\PcUser\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\PcUser\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\PcUser\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\PcUser\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\PcUser\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\PcUser\Desktop\FRST64.exe
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\PcUser\Desktop\Alte Browser7-Daten
2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Adobe
2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\PcUser\Documents\Loewe
2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\PcUser\AppData\Roaming\ShiftN.ini
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP
2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\QuickScan
2014-09-11 11:01 - 2014-09-11 11:01 - 00003420 _____ () C:\Windows\System32\Tasks\AmiUpdXp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\Documents\PCSpeedUp
2014-09-11 11:01 - 2014-09-11 11:01 - 00000000 ____D () C:\Users\PcUser\AppData\Local\20777
2014-09-11 11:00 - 2014-09-11 11:00 - 00002724 _____ () C:\Windows\System32\Tasks\PC SpeedUp Service Deactivator
2014-09-11 11:00 - 2014-09-11 11:00 - 00001055 _____ () C:\Users\PcUser\Desktop\PC Speed Up.lnk
2014-09-11 11:00 - 2014-09-11 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Up
2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 08:21 - 2010-11-21 05:47 - 00037824 _____ () C:\Windows\PFRO.log
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\SumatraPDF
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\PC Speed Maximizer
2014-09-09 08:13 - 2014-09-09 08:13 - 00001928 _____ () C:\Users\PcUser\Desktop\Play Goodgame Empire.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001805 _____ () C:\Users\PcUser\Desktop\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00001791 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo.lnk
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\Desktop\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\PcUser\AppData\Roaming\GoldenGate
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Gameo
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 08:12 - 2014-09-09 08:12 - 00001124 _____ () C:\Users\PcUser\Desktop\PC Speed Maximizer.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00001074 _____ () C:\Users\Public\Desktop\DriverRestore.lnk
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
2014-09-09 08:12 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-09 08:12 - 2014-09-03 15:46 - 00000000 ____D () C:\Program Files (x86)\PC Speed Maximizer
2014-09-09 08:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-09 07:59 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Genesis_09090540
2014-09-09 07:59 - 2014-09-04 07:24 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Activeris
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\PcUser\Downloads\ReimageRepair(1).exe
2014-09-09 07:41 - 2014-09-09 07:41 - 00004032 _____ () C:\Windows\System32\Tasks\LaunchSignup
2014-09-09 07:41 - 2014-09-09 07:41 - 00001976 _____ () C:\Users\PcUser\Desktop\Sync Folder.lnk
2014-09-09 07:40 - 2014-09-09 07:40 - 00001094 _____ () C:\Users\PcUser\Desktop\MyPC Backup.lnk
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-09-09 07:40 - 2014-09-09 07:40 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-09-09 07:39 - 2014-09-09 07:39 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup(1).exe
2014-09-09 07:38 - 2014-09-09 07:37 - 01255552 _____ () C:\Users\PcUser\Downloads\Setup.exe
2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log
2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\PcUser\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\PcUser\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-08 09:56 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files\Reimage
2014-09-08 09:41 - 2014-09-08 09:41 - 00003328 _____ () C:\Windows\System32\Tasks\ASP
2014-09-08 09:41 - 2014-09-03 13:27 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Systweak
2014-09-07 16:01 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP3.job
2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\DriverFinder
2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\PcUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 20:50 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Deutsche Telekom AG
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\PcUser\Downloads\browser7_setup.exe
2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-06 14:55 - 2014-09-05 08:05 - 00000000 ____D () C:\Program Files (x86)\Bench
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:48 - 2014-09-04 16:55 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 11:03 - 2014-09-05 08:05 - 00000003 _____ () C:\Users\PcUser\AppData\Local\proxy.log
2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 10:49 - 2014-09-03 15:41 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\istartsurf
2014-09-06 10:48 - 2014-09-03 19:44 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Smartbar
2014-09-06 10:45 - 2014-09-06 10:45 - 00000000 ____D () C:\ProgramData\374311380
2014-09-06 10:39 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\SaveClicker
2014-09-06 10:33 - 2014-09-06 10:33 - 00000000 ____D () C:\Program Files (x86)\SaveClicker
2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-06 10:26 - 2014-09-06 10:26 - 00000000 ____D () C:\Program Files (x86)\predm
2014-09-06 10:26 - 2014-09-03 15:18 - 00000000 ____D () C:\Users\PcUser\AppData\Local\fabulous_09031318
2014-09-06 10:21 - 2014-09-03 19:43 - 00000000 ____D () C:\Program Files (x86)\videos MediaPlayer+
2014-09-06 10:19 - 2014-09-03 15:41 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-09-06 10:16 - 2014-09-03 13:31 - 00000000 ____D () C:\ProgramData\Registry Helper
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\PcUser\AppData\Local\speed browser
2014-09-05 12:25 - 2014-09-05 12:25 - 01482656 _____ () C:\ProgramData\Setup.exe
2014-09-05 12:25 - 2014-09-05 12:25 - 00000000 ____D () C:\ProgramData\Browser
2014-09-05 08:48 - 2014-09-05 08:48 - 00000000 ____D () C:\TVWizard
2014-09-05 08:15 - 2014-09-03 13:14 - 00000000 ____D () C:\Program Files (x86)\FLVM Player
2014-09-05 08:05 - 2014-09-05 08:05 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\rightbackup
2014-09-05 08:05 - 2014-09-04 16:50 - 00000529 _____ () C:\END
2014-09-05 08:05 - 2014-09-03 19:45 - 00001889 _____ () C:\Users\PcUser\Desktop\Search.lnk
2014-09-05 08:05 - 2014-09-03 13:30 - 00000000 ____D () C:\ProgramData\DSearchLink
2014-09-05 08:03 - 2014-09-04 16:56 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Probit Software
2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 19:53 - 2014-09-05 08:26 - 00061064 _____ (StdLib) C:\Windows\system32\Drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\PcUser\AppData\Roaming\WB.CFG
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 01994136 _____ (HQPureQual) C:\Users\PcUser\AppData\Roaming\KWHF.exe
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:51 - 2014-09-04 16:51 - 00000000 ____D () C:\Program Files (x86)\Probit Software
2014-09-04 16:51 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A39.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL4A0A.tmp
2014-09-04 16:34 - 2014-09-04 16:34 - 00000000 _____ () C:\LIL49DB.tmp
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:27 - 2014-09-04 16:27 - 00144760 _____ (Premium Installer ) C:\Users\PcUser\Downloads\javaupdate_setup.exe
2014-09-04 16:21 - 2014-09-04 16:01 - 00000378 _____ () C:\Windows\Tasks\APSnotifierPP1.job
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\PcUser\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 16:08 - 2014-09-04 16:01 - 00000376 _____ () C:\Windows\Tasks\APSnotifierPP2.job
2014-09-04 16:01 - 2014-09-04 16:01 - 00002832 _____ () C:\Windows\System32\Tasks\APSnotifierPP1
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP3
2014-09-04 16:01 - 2014-09-04 16:01 - 00002830 _____ () C:\Windows\System32\Tasks\APSnotifierPP2
2014-09-04 16:00 - 2014-09-04 16:00 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAD00.tmp
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\PcUser\AppData\Local\com
2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\PcUser\AppData\Roaming\Mozilla
2014-09-04 07:20 - 2014-09-04 07:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
2014-09-03 19:42 - 2014-09-03 19:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:46 - 2014-09-03 15:46 - 00000000 ____D () C:\Users\PcUser\Documents\PC Speed Maximizer
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Chromatic Browser
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Torch
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\Users\PcUser\AppData\Local\globalUpdate
2014-09-03 15:42 - 2014-09-03 15:42 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-09-03 15:42 - 2014-09-03 15:41 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-09-03 13:31 - 2014-09-03 13:31 - 00575544 _____ (ClickMeIn Limited) C:\Users\PcUser\AppData\Local\nsrAFFC.tmp
2014-09-03 13:31 - 2014-09-03 13:31 - 00000318 _____ () C:\Users\PcUser\AppData\Roaming\aps.uninstall.scan.results
2014-09-03 13:27 - 2014-09-03 13:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
2014-09-03 13:20 - 2014-09-03 13:20 - 00000000 ____D () C:\Users\PcUser\Documents\Optimizer Pro
2014-09-03 02:49 - 2014-09-03 15:19 - 00061072 _____ (StdLib) C:\Windows\system32\Drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\PcUser\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\PcUser\Desktop\guiformat.exe
2014-09-02 14:11 - 2014-09-03 19:42 - 04823040 _____ () C:\Windows\score.exe
2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\PcUser\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\PcUser\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\PcUser\Downloads\Install.exe
2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Files to move or delete:
====================
C:\ProgramData\Setup.exe
Some content of TEMP:
====================
C:\Users\PcUser\AppData\Local\Temp\294823_.exe
C:\Users\PcUser\AppData\Local\Temp\332023.exe.exe
C:\Users\PcUser\AppData\Local\Temp\510_obw_webssearches11-6.exe
C:\Users\PcUser\AppData\Local\Temp\AllDaySavings.exe
C:\Users\PcUser\AppData\Local\Temp\BackupSetup.exe
C:\Users\PcUser\AppData\Local\Temp\CloudBackup593.exe
C:\Users\PcUser\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\PcUser\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\PcUser\AppData\Local\Temp\ICSW_0C1I1L1R1J0C1F1G1G1P1R2Z.exe
C:\Users\PcUser\AppData\Local\Temp\ins6F36.tmp.exe
C:\Users\PcUser\AppData\Local\Temp\Launcher.exe
C:\Users\PcUser\AppData\Local\Temp\nsg58FE.tmp.exe
C:\Users\PcUser\AppData\Local\Temp\OnlineBackup.exe
C:\Users\PcUser\AppData\Local\Temp\optprosetup.exe
C:\Users\PcUser\AppData\Local\Temp\post1.exe
C:\Users\PcUser\AppData\Local\Temp\post2.dll
C:\Users\PcUser\AppData\Local\Temp\post2.exe
C:\Users\PcUser\AppData\Local\Temp\ReimageExpressPackage.exe
C:\Users\PcUser\AppData\Local\Temp\ReimageExpressSetup.exe
C:\Users\PcUser\AppData\Local\Temp\ReimagePackage.exe
C:\Users\PcUser\AppData\Local\Temp\rt-installer.exe
C:\Users\PcUser\AppData\Local\Temp\Shop2.exe
C:\Users\PcUser\AppData\Local\Temp\Softonic_DE_1-5-11_DE-Production_10_CleanRelease.exe
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite10413.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite10830.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite10963.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite11111.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite11324.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite11424.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite12460.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite13890.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite19289.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite19536.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite20833.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite21755.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite22111.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite22994.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite23785.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite27527.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite27824.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite29607.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite29971.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite36167.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite37796.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite38292.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite49748.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite52964.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite54966.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite56438.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite57155.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite59499.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite60321.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite61327.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite62501.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite62637.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite62901.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite64115.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite65148.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite66181.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite74865.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite76010.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite77804.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite78893.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite81326.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite82756.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite84451.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite86737.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite86905.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite87589.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite89086.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite89208.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite90816.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite91583.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite91869.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94357.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94552.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94710.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite94896.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite97107.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite97198.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite98329.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite99223.dll
C:\Users\PcUser\AppData\Local\Temp\System.Data.SQLite99475.dll
C:\Users\PcUser\AppData\Local\Temp\UpdateOMG.exe
C:\Users\PcUser\AppData\Local\Temp\vcredist_x64.exe
C:\Users\PcUser\AppData\Local\Temp\Vuupc_setup.exe
C:\Users\PcUser\AppData\Local\Temp\WebsSearches_Installer_20140723.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-17 11:49
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- --- Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by PcUser at 2014-09-20 10:13:11
Running from C:\Users\PcUser\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG)
DriverRestore (HKLM\...\DriverRestore) (Version: 1.0 - 383 Media, Inc.)
Easy PDF Reader Packages (HKCU\...\Easy PDF Reader Packages) (Version: - ) <==== ATTENTION
Gameo (HKCU\...\Gameo) (Version: 0.9.1 - Fried Cookie Software)
InfoTip 2001 (HKLM-x32\...\It2001) (Version: - )
istartsurf uninstall (HKLM-x32\...\istartsurf uninstall) (Version: - istartsurf) <==== ATTENTION
MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG)
MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyPC Backup (HKLM\...\MyPC Backup) (Version: - JDi Backup Ltd) <==== ATTENTION
PC Speed Maximizer v3.2 (HKLM-x32\...\PC Speed Maximizer_is1) (Version: 3.2 - Smart PC Solutions)
PC Speed Up (HKLM\...\PCSU-SL_is1) (Version: 3.6.6.0 - Speedchecker Limited)
Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden
PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
simplitec simplicheck (HKLM-x32\...\{183D780B-28F9-41BA-A2CB-605F324A5781}) (Version: 1.3.10.0 - simplitec GmbH)
Software Version Updater (HKLM-x32\...\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}) (Version: 1.1.3.8 - ) <==== ATTENTION
Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
07-09-2014 05:50:26 Windows Defender Checkpoint
08-09-2014 07:48:44 Advanced-System Protector
08-09-2014 08:06:10 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
08-09-2014 12:26:08 Removed Microsoft Silverlight
09-09-2014 06:00:18 Removed Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
10-09-2014 06:16:46 Windows Update
10-09-2014 16:44:55 Windows Update
17-09-2014 06:11:01 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-08 11:33 - 00000867 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 d3oxij66pru1i3.cloudfront.net
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2A4D46E6-8FE6-40DD-A3B5-AC8F8EE8F7D1} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {3DE0C654-65C3-4DC0-BA6A-ED7D570CC9D0} - System32\Tasks\ASP => C:\Program Files (x86)\Tuneup Pro\systweakasp.exe
Task: {4E4AE86A-7632-4E08-9764-6584860DDA84} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {5E3F9F07-75C9-445E-A111-E0E250E7E9F5} - System32\Tasks\DriverRestore_ScheduledScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] ()
Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
Task: {A1820847-BBED-4884-B07D-3C10505F6329} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-09-03] (MyPC Backup) <==== ATTENTION
Task: {C589CB52-199A-4B7F-B043-3CCFA7869176} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {CBB2E0FD-42FD-4E94-8195-0F713F4F7247} - System32\Tasks\DriverRestore_DailyScan => C:\Program Files (x86)\DriverRestore\DriverRestore.exe [2014-07-15] ()
Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {DF95028E-2707-4B06-9739-E3D7ECB40BFE} - System32\Tasks\PC Speed Maximizer Schedule => C:\Program Files (x86)\PC Speed Maximizer\SPMLauncher.exe [2014-04-28] (Smart PC Solutions)
Task: {EEBE72F4-74A5-4C29-B771-ED972BB6F001} - System32\Tasks\AmiUpdXp => C:\Users\PcUser\AppData\Local\20777\a12408.exe [2014-09-11] () <==== ATTENTION
Task: {FFEBAE56-E35C-444C-9303-D2354008698E} - System32\Tasks\PC SpeedUp Service Deactivator => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe [2014-08-08] () <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AmiUpdXp.job => C:\Users\PcUser\AppData\Local\20777\a12408.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\KWHF.job => C:\Users\PcUser\AppData\Roaming\KWHF.exe
Task: C:\Windows\Tasks\PC SpeedUp Service Deactivator.job => C:\Program Files (x86)\PC Speed Up\PCSUSD.exe
==================== Loaded Modules (whitelisted) =============
2014-09-11 11:00 - 2014-08-08 13:43 - 00430888 _____ () C:\Program Files (x86)\PC Speed Up\PCSUService.exe
2014-07-31 22:20 - 2014-07-31 22:20 - 00172544 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe
2014-07-31 22:20 - 2014-07-31 22:20 - 00110080 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\nfapi.dll
2014-07-31 22:20 - 2014-07-31 22:20 - 00456192 _____ () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ProtocolFilters.dll
2014-08-21 12:33 - 2014-09-03 15:42 - 00106376 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll
2014-09-09 08:13 - 2014-08-25 19:28 - 41402880 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\gameo.exe
2014-09-11 11:00 - 2014-08-08 13:43 - 00300840 _____ () C:\Program Files (x86)\PC Speed Up\PCSUNotifier.exe
2014-09-03 19:39 - 2014-09-03 19:39 - 00012288 _____ () C:\Program Files (x86)\MyPC Backup\GetText.dll
2014-09-03 19:34 - 2014-09-03 19:34 - 01102336 _____ () C:\Program Files (x86)\MyPC Backup\x64\System.Data.SQLite.dll
2014-08-21 12:32 - 2014-09-03 15:41 - 00733576 _____ () C:\Program Files (x86)\SupTab\HpUI.exe
2014-07-16 10:55 - 2014-07-16 10:55 - 00073216 _____ () C:\Program Files (x86)\SupTab\Loader64.exe
2014-07-16 11:16 - 2014-07-16 11:16 - 00064000 _____ () C:\Program Files (x86)\SupTab\Loader32.exe
2014-09-03 19:42 - 2014-09-02 14:11 - 04823040 _____ () C:\Windows\score.exe
2014-09-11 11:00 - 2014-08-08 13:43 - 00585600 _____ () C:\Program Files (x86)\PC Speed Up\sqlite3.dll
2014-08-21 12:33 - 2014-09-03 15:42 - 00023944 _____ () C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll
2014-09-11 11:00 - 2014-08-08 13:43 - 00348456 _____ () C:\Program Files (x86)\PC Speed Up\PopupNotification.dll
2014-09-09 08:13 - 2014-08-25 19:28 - 00900096 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\libglesv2.dll
2014-09-09 08:13 - 2014-08-25 19:28 - 00102400 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\libegl.dll
2014-09-09 08:13 - 2014-08-25 19:28 - 00882176 _____ () C:\Users\PcUser\AppData\Roaming\Gameo\ffmpegsumo.dll
2014-09-20 10:10 - 2014-09-20 10:10 - 00271872 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\gameo_utils\Build\Release\gameo_utils_node.node
2014-09-20 10:10 - 2014-09-20 10:10 - 00095232 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\gameo_utils\Build\Release\gameo_utils.dll
2014-09-20 10:10 - 2014-09-20 10:10 - 00074752 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\goldengate\build\Release\gg.node
2014-09-20 10:10 - 2014-09-20 10:10 - 00402432 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\node_modules\goldengate\build\Release\GOLDENGATE.dll
2014-09-20 10:10 - 2014-09-20 10:10 - 16340144 _____ () C:\Users\PcUser\AppData\Local\Temp\nw1072_27683\plugins\NPSWF32_13_0_0_168.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
==================== Faulty Device Manager Devices =============
Name: ttnfd
Description: ttnfd
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: ttnfd
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/20/2014 10:12:29 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/20/2014 09:43:23 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/20/2014 07:55:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7
Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213
Ausnahmecode: 0x80000003
Fehleroffset: 0x00357aad
ID des fehlerhaften Prozesses: 0x13dc
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 31.0.0.5358, Zeitstempel: 0x540837e7
Name des fehlerhaften Moduls: NPSWF32_15_0_0_152.dll, Version: 15.0.0.152, Zeitstempel: 0x53fe8213
Ausnahmecode: 0x80000003
Fehleroffset: 0x00357aad
ID des fehlerhaften Prozesses: 0xbb8
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: PcUser-PC)
Description: Produkt: Adobe Reader XI (11.0.08) - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011009}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127
System errors:
=============
Error: (09/20/2014 10:12:08 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ttnfd
Error: (09/20/2014 10:12:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/20/2014 10:11:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "cyycfhtzro64" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/20/2014 10:11:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst cyycfhtzro64 erreicht.
Error: (09/20/2014 10:11:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (09/20/2014 10:11:17 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.
Error: (09/20/2014 09:42:01 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ttnfd
Error: (09/20/2014 09:42:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/20/2014 08:47:19 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
ttnfd
Error: (09/20/2014 08:47:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (09/20/2014 10:12:29 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/20/2014 09:43:23 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/20/2014 07:55:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/19/2014 05:13:14 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\PcUser\Desktop\esetsmartinstaller_deu.exe
Error: (09/19/2014 05:13:07 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\PcUser\Downloads\esetsmartinstaller_deu.exe
Error: (09/19/2014 04:49:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aad13dc01cfd418d87e3b37C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll234117ff-400c-11e4-bd3d-001999962e10
Error: (09/19/2014 04:48:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.5358540837e7NPSWF32_15_0_0_152.dll15.0.0.15253fe82138000000300357aadbb801cfd417e0d5d892C:\Program Files (x86)\Deutsche Telekom AG\Browser 7\plugin-container.exeC:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll09ca037a-400c-11e4-bd3d-001999962e10
Error: (09/19/2014 07:54:12 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/18/2014 07:45:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/17/2014 08:07:46 AM) (Source: MsiInstaller) (EventID: 1024) (User: PcUser-PC)
Description: Adobe Reader XI (11.0.08) - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011009}1625(NULL)(NULL)(NULL)
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 31%
Total physical RAM: 3967.61 MB
Available physical RAM: 2733.03 MB
Total Pagefile: 8233.41 MB
Available Pagefile: 6934.52 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:180.32 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C)
Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27)
Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Danke weiterhin für die Unterstützung. Gruß Geändert von root2 (20.09.2014 um 09:57 Uhr) |
|
20.09.2014, 17:33
| #4 |
| /// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Versuch es mal über Windows zu deinstallieren, ansonsten direkt weiter mit Combofix 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.09.2014, 19:42
| #5 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Hi, deinstallieren mit Windows Bordmitteln hat funktioniert. Combofix ist durchgelaufen. Allerdings hat sich ein Programm (PC Speed Maximizer) automatisch beim Neutstart mit gestartet. Anbei das Combofix Logfile. Code:
ATTFilter ComboFix 14-09-18.01 - PcUser 20.09.2014 19:49:00.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3968.2786 [GMT 2:00]
ausgeführt von:: c:\users\PcUser\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\END
C:\LIL49DB.tmp
C:\LIL4A0A.tmp
C:\LIL4A39.tmp
c:\program files (x86)\Probit Software\Easy Speed PC
c:\program files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe
c:\program files (x86)\SaveClicker
c:\programdata\374311380
c:\programdata\374311380\BITEB19.tmp
c:\programdata\IePluginServices
c:\programdata\IePluginServices\PluginService.exe
c:\programdata\SaveClicker
c:\programdata\Setup.exe
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\Administrator\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\PcUser\AppData\Local\Chromatic Browser\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\PcUser\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\PcUser\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\PcUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\ClearThink_iels
c:\users\PcUser\AppData\Local\nsrAD00.tmp
c:\users\PcUser\AppData\Local\nsrAFFC.tmp
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\background.html
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\content.js
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\jCFo.js
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\lsdb.js
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco\2.1\manifest.json
c:\users\PcUser\AppData\Local\Torch\User Data\Default\Preferences
c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com
c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\bootstrap.js
c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\chrome.manifest
c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\content\bg.js
c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\jstrj2otka@kuxbzdmdd-.com\install.rdf
c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\trovi-search.xml
c:\users\PcUser\Desktop\Search.lnk
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_PCSUService
-------\Service_IePluginServices
-------\Service_IePluginServices
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-08-20 bis 2014-09-20 ))))))))))))))))))))))))))))))
.
.
2014-09-20 09:06 . 2014-09-20 09:06 -------- d-----w- c:\users\PcUser\AppData\Local\Diagnostics
2014-09-19 17:12 . 2014-09-19 17:12 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-09-19 15:05 . 2014-09-20 17:43 -------- d-----w- C:\FRST
2014-09-19 05:57 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E1200D46-6B7E-4E29-87B0-3DC8F6728A79}\mpengine.dll
2014-09-11 09:00 . 2014-09-20 09:18 -------- d-----w- c:\program files (x86)\PC Speed Up
2014-09-11 06:42 . 2014-09-11 06:42 10036224 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-10 16:46 . 2014-08-18 23:01 23591424 ----a-w- c:\windows\system32\mshtml.dll
2014-09-10 12:57 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 12:57 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 12:55 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 12:55 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 12:55 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 12:55 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 12:55 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 12:55 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 12:55 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 12:55 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-10 12:55 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-10 06:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-10 06:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-09 06:17 . 2014-09-09 06:17 -------- d-----w- c:\users\PcUser\AppData\Roaming\PC Speed Maximizer
2014-09-09 06:17 . 2014-09-09 06:17 -------- d-----w- c:\users\PcUser\AppData\Roaming\SumatraPDF
2014-09-09 06:13 . 2014-09-09 06:13 -------- d--h--w- c:\users\PcUser\AppData\Roaming\GoldenGate
2014-09-09 06:13 . 2014-09-20 08:49 -------- d-----w- c:\users\PcUser\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 06:13 . 2014-09-20 17:46 -------- d-----w- c:\users\PcUser\AppData\Local\Gameo
2014-09-09 06:13 . 2014-09-09 06:13 -------- d-----w- c:\users\PcUser\AppData\Roaming\Gameo
2014-09-09 06:12 . 2014-07-01 17:37 20872 ----a-w- c:\windows\SysWow64\drivers\DrvAgent64.SYS
2014-09-09 06:12 . 2014-09-20 06:14 -------- d-----w- c:\program files (x86)\DriverRestore
2014-09-09 05:40 . 2014-09-09 05:59 -------- d-----w- c:\users\PcUser\AppData\Local\Genesis_09090540
2014-09-08 09:33 . 2014-09-08 09:33 -------- d-----w- c:\programdata\OEM Links
2014-09-08 09:33 . 2014-09-08 09:33 -------- d-----w- C:\MININT
2014-09-07 09:19 . 2014-09-08 07:56 -------- d-----w- c:\program files\Reimage
2014-09-07 08:59 . 2014-09-07 08:59 -------- d-----w- c:\users\PcUser\AppData\Roaming\DriverFinder
2014-09-06 14:35 . 2014-09-06 14:35 -------- d-----w- c:\programdata\Telekom-Browser 7
2014-09-06 13:00 . 2014-09-07 09:19 -------- d-----w- c:\program files (x86)\ReimageExpress.com
2014-09-06 12:45 . 2014-09-06 12:46 -------- d-----w- c:\program files (x86)\Reimageplus.com
2014-09-06 08:26 . 2014-09-06 08:26 -------- d-----w- c:\program files (x86)\predm
2014-09-05 10:26 . 2014-09-05 10:26 -------- d-----w- c:\users\PcUser\AppData\Local\speed browser
2014-09-05 10:25 . 2014-09-05 10:25 -------- d-----w- c:\programdata\Browser
2014-09-05 06:48 . 2014-09-05 06:48 -------- d-----w- C:\TVWizard
2014-09-05 06:26 . 2014-09-04 17:53 61064 ----a-w- c:\windows\system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys
2014-09-05 06:05 . 2014-09-05 06:05 -------- d-----w- c:\users\PcUser\AppData\Roaming\rightbackup
2014-09-05 06:05 . 2014-09-06 12:55 -------- d-----w- c:\program files (x86)\Bench
2014-09-04 14:56 . 2014-09-20 17:40 -------- d-----w- c:\program files\AllDaySavings
2014-09-04 14:56 . 2014-09-05 06:03 -------- d-----w- c:\users\PcUser\AppData\Roaming\Probit Software
2014-09-04 14:55 . 2014-09-06 12:48 -------- d-----w- c:\program files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-04 14:51 . 2014-09-04 14:51 1994136 ----a-w- c:\users\PcUser\AppData\Roaming\KWHF.exe
2014-09-04 14:51 . 2014-09-20 17:53 -------- d-----w- c:\program files (x86)\Probit Software
2014-09-04 14:50 . 2014-09-04 14:51 -------- d-----w- c:\program files\005
2014-09-04 14:33 . 2014-09-04 14:33 -------- d-----w- C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 14:07 . 2014-09-08 12:18 -------- d--h--w- c:\windows\msdownld.tmp
2014-09-04 05:27 . 2014-09-04 05:27 -------- d-----w- c:\users\PcUser\AppData\Local\com
2014-09-04 05:24 . 2014-09-09 05:59 -------- d-----w- c:\users\PcUser\AppData\Roaming\Activeris
2014-09-03 17:44 . 2014-09-18 16:16 -------- d--h--w- c:\users\Public\Temp
2014-09-03 17:44 . 2014-09-06 08:48 -------- d-----w- c:\users\PcUser\AppData\Local\Smartbar
2014-09-03 17:43 . 2014-09-06 18:50 -------- d-----w- c:\program files (x86)\globalUpdate
2014-09-03 17:43 . 2014-09-06 08:21 -------- d-----w- c:\program files (x86)\videos MediaPlayer+
2014-09-03 17:42 . 2014-09-02 12:11 4823040 ----a-w- c:\windows\score.exe
2014-09-03 13:46 . 2014-09-09 06:12 -------- d-----w- c:\program files (x86)\PC Speed Maximizer
2014-09-03 13:43 . 2014-09-06 08:33 -------- d-----w- c:\programdata\4ef04fb202130dcc
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Torch
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Comodo
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Chromatic Browser
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Torch
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Chromatic Browser
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\PcUser\AppData\Local\Google
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Google
2014-09-03 13:43 . 2014-09-03 13:43 -------- d-----w- c:\users\Administrator\AppData\Local\Comodo
2014-09-03 13:42 . 2014-09-03 13:42 -------- d-----w- c:\users\PcUser\AppData\Local\globalUpdate
2014-09-03 13:41 . 2014-09-06 08:19 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-09-03 13:41 . 2014-09-03 13:42 -------- d-----w- c:\program files (x86)\SupTab
2014-09-03 13:19 . 2014-09-03 00:49 61072 ----a-w- c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys
2014-09-03 13:18 . 2014-09-06 08:26 -------- d-----w- c:\users\PcUser\AppData\Local\fabulous_09031318
2014-09-03 11:31 . 2014-09-03 11:31 -------- d-----w- c:\users\PcUser\AppData\Roaming\ap_logs
2014-09-03 11:31 . 2014-09-06 08:16 -------- d-----w- c:\programdata\Registry Helper
2014-09-03 11:30 . 2014-09-05 06:05 -------- d-----w- c:\programdata\DSearchLink
2014-09-03 11:27 . 2014-09-08 07:41 -------- d-----w- c:\users\PcUser\AppData\Roaming\Systweak
2014-09-03 11:27 . 2014-05-08 10:31 19968 ----a-w- c:\windows\system32\roboot64.exe
2014-09-03 11:15 . 2014-09-03 11:15 -------- d-----w- c:\program files (x86)\Common Files\Umbrella
2014-09-03 11:15 . 2014-09-03 11:15 -------- d-----w- c:\program files (x86)\Common Files\IMGUpdater
2014-09-03 11:14 . 2014-09-05 06:15 -------- d-----w- c:\program files (x86)\FLVM Player
2014-09-02 15:06 . 2014-09-02 15:06 -------- d-----w- c:\users\PcUser\AppData\Local\CrashRpt
2014-09-02 15:06 . 2014-09-11 09:02 -------- d-----w- c:\users\PcUser\AppData\Roaming\QuickScan
2014-09-01 06:38 . 2014-09-01 06:38 -------- d-----w- c:\users\PcUser\AppData\Local\Adobe
2014-08-28 05:47 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 05:47 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 05:47 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-11 06:42 . 2013-09-12 06:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-11 06:42 . 2013-09-12 06:36 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-10 06:17 . 2014-06-06 09:28 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-25 04:53 . 2010-11-21 03:27 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-31 20:20 . 2014-07-31 20:20 46376 ----a-w- c:\windows\system32\drivers\netfilter64.sys
2014-07-25 00:35 . 2014-07-25 00:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 21:47 . 2014-07-24 21:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-16 03:23 . 2014-08-14 18:03 2048 ----a-w- c:\windows\system32\tzres.dll
2014-07-16 02:46 . 2014-08-14 18:03 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-07-14 02:02 . 2014-08-14 18:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-14 18:02 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-14 18:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-14 18:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-14 18:03 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-14 18:03 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
2014-06-30 22:24 . 2014-08-14 18:10 8856 ----a-w- c:\windows\system32\icardres.dll
2014-06-30 22:14 . 2014-08-14 18:10 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-06-25 02:05 . 2014-08-14 18:02 14175744 ----a-w- c:\windows\system32\shell32.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}]
2014-09-03 13:42 515464 ----a-w- c:\program files (x86)\SupTab\SupTab.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Speed Maximizer"="c:\program files (x86)\PC Speed Maximizer\SPMLauncher.exe" [2014-04-28 134968]
"Gameo"="c:\users\PcUser\AppData\Roaming\Gameo\gameo.exe" [2014-08-25 41402880]
"PCSpeedUp"="c:\program files (x86)\PC Speed Up\PCSUNotifier.exe" [2014-08-08 300840]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R1 ttnfd;ttnfd;c:\windows\system32\drivers\ttnfd.sys;c:\windows\SYSNATIVE\drivers\ttnfd.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 ReimageRealTimeProtector;Reimage Real Time Protector;c:\program files\Reimage\Reimage Protector\ReiGuard.exe;c:\program files\Reimage\Reimage Protector\ReiGuard.exe [x]
R3 Browser7Maintenance;Browser 7 Maintenance Service;c:\program files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe;c:\program files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [x]
R3 cpuz134;cpuz134;c:\users\PcUser\AppData\Local\Temp\cpuz134\cpuz134_x64.sys;c:\users\PcUser\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 DrvAgent64;DrvAgent64;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS;c:\windows\SysWOW64\Drivers\DrvAgent64.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S1 {c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64;c:\windows\system32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys;c:\windows\SYSNATIVE\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys [x]
S1 {e6ca9971-30ed-444a-9489-82fca50b2062}Gw64;{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64;c:\windows\system32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys;c:\windows\SYSNATIVE\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys [x]
S1 netfilter64;netfilter64;c:\windows\system32\drivers\netfilter64.sys;c:\windows\SYSNATIVE\drivers\netfilter64.sys [x]
S2 AllDaySavingsService64;AllDaySavingsService64;c:\program files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe;c:\program files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [x]
S2 cyycfhtzro64;cyycfhtzro64;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=CDC27E14-F7CE-431E-BBE0-76C7592FBEF6;c:\program files\005\cyycfhtzro64.exe run options=01110010050000000000000000000000 sourceguid=CDC27E14-F7CE-431E-BBE0-76C7592FBEF6 [x]
S2 GlobalUpdater;GlobalUpdater;c:\program files (x86)\Common Files\IMGUpdater\IMGUpdater.exe;c:\program files (x86)\Common Files\IMGUpdater\IMGUpdater.exe [x]
S2 scores;scores;c:\windows\score.exe;c:\windows\score.exe [x]
S3 IntcHdmiAddService;Intel(R) High Definition Audio HDMI;c:\windows\system32\drivers\IntcHdmi.sys;c:\windows\SYSNATIVE\drivers\IntcHdmi.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2014-09-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-12 06:42]
.
2014-09-04 c:\windows\Tasks\KWHF.job
- c:\users\PcUser\AppData\Roaming\KWHF.exe [2014-09-04 14:51]
.
2014-09-20 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files (x86)\PC Speed Up\PCSUSD.exe [2014-09-11 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7}"="c:\restore\createrestore.exe" [2013-04-30 587912]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mystart.com/?pr=vmn&id=mystarttb&v=5_4&ent=hp_5108&src=5108
mDefault_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uSearchAssistant = hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\PcUser\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{84FF7BD6-B47F-46F8-9130-01B2696B36CB} - (no file)
Wow6432Node-HKLM-Run-mbot_de_53 - (no file)
Wow6432Node-HKLM-Run-Registry Helper - c:\program files (x86)\Registry Helper\RegistryHelper.Exe
Wow6432Node-HKLM-Run-AnyProtect Scanner - c:\program files (x86)\AnyProtectEx\AnyProtect.exe
Wow6432Node-HKLM-Run-OneMoreGame - c:\users\PcUser\AppData\Roaming\OneMoreGame\OMG.exe
BHO-{6CB99040-7828-4C37-AC01-F15758F43E4D} - c:\program files\TermTutor\IE\TermTutorClientIE.dll
AddRemove-RegClean Pro_is1 - c:\program files (x86)\RCP\unins000.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="BrowserHTM"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_152_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_152.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\PC Speed Maximizer\PCSpeedMaximizer.exe
c:\program files (x86)\PC Speed Maximizer\SPMSmartScan.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-09-20 19:58:52 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-09-20 17:58
.
Vor Suchlauf: 13 Verzeichnis(se), 192.494.366.720 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 193.575.473.152 Bytes frei
.
- - End Of File - - 7252965DE256D2885D5DB2FD5B715037
A36C5E4F47E84449FF07ED3517B43A31
Besten Dank. Gruß. |
|
21.09.2014, 09:49
| #6 |
| /// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Alles deinstallieren mit Revo oder Windows. Soweit möglich. Dann: Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ --> Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC |
|
21.09.2014, 15:20
| #7 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Danke, hat alles wunderbar funktioniert, denke ich. Anbei die gewünschten Logs. Aus Größengründen sind die Logs im Anhang als ZIP Datei mit angehängt, da sie sowohl für den Post selbst, als auch für den Anhang zu groß gewesen wären. Bitte kurz Bescheid geben, wenn ich die Logs splitten soll, falls kein Zugriff auf die Anhänge möglich ist. Besten Dank bereits jetzt für den super Support. Gruß Geändert von root2 (21.09.2014 um 15:34 Uhr) |
|
21.09.2014, 19:29
| #8 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Falls es die Sache leichter macht anbei nochmal die Logfiles in gesplitteter Form aufgeteilt auf mehrere Posts. MBAM Log Teil 1: Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 21.09.2014 Suchlauf-Zeit: 15:22:59 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.09.21.03 Rootkit Datenbank: v2014.09.19.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: PcUser Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 333749 Verstrichene Zeit: 6 Min, 51 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 4 PUP.Optional.AdPeak.A, C:\Program Files\005\cyycfhtzro64.exe, 1572, Löschen bei Neustart, [9bac09e71b60112548b69b51e02410f0] PUP.Optional.IMGUpdater.A, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, 1648, Löschen bei Neustart, [1334b53b205b0135699e286d7e839a66] Trojan.Agent, C:\Windows\score.exe, 1704, Löschen bei Neustart, [6dda5f91c4b779bd55546e4ff40d04fc] PUP.Optional.Adpeak.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe, 1536, Löschen bei Neustart, [0e39ea06a6d5a49222cb947c956e748c] Module: 0 (No malicious items detected) Registrierungsschlüssel: 94 PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\cyycfhtzro64, In Quarantäne, [9bac09e71b60112548b69b51e02410f0], PUP.Optional.IMGUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GlobalUpdater, In Quarantäne, [1334b53b205b0135699e286d7e839a66], Trojan.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\scores, In Quarantäne, [6dda5f91c4b779bd55546e4ff40d04fc], PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, In Quarantäne, [85c2ba36d2a96bcb86bb4f4e42bf30d0], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\CLSID\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3DD26F46-6B41-49B2-878E-1883411BBB59}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{733413F4-5FB9-4EE9-8536-BF7AB1731A19}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.TermTutor.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{6CB99040-7828-4C37-AC01-F15758F43E4D}, In Quarantäne, [05428070512a9a9ca41b1a6e50b26a96], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\CLSID\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject.1, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.BrowserHelperObject, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.BrowserHelperObject.1, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}, In Quarantäne, [79cebc34cdae1c1a2fafaa18d23050b0], PUP.Optional.VMNToolBar.A, HKLM\SOFTWARE\CLASSES\CLSID\{ccb24e92-62c4-4c53-95d2-65f9eed476bc}, In Quarantäne, [5ee917d9601b0d29c73d01c403ff9c64], PUP.Optional.VMNToolBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{CCB24E92-62C4-4C53-95D2-65F9EED476BC}, In Quarantäne, [5ee917d9601b0d29c73d01c403ff9c64], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [e85f8a6680fbeb4b48d32e61f9096997], PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, In Quarantäne, [e85f8a6680fbeb4b48d32e61f9096997], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\CLASSES\IESmartBar.BHO, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.QuickShare.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IESmartBar.BHO, In Quarantäne, [ec5b648c5e1d95a1778923a04ab8cd33], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [7fc82fc1f685f1450185117d1fe3eb15], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [7fc82fc1f685f1450185117d1fe3eb15], PUP.Optional.Snapdo.T, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [b493a8480c6f58defaf0576f2ad8c63a], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [b493a8480c6f58defaf0576f2ad8c63a], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [46017f710d6e14227db593f7a16160a0], PUP.Optional.Babylon.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [3b0c0ee24b302c0a3ec5a3e7eb17659b], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [f7500de3fb8075c176414e7509f9669a], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [82c508e8106bfd39477103c0fa08e41c], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{84FF7BD6-B47F-46F8-9130-01B2696B36CB}, In Quarantäne, [5ceb5898c0bb41f56ce0c6fd936fdf21], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64, In Quarantäne, [c285b33d02792313121220f08d7639c7], PUP.Optional.Sanbreel.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64, In Quarantäne, [c97e9f5182f90036d84c13fd6c97f808], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\AllDaySavings, In Quarantäne, [1b2c3ab6364573c3eefccf41d13243bd], PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, In Quarantäne, [b295e10f9cdf51e5fadb4af0a55ec23e], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, In Quarantäne, [d770b838fb807eb8a98d194c9e66ed13], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender, In Quarantäne, [7dca747c8feced4943fa0b4642c2d030], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\IminentWebBooster.ScriptExtender.1, In Quarantäne, [0d3a9060a1da3204b08da9a81ce87c84], PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, In Quarantäne, [d077b937c6b5b08689963f1a0df76997], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, In Quarantäne, [9aad1bd5166514228d14c3b140c44eb2], PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, In Quarantäne, [a3a48e62d1aa4aec752bff7533d1966a], PUP.Optional.Adpeak.A, HKLM\SOFTWARE\WOW6432NODE\AllDaySavings, In Quarantäne, [31167e725f1cb680e802ee2241c2c937], PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, In Quarantäne, [034429c7bbc057df9b3a6aa17291be42], PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MYBESTOFFERSTODAY, In Quarantäne, [f1566f810f6c3600ceb6b85321e243bd], PUP.Optional.SafetySearch.A, HKLM\SOFTWARE\WOW6432NODE\SafetySearch, In Quarantäne, [dc6ba54bf9821125829830e00cf750b0], PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, In Quarantäne, [86c1846cd5a6340271dd7ff10cf835cb], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [b790de12adcef145b85b1af036cdf709], PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\webssearchesSoftware, In Quarantäne, [17305f91de9d1b1bdb99b6772dd68977], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Iminent, In Quarantäne, [60e720d01f5c49ed8fa7f372d4305aa6], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender, In Quarantäne, [7bccdf115f1ce254e657cb8657adae52], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\IminentWebBooster.ScriptExtender.1, In Quarantäne, [fd4ac927601be94dfa4357fa659f25db], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\Iminent.WebBooster.InternetExplorer.DLL, In Quarantäne, [291e7e725b202b0ba07f92c79074946c], PUP.Optional.VNMToolbar.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\dghncoeocefmhkhiphdgikkamjeglbfh, In Quarantäne, [ae999f51156696a0acdce72e34cfc739], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\ehhlaekjfiiojlddgndcnefflngfmhen, In Quarantäne, [e95e6d836b10999dc9b07c89e41f40c0], PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\nbljechdpodpbchbmjcoamidppmpnmlc, In Quarantäne, [d275c927403bec4a2c4ce61f3dc641bf], PUP.Optional.IMGUpdater.A, HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER, In Quarantäne, [46012bc53e3dbc7a7069fe1c709339c7], PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [4700d41c2853c472dbad65b1d62dd32d], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [31169c543b4058dec21d44c549ba53ad], PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, In Quarantäne, [ed5a529e1665d75f32e09773e81b9c64], PUP.Optional.RegCleanPro.A, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\RegClean Pro, In Quarantäne, [ec5bd818a1da53e33407fe1640c36997], PUP.Optional.SystemSpeedup, HKLM\SOFTWARE\WOW6432NODE\SYSTWEAK\ssd, In Quarantäne, [d176975902793ef8d8bb5eb6659eca36], PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA, In Quarantäne, [c87fd818116a58ded001242d3cc847b9], PUP.Optional.Adpeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\AllDaySavingsService64, In Quarantäne, [0e39ea06a6d5a49222cb947c956e748c], PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD, In Quarantäne, [1e29945cf3889c9a06c82de2d82b4ab6], PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, In Quarantäne, [55f238b8413ae5518ae87a8dd82b20e0], PUP.Optional.BrowsersApp.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Browsers Apps -, In Quarantäne, [f15658985d1ee5517e2bf01e3fc4827e], PUP.Optional.1ClickMovieDownload.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\ClickMovie1-Downloaderv10, In Quarantäne, [36119957d4a75dd93109838ea45fd32d], PUP.Optional.ClipHD.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Clip-High_D_06, In Quarantäne, [5bec935d0c6f1f17e55082970bf8ae52], PUP.Optional.SmartSaver.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 21, In Quarantäne, [64e318d8700bd0667882ba79a36021df], PUP.Optional.VideosMediaPlayer.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlayer+, In Quarantäne, [49fe747c5b2079bdf858f413b84b817f], PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [ca7d2bc5a8d3e155246dde7364a0a45c], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [a89f42ae8bf0f73fa82ebd7de51e33cd], PUP.Optional.WebSearches.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [ea5de709770447efdff050bbc93a946c], PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, In Quarantäne, [301705eb5c1fdd5910985f147094af51], PUP.Optional.MultiIE.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, In Quarantäne, [82c5ae42374486b0515ca2cba85c20e0], PUP.Optional.VideosMediaPlayer.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\videos MediaPlayer+, In Quarantäne, [2a1d4ca41269be78a7a9e91e06fd6a96], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [3b0c9b55295265d1627f97a2768d55ab], PUP.Optional.InstallCore.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [9fa801ef16656cca28193c14c341ca36], PUP.Optional.Ciuvo.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\ciuvo.com, In Quarantäne, [6fd85b95f8831224fa4bbc5ac142e818], PUP.Optional.SuperFish.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com, In Quarantäne, [e85f37b95c1f42f4ef55be5824dfd62a], PUP.Optional.Iminent.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, In Quarantäne, [7ec9ca26abd01e18d4cf4fd6c43f7789], PUP.Optional.Superfish.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\DOMSTORAGE\superfish.com, In Quarantäne, [7ccbe40c7efd14220da8680d5aaab947], PUP.Optional.FastStart.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [e562ae420a71171f43c0b15659aacf31], PUP.Optional.Softonic.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [074035bbb2c978bea46c4fdabc47ee12], PUP.Optional.RegCleanerPro.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\RegClean Pro, In Quarantäne, [91b645abe19a22144e98163f7d877e82], PUP.Optional.SystemSpeedup, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, In Quarantäne, [00479f5188f30b2ba6ec967ea261c63a], Registrierungswerte: 14 PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [371036ba3a41c274683645c358ab8878] PUP.Optional.IMGUpdater.A, HKLM\SOFTWARE\WOW6432NODE\IMGUPDATER|ConfigBlockJSN, { "MAIN_SWITCH" : true, "UPDATABLE" : { "064A36CC-4404-42F9-B26E-3BFD515F2447" : { "lastupdated" : 0, "mindeltatime" : 259200 }, "2C200CBA-D536-40C8-902D-9C34FD10AD85" : { "lastupdated" : 0, "localversion" : "0", "mindeltatime" : 259200 }, "4C973056-22D8-488C-A358-AEA00CC2EC7D" : { "lastupdated" : 0, "mindeltatime" : 259200 } } } , In Quarantäne, [46012bc53e3dbc7a7069fe1c709339c7] PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [da6d8e621764e056ccd225e355aee21e] PUP.Optional.TermTutor.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|termtutor@termtutor.com, C:\Program Files (x86)\Mozilla Firefox\extensions\termtutor@termtutor.com, In Quarantäne, [87c0d21e6417270f2a4650b71be8c33d] PUP.Optional.FastStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|faststartff@gmail.com, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com, In Quarantäne, [56f10be5d7a414220660402fa55f29d7] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [4700d41c2853c472dbad65b1d62dd32d] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [31169c543b4058dec21d44c549ba53ad] PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, bdo, In Quarantäne, [ed5a529e1665d75f32e09773e81b9c64] PUP.Optional.Umbrella.A, HKLM\SOFTWARE\WOW6432NODE\UMBRELLA|MUpdBlock, { "MASSUPDATE" : { "CHROME_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 1 }, "FIREFOX_MBAR" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 3 }, "IEXPLORE_BHO" : { "Checked" : 1, "RetryIdx" : 0, "Version" : 4 } } } , In Quarantäne, [c87fd818116a58ded001242d3cc847b9] PUP.Optional.IMGUpdater.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GLOBALUPDATER|ImagePath, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, In Quarantäne, [97b0e9076417f73fbae198836f9411ef] PUP.Optional.SearchProtect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SPPD|ImagePath, \??\C:\Windows\system32\drivers\SPPD.sys, In Quarantäne, [1e29945cf3889c9a06c82de2d82b4ab6] PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, In Quarantäne, [55f238b8413ae5518ae87a8dd82b20e0] PUP.Optional.InstallCore.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1N1M, In Quarantäne, [9fa801ef16656cca28193c14c341ca36] PUP.Optional.FastStart.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [e562ae420a71171f43c0b15659aacf31] Registrierungsdaten: 8 PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),Ersetzt,[a3a41fd1720968cec57c7825af52629e] PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, Gut: (), Schlecht: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll),Ersetzt,[b592fcf4e49762d49ca5663706fba35d] PUP.Optional.WebsSearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://istart.webssearches.com/web/?type=ds&ts=1409842302&from=obw&uid=WDCXWD2500AAJS-07M0A0_WD-WMAV2DU1265412654&q={searchTerms}),Ersetzt,[82c51bd5eb901323eb616c916b99649c] PUP.Optional.SnapDo.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MRw,,&q={searchTerms}),Ersetzt,[92b511df1e5d77bf7c0bd528f212c43c] PUP.Optional.Trovi.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=55&CUI=&UM=6&UP=SP112CE4EF-E5BD-45FB-ABB0-95811604E4E9&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=55&CUI=&UM=6&UP=SP112CE4EF-E5BD-45FB-ABB0-95811604E4E9&SSPV=),Ersetzt,[380f43adde9ddf573587ed0f3bc9c53b] PUP.Optional.Snapdo, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}),Ersetzt,[3b0cac442754092def00000615f0629e] PUP.Optional.Snapdo, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}),Ersetzt,[0c3b39b7ef8c9a9cc22e32d4e61fc13f] PUP.Optional.SnapDo.A, HKU\S-1-5-21-3299499388-507950971-3432295107-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3eDgJ_l4MkPpONrsnaOi2aKJtss8TtA0GPrLhjCU0ALyib4jnlq109wosoT5F3TUS5eDDBEVsm9WlbCJFlcWYKrfpB9DipEMvosDUOqnmrEE1xLL646Penf6gjruOKEuDU0hyggl6E55d-bHbV4ytN2XwtR4MQA,,&q={searchTerms}),Ersetzt,[cb7c965a5922dd59a4e4a65753b1e917] Ordner: 131 PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Löschen bei Neustart, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb], PUP.Optional.SmartBar.A, C:\Users\Minnich\AppData\Local\Smartbar, In Quarantäne, [55f26a8628538ea88932c3132ad8d729], PUP.Optional.SmartBar.A, C:\Users\Minnich\AppData\Local\Smartbar\Application, In Quarantäne, [55f26a8628538ea88932c3132ad8d729], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de, In Quarantäne, [05425799255687afeb6d2cab22e0e818], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect, Löschen bei Neustart, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect, Löschen bei Neustart, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\STG, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\UI, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en-US, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es-419, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it-CH, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pl, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\tr, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\vi, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults\preferences, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61], PUP.Optional.SystemSpeedup, C:\Users\Minnich\AppData\Roaming\Systweak\ssd, In Quarantäne, [89bec22ecface74f119558973ec4bf41], PUP.Optional.Fabulous.Discounts.T, C:\Users\Minnich\AppData\Local\fabulous_09031318, In Quarantäne, [e76048a8dd9ec17506d51ed28c7659a7], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\_locales, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\_locales\en-US, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs, In Quarantäne, [2e190fe14338132349281fd370928b75], PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings, In Quarantäne, [e26507e982f941f54b3fcb27d72b49b7], PUP.Optional.Adpeak.A, C:\Program Files\AllDaySavings\SSL, In Quarantäne, [e26507e982f941f54b3fcb27d72b49b7], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW, In Quarantäne, [272003edf388320438ea8c69887adf21], PUP.Optional.CrossRider.A, C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb, In Quarantäne, [ba8d8a664932f1457e422fc83ec4fb05], PUP.Optional.CrossRider.A, C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnanplinmmnjhobaliikmelmmjpoogkb\1.26.39_0, In Quarantäne, [ba8d8a664932f1457e422fc83ec4fb05], PUP.Optional.GenesisOffers, C:\Users\Minnich\AppData\Local\Genesis_09090540, In Quarantäne, [074099579edd0333d2f5ce2b53afca36], PUP.Optional.FLVMPlayer, C:\Program Files (x86)\FLVM Player, In Quarantäne, [d275aa4655268bab9af9feff4bb736ca], PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+, In Quarantäne, [69dee10f413ab2840b228b75c340926e], PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink, In Quarantäne, [3710747c3e3d4fe716277888a75cd52b], PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2], |
|
21.09.2014, 19:33
| #9 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC MBAM Log Teil 2: Code:
ATTFilter Dateien: 418
PUP.Optional.AdPeak.A, C:\Program Files\005\cyycfhtzro64.exe, Löschen bei Neustart, [9bac09e71b60112548b69b51e02410f0],
PUP.Optional.IMGUpdater.A, C:\Program Files (x86)\Common Files\IMGUpdater\IMGUpdater.exe, Löschen bei Neustart, [1334b53b205b0135699e286d7e839a66],
Trojan.Agent, C:\Windows\score.exe, Löschen bei Neustart, [6dda5f91c4b779bd55546e4ff40d04fc],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe, Löschen bei Neustart, [85c2ba36d2a96bcb86bb4f4e42bf30d0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Löschen bei Neustart, [70d745abe695ea4c6bd6acf171907d83],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Löschen bei Neustart, [bc8b6d833b405dd9073a920b857c40c0],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll, Löschen bei Neustart, [390e539dee8d2b0b94ad7e1f9e637888],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll, In Quarantäne, [a3a41fd1720968cec57c7825af52629e],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll, In Quarantäne, [b592fcf4e49762d49ca5663706fba35d],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\SupTab.dll, In Quarantäne, [7fc82fc1f685f1450185117d1fe3eb15],
PUP.Optional.Delta.A, C:\ProgramData\DSearchLink\DSearchLink.exe, In Quarantäne, [252258987209c67069a90ead4abafe02],
PUP.Optional.HQPure.A, C:\Users\Minnich\AppData\Roaming\KWHF.exe, In Quarantäne, [f15659972f4ca690b834427890717789],
PUP.Optional.NSXgen, C:\Program Files (x86)\Reimageplus.com\reiextsetup.exe, In Quarantäne, [430410e0c1ba38fece9663553bc640c0],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface32.dll, In Quarantäne, [88bfeb053c3f0e28a1ed2a6c44bd0df3],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\DpInterface64.dll, In Quarantäne, [87c0be32ee8d91a592fc65312ed3e818],
PUP.Optional.IEPluginService.A, C:\Program Files (x86)\SupTab\RSHP.exe, In Quarantäne, [7acdbe3263182016e9d275041de44cb4],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect32.dll, In Quarantäne, [44034ba5abd07eb8bdd1781e8a778c74],
PUP.Optional.Skytech.A, C:\Program Files (x86)\SupTab\SearchProtect64.dll, In Quarantäne, [76d1cb25275441f5eea05e3840c18b75],
PUP.Optional.IePluginService.A, C:\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe, In Quarantäne, [242313ddb3c8a88eac67bfa8976aeb15],
PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+\videos MediaPlayer+-bg.exe, In Quarantäne, [57f0bd339cdfb38309598436fa07ad53],
PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+\videos MediaPlayer+-bho.dll, In Quarantäne, [c18631bf2c4f4cea2b37a911d72a57a9],
PUP.Optional.VideosMediaPlayer.A, C:\Program Files (x86)\videos MediaPlayer+\videos MediaPlayer+-bho64.dll, In Quarantäne, [a99ef4fc5229cd691c46ae0cbb464fb1],
PUP.Optional.OptimunInstaller, C:\Users\Minnich\Downloads\javaupdate_setup.exe, In Quarantäne, [ba8d638d7209ee486b6d72d7659b48b8],
PUP.Optional.DomaIQ, C:\Users\Minnich\Downloads\Setup(1).exe, In Quarantäne, [e265c32daecd73c3e5b8cd8609f7e818],
PUP.Optional.DomaIQ, C:\Users\Minnich\Downloads\Setup.exe, In Quarantäne, [291e39b78bf045f1e4b9c48f1ee2b64a],
PUP.Optional.SearchProtect.A, C:\Windows\AppPatch\AppPatch64\SPVCLdr64.dll, In Quarantäne, [cf78ef01710afe3870d16439a06112ee],
PUP.Optional.OnlySearch.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\searchplugins\onlysearchkms.xml, In Quarantäne, [153226ca81faf83edae10aff1de69a66],
PUP.Optional.Iminent.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\firefoxmini@go.im.xpi, In Quarantäne, [182f8a66a2d90531b011c9427d864db3],
PUP.Optional.RegCleanerPro, C:\Windows\System32\Tasks\ASP, In Quarantäne, [86c135bbdba0a88e31aedf2dbe4553ad],
PUP.Optional.IStartSurf.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml, In Quarantäne, [98aff9f7651648ee1af042cb907333cd],
PUP.Optional.Proxy.A, C:\Users\Minnich\AppData\Local\proxy.log, In Quarantäne, [2324b838ee8df145bb768489778c9769],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{c5e48979-bd7f-4cf7-9b73-2482a67a4f37}Gw64.sys, In Quarantäne, [c285b33d02792313121220f08d7639c7],
PUP.Optional.Sanbreel.A, C:\Windows\System32\drivers\{e6ca9971-30ed-444a-9489-82fca50b2062}Gw64.sys, In Quarantäne, [c97e9f5182f90036d84c13fd6c97f808],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\Register RegClean Pro.lnk, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro entfernen.lnk, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2],
PUP.Optional.RegCleanPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro\RegClean Pro.lnk, In Quarantäne, [52f523cd46351e189c5273ae7b884eb2],
PUP.Optional.Iminent.A, C:\Program Files (x86)\Common Files\Umbrella\Umbrella268.exe, In Quarantäne, [113647a9196288ae44b8cd5f689b15eb],
PUP.Optional.Iminent.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\StartWeb.xml, In Quarantäne, [3c0be7093348de58f45744f56a9921df],
PUP.Optional.MyStartTB.A, C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\mystarttb.xml, In Quarantäne, [54f3549c87f4ef47be93a991af54b44c],
PUP.Optional.Iminent.A, C:\Program Files (x86)\Mozilla Firefox\defaults\pref\all-iminent.js, In Quarantäne, [c48346aa611a7bbb4e58f85551b3d62a],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\EULA.txt, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep\SystemRepository.dat, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\style.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\consent.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Consent\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgUninstall.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def-grey.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-default.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-onclick.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Apply-Rollover.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-dia.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-uninstall.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg-with-logo.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bg.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgNotif.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettings.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\bgSettingsDS.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnBlue.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnClose.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\btnSilver.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\button-bg.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_checked.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\checkbox_def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\close-win-over-click.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\gray-bg.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez-selected.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\hez.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\icon-win.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\info-icon.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-rollover.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\menu-selected.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-def.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button-selected.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\radio-button2.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\Settings-icon.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\SP_DialogBG.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\text-field.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\v.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images\x.png, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\dialogUtils.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\jquery.1.7.1.min.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\json2.min.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\main.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs\SPDialogAPI.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection\protection.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS\protectionDS.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings\settings.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\defaults.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.css, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.html, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall\uninstall.js, In Quarantäne, [90b715dbf7848da95fea74e60cf835cb],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [5dea04ec4c2fef47baea90e4a0644fb1],
PUP.Optional.Adpeak.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe, Löschen bei Neustart, [0e39ea06a6d5a49222cb947c956e748c],
PUP.Optional.SmartBar.A, C:\Users\Minnich\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll, In Quarantäne, [55f26a8628538ea88932c3132ad8d729],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup0.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup3.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup4.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\backup6.bin, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\ExcludeList.rcp, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\German_rcp.dat, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\log_09-03-2014.log, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\rcpupdate.ini, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\results.rcp, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\TempHLList.rcp, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rmx, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\Partial Backups\00000001.rxb, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.RegCleanerPro.A, C:\Users\Minnich\AppData\Roaming\Systweak\RegClean Pro\Version 6.1\voice\de\voice.wav, In Quarantäne, [05425799255687afeb6d2cab22e0e818],
PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f],
PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f],
PUP.Optional.SearchProtect.A, C:\Users\Minnich\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [4ef9e709e992ca6c34616b8154ae817f],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome.manifest, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\install.rdf, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\index.html, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\quick_start.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\quick_start.xul, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\speed_dial.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\about_blank_hook.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\misc.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\popup_image_helper.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\include\tools\urlrequestor.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\js.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib\doT.min.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery-2.1.0.min.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\lib\jquery.autocomplete.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\hotSearch.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\mostgrid.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\search.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\module\stat.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack\common.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack\ga.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\content\js\pack\xagainit.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\en-US\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\es-419\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-BE\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CA\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-CH\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\fr-LU\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\it-CH\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pl\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\pt-BR\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\ru-MO\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\tr\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\vi\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-CN\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\locale\zh-TW\locale.properties, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\default_logo.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\googlelogo.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\google_trends.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\icon.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\loading.gif, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\logo.png, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\newtab.ico, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\simple.css, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\chrome\skin\style.css, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults\preferences\fvd.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\defaults\preferences\preferences.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\addonmanager.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\aes.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\config.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\dialogs.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\last_tab.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\misc.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\properties.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\remoterequest.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\restoreprefs.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.FastStart.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\faststartff@gmail.com\modules\settings.js, In Quarantäne, [1532816fa9d243f3ae18da13ab575ca4],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-03[15-41-58-052].log, In Quarantäne, [e067ee02b4c7122441c3dc13eb179f61],
PUP.Optional.SystemSpeedup, C:\Users\Minnich\AppData\Roaming\Systweak\ssd\SSDPTstub.exe, In Quarantäne, [89bec22ecface74f119558973ec4bf41],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\bootstrap.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\chrome.manifest, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\install.rdf, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\background.9.5.7.jsm, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\background.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\browser.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\header.9.5.7.jsm, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\header.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\browser\timer.jsm, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_de.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_en-gb.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_en_us.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_fr.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_he.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_it.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_pt-br.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_ru.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\data\favorites_tr.json, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\crypto-js.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery-2.1.0.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.autocomplete.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.balloon.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.fittext.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.Jcrop.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\jquery.simplecolorpicker.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\mustache.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\string.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\external\underscore-min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\gallery.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\gallery.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\newtab.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\content\newtab\newtab.min.js, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\foundation.min.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\indicator.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\Jcrop.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\jquery.autocomplete.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\jquery.Jcrop.min.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\jquery.simplecolorpicker.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\external\normalize.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\arrow-gallery-cat-selected.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\arrow.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\emptyArea.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\gallery.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\gallery_templates.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\icon-gallery-search.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\not_available_32.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\plus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\gallery\X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons\16.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons\32.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\icons\64.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\buttons.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\footer.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\header.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\list.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\newtab.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\search.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\css\themes.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-2.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-bar.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-medium.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader-small.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\ajax-loader.gif, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\arrow-footer.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\arrow-header.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\attachment.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\close-bar2.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\close.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\edit-button.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-apps-dark.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-apps.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-close.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-contents-light.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-contents.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-edit.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-layout.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-plus-dark.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-plus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-right.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-search.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-settings.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\icon-theme.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\menu_v.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\menu_v_white.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\x-button.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\arab_tile.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\batthern_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\bo_play_pattern_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\dark_wood_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\diagonal_striped_brick.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\escheresque_ste_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\gold_scale.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\purty_wood_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\readme.txt, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\starring_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\tileable_wood_texture_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\weave_@2X.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\wild_oliva_@2X.jpg, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\images\patterns\woven.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources\groups.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources\list.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\newtab\resources\menu.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\activetabs.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\favorites.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\layout.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\modal-fav-add.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\modal-fav-edit.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\modal-fav-group.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\readitlater.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\recentlyclosed.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\theme.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\css\webapps.css, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\bookmarks.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\download.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\downloads.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\downloas.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\extensions.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\history.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\settings.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\chrome\trash.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites\empty.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites\error.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\favorites\shadow.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\contactus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\facebook.ico, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\rateus.png, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\images\info\twitter.ico, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\activetabs.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\favorites.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\layout.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\modal-fav-add.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\modal-fav-edit.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\modal-fav-group.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\readitlater.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\readitlater_content.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\readitlater_menu.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\recentlyclosed.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\theme.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\webapps.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\skin\plugins\resources\webapps_contextmenu.html, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\extensions\{73843edf-1075-4a55-947c-e13e0dc9349e}\_locales\en-US\translations.dtd, In Quarantäne, [3d0a18d886f59f976b0533bfba4802fe],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav-groups, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\favs##e772710adb81c6d279f230dc32cb4135, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\redirects, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\855c31e799b8ea47263c5f03576135c7, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\0ebbe2ca1048db1f9f7eb86fcb5a86ab, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\129ba1f18a30101036f2a44edc8158a7, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\2128d6ad825134ff6be62c16bf06685f, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\58bf1114897c81e4ddfa70bfc953d334, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6a7a1d99b0843521668176547a9270d9, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6c89ae1b8607d2e435e2bb60d5d11dad, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6dff9f32ff79e1b286ccb5bde1202dfb, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\6f759a4bd3cad59498a470569a16e7f0, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\9623fed0cb0405769fa92250d3a7847c, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\986b3987ac2891f56a84449ccf1ed50b, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\9d0ef6f05a61e592bd30126b65f06399, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\c968bf6abf6d2f76c8cf6938e8761f42, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\cfc7e49dd22193d90fb50d245b1f6c90, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\e0a63eb99d3922f986330f66c05b97de, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.Groovorio.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\nspdlgrvrio\fav_thumbs\e790cf7a56c57d597a2ebc9dc36aeffa, In Quarantäne, [2e190fe14338132349281fd370928b75],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\HpUI.exe, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\ient.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\install.data, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader32.exe, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\Loader64.exe, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcp110.dll, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\msvcr110.dll, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\uninstall.exe, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll32.dll, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\WindowsSupportDll64.dll, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\bk_shadow.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\btn.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\close.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\main.xml.bak, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_box.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\ck_check.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_bk.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\skin\image\radio_check.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\data.html, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE.html, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\indexIE8.html, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\main.css, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\ver.txt, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\google_trends.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon128.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon16.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\icon48.png, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\loading.gif, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\img\logo32.ico, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\common.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\ga.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery-1.11.0.min.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\jquery.autocomplete.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\js.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\library.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit-ie8.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\js\xagainit2.0.js, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\en-US\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-419\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\es-ES\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-BE\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CA\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-CH\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-FR\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\fr-LU\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-CH\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\it-IT\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pl\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\pt-BR\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\ru-MO\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\tr-TR\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\vi-VI\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-CN\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.SupTab.A, C:\Program Files (x86)\SupTab\web\_locales\zh-TW\messages.json, In Quarantäne, [272003edf388320438ea8c69887adf21],
PUP.Optional.DSearchLink.A, C:\ProgramData\DSearchLink\Search.lnk, In Quarantäne, [3710747c3e3d4fe716277888a75cd52b],
PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\libeay32.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2],
PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\nfapi.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2],
PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ProtocolFilters.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2],
PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\ssleay32.dll, Löschen bei Neustart, [8bbc618f522960d66288639e30d30ef2],
PUP.Optional.Trovi.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP112CE4EF-E5BD-45FB-ABB0-95811604E4E9");), Ersetzt,[cf78589845363df991cd74c6fd08e41c]
PUP.Optional.CrossRider.A, C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.crossrider.bic", "1483bc0d82ce7c79a8696560a94538d5");), Ersetzt,[6cdb638d89f24cea2797bd7da75eef11]
Physische Sektoren: 0
(No malicious items detected)
(end)
Code:
ATTFilter # AdwCleaner v3.310 - Bericht erstellt am 21/09/2014 um 15:40:31
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Minnich - MINNICH-PC
# Gestartet von : C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : netfilter64
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\TVWizard
Ordner Gelöscht : C:\ProgramData\Browser
Ordner Gelöscht : C:\ProgramData\Registry Helper
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InetStat
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\Bench
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Program Files (x86)\Probit Software
Ordner Gelöscht : C:\Program Files (x86)\Common Files\IMGUpdater
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Program Files\Reimage
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\torch
Ordner Gelöscht : C:\Users\Minnich\AppData\Local\Chromatic Browser
Ordner Gelöscht : C:\Users\Minnich\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Minnich\AppData\Local\torch
Ordner Gelöscht : C:\Users\Minnich\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\Activeris
Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\ap_logs
Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\Probit Software
Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\rightbackup
Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\simplitec
Ordner Gelöscht : C:\Users\Minnich\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Minnich\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\Minnich\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco
Datei Gelöscht : C:\Windows\SysWOW64\RegistryHelperLM.ocx
Datei Gelöscht : C:\Windows\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Minnich\AppData\Roaming\aps.uninstall.scan.results
Datei Gelöscht : C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\user.js
***** [ Tasks ] *****
Task Gelöscht : ASP
Task Gelöscht : LaunchSignup
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Minnich\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.bandobjectattribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.dockingpanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.iesmartbarbandobject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbardisplaystate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iesmartbar.smartbarmenuform
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A9CAF365-EA35-45DA-BD8B-2EFA09D374AC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5C176BA0-6FC0-4EBD-8ACF-24AC592506B6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{C3AFAA96-AC05-E73F-7C2C-592C2DDA4DDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CC865B26-C31D-4D23-B17B-96548EEF03F6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Schlüssel Gelöscht : HKCU\Software\AnyProtect
Schlüssel Gelöscht : HKCU\Software\ClickConnect
Schlüssel Gelöscht : HKCU\Software\eSupport.com
Schlüssel Gelöscht : HKCU\Software\Fabulous
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\MyBestOffersToday
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Tune
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\AdvertisingSupport
Schlüssel Gelöscht : HKLM\SOFTWARE\EZ Software Updater
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Registry Helper
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Tune
Schlüssel Gelöscht : HKLM\SOFTWARE\Tutorials
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\AllDaySavings
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v32.0.2 (x86 de)
[ Datei : C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3331213&octid=EB_ORIGINAL_CTID&ISID=M4E3EA60A-2801-4BD7-9720-DEC41FBC6C39&SearchSource=69&CUI=&SSPV=&Lay=1&UM=6&UP=SP112CE4EF-E5BD-45F[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1483bc0d82ce7c79a8696560a94538d5");
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Zeile gelöscht : user_pref("extensions.helperbar.Visibility", false);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCapacity", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageCounter", 0);
Zeile gelöscht : user_pref("extensions.helperbar.backPageDay", 3);
Zeile gelöscht : user_pref("extensions.helperbar.backPageLastEvent", "1409594197345");
Zeile gelöscht : user_pref("extensions.helperbar.backPageMinInterval", 15);
Zeile gelöscht : user_pref("extensions.helperbar.barcodeid", "148594");
Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "ob_119_ch");
Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\",\\\".search.yahoo.com\\\\\\/yhs\\\\\\/search?hspart=lkry\\\",\\\"www.only-apart[...]
Zeile gelöscht : user_pref("extensions.helperbar.fromautoupdate", "false");
Zeile gelöscht : user_pref("extensions.helperbar.installationid", "84f4b8f1-a21b-e236-bcfd-a0f084f562de");
Zeile gelöscht : user_pref("extensions.helperbar.installdate", "03/09/2014");
Zeile gelöscht : user_pref("extensions.helperbar.iswinxp", "false");
Zeile gelöscht : user_pref("extensions.helperbar.keepAliveLastevent", "1409766997");
Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1409837982711");
Zeile gelöscht : user_pref("extensions.helperbar.publisher", "shoppinghelper");
Zeile gelöscht : user_pref("extensions.m8B5c.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"warnalert11.com\")>-1||url.indexOf(\"sumorobo.n[...]
Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
Zeile gelöscht : user_pref("iminent.BirthDate", "1409742909");
Zeile gelöscht : user_pref("iminent.LayoutId", "1");
Zeile gelöscht : user_pref("iminent.ShowThankyouPixel", "0");
Zeile gelöscht : user_pref("iminent._oaZGabJJ8Q_", "{\"cpt\":0,\"cpr\":0,\"s\":0,\"es\":1}");
Zeile gelöscht : user_pref("iminent.enableToolbar", "false");
Zeile gelöscht : user_pref("iminent.enabledAds", "obsolete");
Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"b7110a40-a16f-4a12-a411-bd0b6014905a\",\"name\":\"Superfish\",\"addonId\":2,\"url\":\"//www.superfish.com/ws/sf_main.jsp\",\"queryStri[...]
Zeile gelöscht : user_pref("iminent.newtabredirect", "true");
Zeile gelöscht : user_pref("iminent.nomsi", "true");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent101", "1411144780004");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent102", "1410156663137");
Zeile gelöscht : user_pref("iminent.registerToolbarEvent140", "1410079337805");
Zeile gelöscht : user_pref("iminent.searchindex", "1");
Zeile gelöscht : user_pref("iminent.trackingInfo", "{\"state\":0,\"samplingRate\":0}");
Zeile gelöscht : user_pref("iminent.version", "8.38.3.2");
Zeile gelöscht : user_pref("iminent.versioning", "{\"CurrentVersion\":\"8.35.5.1\",\"InstallEventCTime\":1411144814116,\"InstallEvent\":\"True\",\"UpdateEventCTime\":1411305587814}");
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [15782 octets] - [21/09/2014 15:38:46]
AdwCleaner[S0].txt - [14628 octets] - [21/09/2014 15:40:31]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14689 octets] ##########
JRT Log: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.9 (09.20.2014:1)
OS: Windows 7 Professional x64
Ran by Minnich on 21.09.2014 at 15:45:32,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\updateClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\utilClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\ClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\updateClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilClearThink_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\utilClearThink_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2B37E792-BCB1-4CE3-A0BA-E9C5B53FA524}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Minnich\AppData\Roaming\mozilla\firefox\profiles\e5fvsnq2.default\prefs.js
user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":1.1,\"e
Emptied folder: C:\Users\Minnich\AppData\Roaming\mozilla\firefox\profiles\e5fvsnq2.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21.09.2014 at 15:53:38,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
21.09.2014, 19:35
| #10 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCFRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Minnich (administrator) on MINNICH-PC on 21-09-2014 15:57:10
Running from C:\Users\Minnich\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\reader_sl.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir=
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Minnich\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Internet Download Manager Squared - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08]
FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08]
FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07]
FF Extension: NoScript - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Minnich\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt
2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt
2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe
2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt
2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt
2014-09-21 15:38 - 2014-09-21 15:40 - 00000000 ____D () C:\AdwCleaner
2014-09-21 15:36 - 2014-09-21 15:38 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt
2014-09-21 15:21 - 2014-09-21 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 15:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-21 15:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 15:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt
2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt
2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt
2014-09-20 19:47 - 2014-09-20 19:58 - 00000000 ____D () C:\Qoobox
2014-09-20 19:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-20 19:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-20 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-20 19:46 - 2014-09-20 19:57 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 10:31 - 2014-09-20 10:32 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe
2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk
2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:05 - 2014-09-21 15:57 - 00006837 _____ () C:\Users\Minnich\Desktop\FRST.txt
2014-09-19 17:05 - 2014-09-21 15:57 - 00000000 ____D () C:\FRST
2014-09-19 17:05 - 2014-09-20 19:43 - 00065593 _____ () C:\Users\Minnich\Desktop\FRST_.txt
2014-09-19 17:05 - 2014-09-20 19:43 - 00024782 _____ () C:\Users\Minnich\Desktop\Addition_.txt
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe
2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF
2014-09-09 08:13 - 2014-09-21 14:57 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo
2014-09-09 08:13 - 2014-09-20 10:49 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate
2014-09-09 08:12 - 2014-09-21 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe
2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:50 - 2014-09-21 15:33 - 00000000 ____D () C:\Program Files\005
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com
2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe
2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-21 15:57 - 2014-09-19 17:05 - 00006837 _____ () C:\Users\Minnich\Desktop\FRST.txt
2014-09-21 15:57 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST
2014-09-21 15:56 - 2013-09-12 10:48 - 00030239 _____ () C:\Windows\setupact.log
2014-09-21 15:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 15:55 - 2014-06-05 16:01 - 01181906 _____ () C:\Windows\WindowsUpdate.log
2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt
2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt
2014-09-21 15:48 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-21 15:48 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe
2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt
2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt
2014-09-21 15:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-21 15:41 - 2010-11-21 05:47 - 00232006 _____ () C:\Windows\PFRO.log
2014-09-21 15:40 - 2014-09-21 15:38 - 00000000 ____D () C:\AdwCleaner
2014-09-21 15:38 - 2014-09-21 15:36 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt
2014-09-21 15:35 - 2014-09-21 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 15:33 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005
2014-09-21 15:33 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-21 15:04 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-21 14:57 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo
2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt
2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt
2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt
2014-09-20 19:58 - 2014-09-20 19:47 - 00000000 ____D () C:\Qoobox
2014-09-20 19:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-20 19:57 - 2014-09-20 19:46 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 19:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-20 19:54 - 2009-07-14 04:34 - 56098816 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-20 19:43 - 2014-09-19 17:05 - 00065593 _____ () C:\Users\Minnich\Desktop\FRST_.txt
2014-09-20 19:43 - 2014-09-19 17:05 - 00024782 _____ () C:\Users\Minnich\Desktop\Addition_.txt
2014-09-20 11:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 10:49 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-20 10:32 - 2014-09-20 10:31 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe
2014-09-20 09:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-20 09:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-20 09:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 08:46 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk
2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten
2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Adobe
2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\Minnich\Documents\Loewe
2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\Minnich\AppData\Roaming\ShiftN.ini
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP
2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan
2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate
2014-09-09 08:00 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe
2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log
2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\Minnich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder
2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Deutsche Telekom AG
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe
2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser
2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com
2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Mozilla
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe
2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe
2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\Minnich\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Minnich\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-17 11:49
==================== End Of Log ============================
Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Minnich at 2014-09-21 15:57:57
Running from C:\Users\Minnich\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG)
InfoTip 2001 (HKLM-x32\...\It2001) (Version: - )
MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG)
MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden
PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-09-2014 06:11:01 Windows Update
20-09-2014 08:47:52 Revo Uninstaller's restore point - Easy PDF Reader Packages
20-09-2014 08:49:38 Revo Uninstaller's restore point - istartsurf uninstall
20-09-2014 08:52:05 Revo Uninstaller's restore point - Software Version Updater
21-09-2014 12:55:56 Revo Uninstaller's restore point - Gameo
21-09-2014 12:57:22 Revo Uninstaller's restore point - PC Speed Maximizer v3.2
21-09-2014 13:06:58 Revo Uninstaller's restore point - simplitec simplicheck
21-09-2014 13:07:12 Removed simplitec simplicheck
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-20 19:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\KWHF.job => C:\Users\Minnich\AppData\Roaming\KWHF.exe
==================== Loaded Modules (whitelisted) =============
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7} => %SYSTEMDRIVE%\restore\createrestore.exe /r
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Error: (09/21/2014 03:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
CodeIntegrity Errors:
===================================
Date: 2014-09-20 19:53:14.000
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-20 19:53:13.954
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 21%
Total physical RAM: 3967.61 MB
Available physical RAM: 3108.38 MB
Total Pagefile: 7933.41 MB
Available Pagefile: 7019.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:185.6 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C)
Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27)
Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
22.09.2014, 09:42
| #11 |
| /// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PCESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.09.2014, 17:33
| #12 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Hi, ESET hat noch fast 20 Bedrohungen erkannt. ESET Log: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=efa8f8009494484eb3c17fd0db5face9
# engine=20247
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-09-22 04:19:35
# local_time=2014-09-22 06:19:35 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 85091 163032625 0 0
# scanned=151584
# found=19
# cleaned=0
# scan_time=1730
sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=7F8E18A2E0BA11295D0CDAA81104E4896B84AC2F ft=1 fh=473853ca0f47624e vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ReimageExpress.com\ExpressSetup.exe"
sh=B018ADBCA951AC0EB0757AFFD7EAB8FC0228CA91 ft=1 fh=fda9a5748d3eb594 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\spstub[1].exe"
sh=5D1F071AF658A18DAA3C5BB68316CCBA3A48AA28 ft=1 fh=fb52270167c4e8d1 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\SunriseBrowse[1].dll"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FK80VV1E\spstub[1].exe"
sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWH45R1F\SPSetup[1].exe"
sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE4VSUIX\SPSetup[1].exe"
sh=ADD584BDB3CF5550D6835065051A551D3BE0369F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\DA3D0634E1E1F5126E557AED536ECCF78549AE57"
sh=78E29B91D2854331B7F28B9FE6B3EEE2EB158CE3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\ED96577D1C76EC0B52951D819D12338706A165A1"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Minnich\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\Downloads\IDM2-Win-EN.exe"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\# Backup Minnich PC\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\IDM2-Win-EN.exe"
sh=BFA542DBC16C89A48B530FC9994CA9FED8075DAC ft=1 fh=adb9f53f93ace214 vn="Variante von Win32/AdWare.iBryte.BI Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\javaupdate_setup.exe"
sh=6D3D4498134083CBAE385671D554842C6FEB459F ft=1 fh=67d76dabf1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup(1).exe"
sh=CCD74435A69F55E73048A22E45B983C730E66D07 ft=1 fh=bda8312af1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.87
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 15.0.0.152
Adobe Reader XI
Mozilla Firefox (32.0.2)
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Im FRST.log: Code:
ATTFilter ==================== Services (Whitelisted) =================
...
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
Code:
ATTFilter ==================== Scheduled Tasks (whitelisted) =============
...
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Minnich (administrator) on MINNICH-PC on 22-09-2014 18:25:59
Running from C:\Users\Minnich\Desktop
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKU\S-1-5-21-3299499388-507950971-3432295107-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - 569F02B720D640868C23E94F03F2C832 URL = hxxp://groovorio.com/results.php?f=4&q={searchTerms}&a=grv_bndl1_14_26&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzyzyyCtB0EtCtDtDtByBzytN0D0Tzu0SzyyBzztN1L2XzutAtFtBtFtCtFtDtN1L1Czu1N1C2X1V1S1G1Q1ItC1VtCyE1VtByCtN1L1G1B1V1N2Y1L1Qzu2SyDtDyC0Dzy0CyBzytGzyyDyEyDtGzzyCzy0AtGtCyCzyyEtGtAyDtByCyDtBtByBtA0A0Bzz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzztC0Fzzzz0DtByDtG0E0CtAyDtGyEtCyD0AtGzytC0AyDtG0ByEyB0EtAyBzy0DyEtD0C0F2Q&cr=1773006457&ir=
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Minnich\AppData\Roaming\mozilla\plugins\np-mswmp.dll (Microsoft Corporation)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Internet Download Manager Squared - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\idmsq@idmsq.com [2014-09-08]
FF Extension: 123b222059cb11dbb0de0800200c9a66 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{123b2220-59cb-11db-b0de-0800200c9a66} [2014-09-08]
FF Extension: AF445D67154C4c69A17B7F392BCC36A3 - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{AF445D67-154C-4c69-A17B-7F392BCC36A3} [2014-09-07]
FF Extension: NoScript - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-19]
FF Extension: Adblock Plus - C:\Users\Minnich\AppData\Roaming\Mozilla\Firefox\Profiles\e5fvsnq2.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-21]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR Profile: C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bndmpmkpkcaipgdfamhmjdkeemneaeco [2014-09-03]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnjjngeaknajbdcgpfkgnonkmififhfo [2014-09-08]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblbciejcodpealifnhfjbdlkedplodp [2014-09-07]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mdapmeleikeppmfgadilffngabfpibok [2014-09-07]
CHR Extension: (No Name) - C:\Users\Minnich\AppData\Local\Google\Chrome\User Data\Default\Extensions\mflbcmpjneookibbaeopkfcnegknkgog [2014-09-10]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Browser7Maintenance; C:\Program Files (x86)\Browser 7 Maintenance Service\maintenanceservice.exe [118584 2014-09-12] (Deutsche Telekom AG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Minnich\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-22 18:23 - 2014-09-22 18:23 - 00854417 _____ () C:\Users\Minnich\Desktop\SecurityCheck.exe
2014-09-22 17:47 - 2014-09-22 17:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-21 18:49 - 2014-09-21 18:49 - 02554924 _____ (Dominik Reichl ) C:\Users\Minnich\Downloads\KeePass-2.27-Setup.exe
2014-09-21 18:49 - 2014-09-21 18:49 - 00040876 _____ () C:\Users\Minnich\Downloads\KeePass-2.27-German.zip
2014-09-21 18:32 - 2014-09-21 18:44 - 00001710 _____ () C:\Windows\Sandboxie.ini
2014-09-21 18:32 - 2014-09-21 18:32 - 00000000 ___RD () C:\Sandbox
2014-09-21 18:32 - 2014-09-21 18:31 - 00000921 _____ () C:\Users\Minnich\Desktop\Sandboxed Web Browser.lnk
2014-09-21 18:31 - 2014-09-21 18:31 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Minnich\Downloads\SandboxieInstall.exe
2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\Program Files\Sandboxie
2014-09-21 16:32 - 2014-09-21 16:33 - 00029115 _____ () C:\Users\Minnich\Desktop\Logfiles.zip
2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-21 16:14 - 2014-09-21 16:14 - 01110476 _____ () C:\Users\Minnich\Desktop\7z920.exe
2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt
2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt
2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe
2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt
2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt
2014-09-21 15:38 - 2014-09-21 15:40 - 00000000 ____D () C:\AdwCleaner
2014-09-21 15:36 - 2014-09-21 15:38 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt
2014-09-21 15:21 - 2014-09-21 15:35 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 15:21 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-21 15:21 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-21 15:21 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt
2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt
2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt
2014-09-20 19:47 - 2014-09-20 19:58 - 00000000 ____D () C:\Qoobox
2014-09-20 19:47 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-20 19:47 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-20 19:47 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-20 19:47 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-20 19:46 - 2014-09-20 19:57 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 10:31 - 2014-09-20 10:32 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe
2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk
2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-22 17:47 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:05 - 2014-09-22 18:26 - 00007602 _____ () C:\Users\Minnich\Desktop\FRST.txt
2014-09-19 17:05 - 2014-09-22 18:26 - 00000000 ____D () C:\FRST
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe
2014-09-19 16:57 - 2014-09-19 17:26 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-10 18:47 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-10 18:47 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-10 18:47 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-10 18:47 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-10 18:47 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-10 18:47 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-10 18:47 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-10 18:47 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-10 18:47 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-10 18:47 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-10 18:47 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-10 18:47 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-10 18:47 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-10 18:47 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-10 18:47 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-10 18:47 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-10 18:47 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-10 18:47 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 18:47 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-10 18:47 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-10 18:47 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-10 18:46 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-10 18:46 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-10 18:46 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-10 18:46 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-10 18:46 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-10 18:46 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-10 18:46 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-10 18:46 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-10 18:46 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-10 18:46 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-10 18:46 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-10 18:46 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-10 18:46 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-10 18:46 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-10 14:57 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 14:57 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 14:55 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 14:55 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 14:55 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 14:55 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 14:55 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 14:55 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 14:55 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:17 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-10 08:17 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF
2014-09-09 08:13 - 2014-09-21 14:57 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo
2014-09-09 08:13 - 2014-09-20 10:49 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate
2014-09-09 08:12 - 2014-09-21 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-09 08:12 - 2014-07-01 19:37 - 00020872 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe
2014-09-06 15:00 - 2014-09-07 11:19 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-06 14:45 - 2014-09-06 14:46 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 10:47 - 2014-09-07 08:42 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:50 - 2014-09-21 15:33 - 00000000 ____D () C:\Program Files\005
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 16:07 - 2014-09-08 14:18 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com
2014-09-03 19:44 - 2014-09-18 18:16 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:43 - 2014-09-06 10:33 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-02 17:06 - 2014-09-11 11:02 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe
2014-08-28 07:47 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:47 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:47 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 15:59 - 2014-08-27 16:00 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-22 18:26 - 2014-09-19 17:05 - 00007602 _____ () C:\Users\Minnich\Desktop\FRST.txt
2014-09-22 18:26 - 2014-09-19 17:05 - 00000000 ____D () C:\FRST
2014-09-22 18:23 - 2014-09-22 18:23 - 00854417 _____ () C:\Users\Minnich\Desktop\SecurityCheck.exe
2014-09-22 17:51 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:51 - 2009-07-14 06:45 - 00032352 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-22 17:47 - 2014-09-22 17:47 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-22 17:47 - 2014-09-19 17:13 - 02347384 _____ (ESET) C:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
2014-09-22 17:42 - 2013-09-12 08:36 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-22 17:39 - 2014-06-05 16:01 - 01202445 _____ () C:\Windows\WindowsUpdate.log
2014-09-22 17:35 - 2013-09-12 10:48 - 00030295 _____ () C:\Windows\setupact.log
2014-09-22 17:35 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-21 18:49 - 2014-09-21 18:49 - 02554924 _____ (Dominik Reichl ) C:\Users\Minnich\Downloads\KeePass-2.27-Setup.exe
2014-09-21 18:49 - 2014-09-21 18:49 - 00040876 _____ () C:\Users\Minnich\Downloads\KeePass-2.27-German.zip
2014-09-21 18:44 - 2014-09-21 18:32 - 00001710 _____ () C:\Windows\Sandboxie.ini
2014-09-21 18:32 - 2014-09-21 18:32 - 00000000 ___RD () C:\Sandbox
2014-09-21 18:31 - 2014-09-21 18:32 - 00000921 _____ () C:\Users\Minnich\Desktop\Sandboxed Web Browser.lnk
2014-09-21 18:31 - 2014-09-21 18:31 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Minnich\Downloads\SandboxieInstall.exe
2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-09-21 18:31 - 2014-09-21 18:31 - 00000000 ____D () C:\Program Files\Sandboxie
2014-09-21 18:31 - 2009-07-14 05:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-09-21 16:33 - 2014-09-21 16:32 - 00029115 _____ () C:\Users\Minnich\Desktop\Logfiles.zip
2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-21 16:15 - 2014-09-21 16:15 - 00000000 ____D () C:\Program Files (x86)\7-Zip
2014-09-21 16:14 - 2014-09-21 16:14 - 01110476 _____ () C:\Users\Minnich\Desktop\7z920.exe
2014-09-21 15:54 - 2014-09-21 15:54 - 00002568 _____ () C:\Users\Minnich\Desktop\JRT_anonym.txt
2014-09-21 15:53 - 2014-09-21 15:53 - 00002571 _____ () C:\Users\Minnich\Desktop\JRT.txt
2014-09-21 15:45 - 2014-09-21 15:45 - 00000000 ____D () C:\Windows\ERUNT
2014-09-21 15:44 - 2014-09-21 15:44 - 01027006 _____ (Thisisu) C:\Users\Minnich\Desktop\JRT.exe
2014-09-21 15:43 - 2014-09-21 15:43 - 00127016 _____ () C:\Users\Minnich\Desktop\mbam_anonym.txt
2014-09-21 15:42 - 2014-09-21 15:42 - 00014830 _____ () C:\Users\Minnich\Desktop\AdwCleaner[S0]_anonym.txt
2014-09-21 15:41 - 2010-11-21 05:47 - 00232006 _____ () C:\Windows\PFRO.log
2014-09-21 15:40 - 2014-09-21 15:38 - 00000000 ____D () C:\AdwCleaner
2014-09-21 15:38 - 2014-09-21 15:36 - 00127342 _____ () C:\Users\Minnich\Desktop\mbam.txt
2014-09-21 15:35 - 2014-09-21 15:21 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-21 15:33 - 2014-09-04 16:50 - 00000000 ____D () C:\Program Files\005
2014-09-21 15:33 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-09-21 15:21 - 2014-09-21 15:21 - 00001109 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-21 15:21 - 2014-09-21 15:21 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-09-21 15:04 - 2014-09-21 15:04 - 00000000 ____D () C:\Program Files (x86)\DriverRestore
2014-09-21 15:04 - 2014-09-09 08:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
2014-09-21 14:57 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Gameo
2014-09-20 20:31 - 2014-09-20 20:31 - 00032959 _____ () C:\post01.txt
2014-09-20 20:00 - 2014-09-20 20:00 - 00032480 _____ () C:\ComboFix_anonym.txt
2014-09-20 19:58 - 2014-09-20 19:58 - 00032550 _____ () C:\ComboFix.txt
2014-09-20 19:58 - 2014-09-20 19:47 - 00000000 ____D () C:\Qoobox
2014-09-20 19:58 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-09-20 19:57 - 2014-09-20 19:46 - 00000000 ____D () C:\Windows\erdnt
2014-09-20 19:55 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-20 19:54 - 2009-07-14 04:34 - 56098816 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 14155776 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-09-20 19:54 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-09-20 11:01 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-20 10:49 - 2014-09-09 08:13 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\0C1I1L1R1J0C1F1G1G1P1R2Z
2014-09-20 10:32 - 2014-09-20 10:31 - 05578824 ____R (Swearware) C:\Users\Minnich\Desktop\ComboFix.exe
2014-09-20 09:47 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-09-20 09:47 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-09-20 09:47 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-20 08:46 - 2014-06-05 18:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 19:12 - 2014-09-19 19:12 - 00001271 _____ () C:\Users\Minnich\Desktop\Revo Uninstaller.lnk
2014-09-19 19:12 - 2014-09-19 19:12 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-09-19 19:11 - 2014-09-19 19:11 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Minnich\Desktop\revosetup95.exe
2014-09-19 19:00 - 2014-09-19 19:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-19 17:26 - 2014-09-19 16:57 - 00000333 _____ () C:\Users\Minnich\Desktop\mal.txt
2014-09-19 17:14 - 2014-09-19 17:14 - 00709564 _____ () C:\Users\Minnich\Desktop\delfix_10.8.exe
2014-09-19 17:13 - 2014-09-19 17:13 - 00448512 _____ (OldTimer Tools) C:\Users\Minnich\Desktop\TFC.exe
2014-09-19 17:12 - 2014-09-19 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Minnich\Desktop\mbam-setup-2.0.2.1012.exe
2014-09-19 17:09 - 2014-09-19 17:09 - 01373475 _____ () C:\Users\Minnich\Desktop\AdwCleaner_3.310.exe
2014-09-19 17:04 - 2014-09-19 17:04 - 02105856 _____ (Farbar) C:\Users\Minnich\Desktop\FRST64.exe
2014-09-19 16:52 - 2014-09-19 16:52 - 00000000 ____D () C:\Users\Minnich\Desktop\Alte Browser7-Daten
2014-09-18 18:16 - 2014-09-03 19:44 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-18 07:56 - 2013-09-12 08:35 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00002026 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-09-18 07:56 - 2013-09-12 08:35 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-18 07:54 - 2014-06-05 17:32 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Adobe
2014-09-15 14:12 - 2014-06-10 09:56 - 00000000 ____D () C:\Users\Minnich\Documents\Loewe
2014-09-15 12:44 - 2014-07-07 13:17 - 00001099 _____ () C:\Users\Minnich\AppData\Roaming\ShiftN.ini
2014-09-14 07:56 - 2014-09-14 07:56 - 01651552 _____ () C:\Windows\Minidump\091414-19156-01.dmp
2014-09-14 07:56 - 2014-06-11 17:27 - 4161772523 _____ () C:\Windows\MEMORY.DMP
2014-09-14 07:56 - 2014-06-11 17:27 - 00000000 ____D () C:\Windows\Minidump
2014-09-13 07:51 - 2014-06-06 11:08 - 00000000 ____D () C:\Program Files (x86)\Browser 7 Maintenance Service
2014-09-11 11:02 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\QuickScan
2014-09-11 09:51 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 08:42 - 2014-09-11 08:42 - 10036224 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-11 08:42 - 2013-09-12 08:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-11 08:42 - 2013-09-12 08:36 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 18:46 - 2013-09-12 09:33 - 01592628 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-10 18:45 - 2014-06-06 13:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 08:18 - 2014-06-06 11:28 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-10 08:17 - 2014-06-06 11:28 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-09 08:17 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\SumatraPDF
2014-09-09 08:13 - 2014-09-09 08:13 - 00000173 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url
2014-09-09 08:13 - 2014-09-09 08:13 - 00000000 ___HD () C:\Users\Minnich\AppData\Roaming\GoldenGate
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair.exe
2014-09-09 07:47 - 2014-09-09 07:47 - 00853960 _____ (Reimage®) C:\Users\Minnich\Downloads\ReimageRepair(1).exe
2014-09-08 14:18 - 2014-09-04 16:07 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-09-08 14:18 - 2014-06-06 11:59 - 00037103 _____ () C:\Windows\IE11_main.log
2014-09-08 13:32 - 2014-06-05 17:32 - 00063776 _____ () C:\Users\Minnich\AppData\Local\GDIPFONTCACHEV1.DAT
2014-09-08 13:32 - 2009-07-14 06:45 - 00287824 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-08 13:28 - 2014-09-08 13:28 - 00003154 _____ () C:\Windows\System32\Tasks\{405D3FA4-397D-4A16-9D21-7494A877FA1E}
2014-09-08 13:20 - 2014-06-06 11:08 - 00001339 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browser 7 der Telekom.lnk
2014-09-08 13:20 - 2014-06-06 11:08 - 00001327 _____ () C:\Users\Public\Desktop\Browser 7 der Telekom.lnk
2014-09-08 13:19 - 2014-09-08 13:19 - 29689728 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7-latest.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00718848 _____ ( ) C:\Users\Minnich\Downloads\IDM2-Win-EN.exe
2014-09-08 11:33 - 2014-09-08 11:33 - 00000000 ____D () C:\MININT
2014-09-08 11:33 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Resources
2014-09-07 11:19 - 2014-09-06 15:00 - 00000000 ____D () C:\Program Files (x86)\ReimageExpress.com
2014-09-07 10:59 - 2014-09-07 10:59 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\DriverFinder
2014-09-07 08:42 - 2014-09-06 10:47 - 00001224 _____ () C:\Users\Minnich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001880 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-07 08:42 - 2014-06-05 18:19 - 00001868 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-06 16:35 - 2014-09-06 16:35 - 00000000 ____D () C:\ProgramData\Telekom-Browser 7
2014-09-06 16:35 - 2014-06-06 11:08 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Deutsche Telekom AG
2014-09-06 15:44 - 2014-09-06 15:44 - 00362592 _____ (Deutsche Telekom AG) C:\Users\Minnich\Downloads\browser7_setup.exe
2014-09-06 15:03 - 2014-06-07 15:37 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:50 - 2013-09-12 08:33 - 00002051 _____ () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-06 14:46 - 2014-09-06 14:45 - 00000000 ____D () C:\Program Files (x86)\Reimageplus.com
2014-09-06 11:01 - 2009-07-14 04:34 - 00000505 _____ () C:\Windows\win.ini
2014-09-06 10:33 - 2014-09-03 15:43 - 00000000 ____D () C:\ProgramData\4ef04fb202130dcc
2014-09-06 07:53 - 2014-09-06 07:53 - 00000464 _____ () C:\Windows\system32\ScannerSettings
2014-09-05 12:26 - 2014-09-05 12:26 - 00000000 ____D () C:\Users\Minnich\AppData\Local\speed browser
2014-09-05 04:10 - 2014-09-10 14:55 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 14:55 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-04 17:34 - 2014-09-04 17:34 - 00000044 _____ () C:\Users\Minnich\AppData\Roaming\WB.CFG
2014-09-04 16:55 - 2014-09-04 16:55 - 00000000 ____D () C:\ProgramData\TEMP
2014-09-04 16:51 - 2014-09-04 16:51 - 00001246 _____ () C:\Windows\Tasks\KWHF.job
2014-09-04 16:33 - 2014-09-04 16:33 - 00000000 ____D () C:\33cb8ceb-6e1a-4e4c-9963-d32ad5205a76
2014-09-04 16:16 - 2014-09-04 16:16 - 00244400 _____ () C:\Users\Minnich\Downloads\Firefox Setup Stub 32.0.exe
2014-09-04 07:27 - 2014-09-04 07:27 - 00000000 ____D () C:\Users\Minnich\AppData\Local\com
2014-09-04 07:25 - 2014-06-05 18:20 - 00000000 ____D () C:\Users\Minnich\AppData\Roaming\Mozilla
2014-09-03 19:29 - 2014-09-03 19:29 - 00936136 _____ () C:\Windows\Minidump\090314-14008-01.dmp
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Comodo
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-09-03 15:43 - 2014-09-03 15:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-09-02 17:06 - 2014-09-02 17:06 - 00000000 ____D () C:\Users\Minnich\AppData\Local\CrashRpt
2014-09-02 17:04 - 2014-09-02 17:04 - 00073728 _____ ( ) C:\Users\Minnich\Desktop\guiformat.exe
2014-09-02 10:05 - 2014-06-06 12:17 - 00000000 ____D () C:\It2001
2014-09-01 10:18 - 2014-09-01 10:18 - 00001248 _____ () C:\Users\Minnich\AppData\Roaming\KWHF
2014-09-01 08:38 - 2014-09-01 08:38 - 00000000 ____D () C:\Users\Minnich\AppData\Local\Adobe
2014-08-29 12:59 - 2014-08-29 12:59 - 02073521 _____ (Auerswald) C:\Users\Minnich\Downloads\Install.exe
2014-08-27 16:00 - 2014-08-27 15:59 - 01068280 _____ () C:\Windows\Minidump\082714-24024-01.dmp
2014-08-25 06:53 - 2010-11-21 05:27 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 04:07 - 2014-08-28 07:47 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:47 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:47 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
Some content of TEMP:
====================
C:\Users\Minnich\AppData\Local\Temp\DRHelper_uninstallComplete.exe
C:\Users\Minnich\AppData\Local\Temp\Quarantine.exe
C:\Users\Minnich\AppData\Local\Temp\vcredist_x64.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-17 11:49
==================== End Of Log ============================
--- --- --- Addition Log: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 12-09-2014
Ran by Minnich at 2014-09-22 18:26:32
Running from C:\Users\Minnich\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Browser 7 der Telekom 31.0.20 (x86 de) (HKLM-x32\...\Browser 7 der Telekom 31.0.20 (x86 de)) (Version: 31.0.20 - Deutsche Telekom AG)
Browser 7 Maintenance Service (HKLM-x32\...\Browser7MaintenanceService) (Version: 31.0.19 - Deutsche Telekom AG)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
InfoTip 2001 (HKLM-x32\...\It2001) (Version: - )
MAGIX Foto & Grafik Designer 9 (HKLM-x32\...\MX.{E84F54E0-4BC7-4C19-A969-D22574CDC118}) (Version: 9.1.2.28274 - MAGIX AG)
MAGIX Foto & Grafik Designer 9 (Version: 9.1.2.28274 - MAGIX AG) Hidden
MAGIX Web Designer MX Premium (HKLM-x32\...\MAGIX_{4D5A1C12-2F7B-4A67-B186-ECAE22EF4FCB}) (Version: 8.0.2.21761 - MAGIX AG)
MAGIX Web Designer MX Premium (Version: 8.0.2.21761 - MAGIX AG) Hidden
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 32.0.2 (x86 de) (HKLM-x32\...\Mozilla Firefox 32.0.2 (x86 de)) (Version: 32.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0 - Mozilla)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
Photo & Graphic Designer 9 Update (Version: 9.2.8.32681 - MAGIX Software GmbH) Hidden
PIKO Master Control V2.0 v1.2.2.38199 (HKLM-x32\...\PIKO Master Control V2.0_is1) (Version: 1.2.2.38199 - KOSTAL Solar Electric GmbH)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Sandboxie 4.12 (64-bit) (HKLM\...\Sandboxie) (Version: 4.12 - Sandboxie Holdings, LLC)
Web Designer Premium MX Update (Version: 8.1.5.31094 - MAGIX AG) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-09-2014 06:11:01 Windows Update
20-09-2014 08:47:52 Revo Uninstaller's restore point - Easy PDF Reader Packages
20-09-2014 08:49:38 Revo Uninstaller's restore point - istartsurf uninstall
20-09-2014 08:52:05 Revo Uninstaller's restore point - Software Version Updater
21-09-2014 12:55:56 Revo Uninstaller's restore point - Gameo
21-09-2014 12:57:22 Revo Uninstaller's restore point - PC Speed Maximizer v3.2
21-09-2014 13:06:58 Revo Uninstaller's restore point - simplitec simplicheck
21-09-2014 13:07:12 Removed simplitec simplicheck
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2014-09-20 19:55 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {6C3EFE4C-FB27-4E5E-BA51-850E1178EDCB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-11] (Adobe Systems Incorporated)
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
Task: {D8511953-6640-4969-95BD-A56F00F64566} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\KWHF.job => C:\Users\Minnich\AppData\Roaming\KWHF.exe
==================== Loaded Modules (whitelisted) =============
2014-09-19 19:00 - 2014-09-19 19:00 - 03734640 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Unattend0000000001{15346C6C-F853-4410-BF55-473812C60FF7} => %SYSTEMDRIVE%\restore\createrestore.exe /r
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (09/22/2014 06:20:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 05:47:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 05:47:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/22/2014 05:37:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
Error: (09/21/2014 05:46:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (09/21/2014 03:58:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine Ereignisse übermittelt werden.
System errors:
=============
Error: (09/22/2014 05:35:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (09/21/2014 03:56:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Reimage Real Time Protector" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (09/22/2014 06:20:59 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
Error: (09/22/2014 05:47:39 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
Error: (09/22/2014 05:47:34 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
Error: (09/22/2014 05:47:26 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
Error: (09/22/2014 05:37:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/21/2014 05:46:32 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestc:\Users\Minnich\Desktop\esetsmartinstaller_deu.exe
Error: (09/21/2014 03:58:14 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT-AUTORITÄT)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
CodeIntegrity Errors:
===================================
Date: 2014-09-20 19:53:14.000
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2014-09-20 19:53:13.954
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
Percentage of memory in use: 41%
Total physical RAM: 3967.61 MB
Available physical RAM: 2322.46 MB
Total Pagefile: 7933.41 MB
Available Pagefile: 6379.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:225.22 GB) (Free:184.65 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (RENATE) (Fixed) (Total:931.28 GB) (Free:924.92 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 0841F56C)
Partition 1: (Not Active) - (Size=7.7 GB) - (Type=27)
Partition 2: (Active) - (Size=225.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 931.5 GB) (Disk ID: CD407128)
Partition 1: (Active) - (Size=931.5 GB) - (Type=0C)
==================== End Of Log ============================
Geändert von root2 (22.09.2014 um 17:41 Uhr) |
|
23.09.2014, 18:24
| #13 |
| /// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Backup auf E löschen. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.09.2014, 19:09
| #14 |
| | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Danke für die Antwort. TFC hat keinen Neustart gefordert. Anbei das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 23-09-2014
Ran by Minnich at 2014-09-23 20:06:15 Run:1
Running from C:\Users\Minnich\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
S2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [X]
Task: {7929E22C-9E3E-461B-BA2F-D97C10256833} - \ReimageUpdater No Task File <==== ATTENTION
*****************
ReimageRealTimeProtector => Service deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7929E22C-9E3E-461B-BA2F-D97C10256833}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7929E22C-9E3E-461B-BA2F-D97C10256833}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ReimageUpdater" => Key deleted successfully.
==== End of Fixlog ====
Was soll mit den weiteren Funden von ESET gemacht werden?: Code:
ATTFilter sh=99414731D83EBD1177112CFE7E3D849C4DC156F5 ft=1 fh=fbdf85939d27573c vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\netfilter64.sys.vir"
sh=7F8E18A2E0BA11295D0CDAA81104E4896B84AC2F ft=1 fh=473853ca0f47624e vn="Win32/SearchPlugin.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\ReimageExpress.com\ExpressSetup.exe"
sh=B018ADBCA951AC0EB0757AFFD7EAB8FC0228CA91 ft=1 fh=fda9a5748d3eb594 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Program Files (x86)\Probit Software\Easy Speed PC\ESPCSmartScan.exe.vir"
sh=36F969E522FD53A189312D946C430EFD02D5A982 ft=1 fh=5d022c015afe1524 vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\spstub[1].exe"
sh=5D1F071AF658A18DAA3C5BB68316CCBA3A48AA28 ft=1 fh=fb52270167c4e8d1 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4JLGS9U4\SunriseBrowse[1].dll"
sh=7028F239FAC673EE7DC7772ACC75D759EA73837D ft=1 fh=e769f095fe49f653 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FK80VV1E\spstub[1].exe"
sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KWH45R1F\SPSetup[1].exe"
sh=54BE56B6705EB161677DEE881A9E7B72E5861179 ft=1 fh=f0ed7077fc73dcf1 vn="Variante von Win32/ClientConnect.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\QE4VSUIX\SPSetup[1].exe"
sh=ADD584BDB3CF5550D6835065051A551D3BE0369F ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Visicom.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\DA3D0634E1E1F5126E557AED536ECCF78549AE57"
sh=78E29B91D2854331B7F28B9FE6B3EEE2EB158CE3 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Iminent.I evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\AppData\Local\Mozilla\Firefox\Profiles\e5fvsnq2.default\cache2\entries\ED96577D1C76EC0B52951D819D12338706A165A1"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="C:\Users\Minnich\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Minnich\Downloads\IDM2-Win-EN.exe"
sh=4D61862340A8C252665F1927CACB3038D474F2EA ft=1 fh=6d632a397799bb5e vn="Variante von Win32/Bundled.Toolbar.Ask.G potenziell unsichere Anwendung" ac=I fn="E:\# Backup Minnich PC\Documents\MAGIX Downloads\Installationsmanager\Foto_Grafik_Designer_9_DLV_de-DE_130611_10-14_9_1_2_28274.exe"
sh=907DF0456F03AEAA8E44D2D9D3CD4558BA07B2DB ft=1 fh=6012deb93b048baa vn="Variante von Win32/InstallCore.PX evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\IDM2-Win-EN.exe"
sh=BFA542DBC16C89A48B530FC9994CA9FED8075DAC ft=1 fh=adb9f53f93ace214 vn="Variante von Win32/AdWare.iBryte.BI Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\javaupdate_setup.exe"
sh=6D3D4498134083CBAE385671D554842C6FEB459F ft=1 fh=67d76dabf1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup(1).exe"
sh=CCD74435A69F55E73048A22E45B983C730E66D07 ft=1 fh=bda8312af1ab7c07 vn="Variante von Win32/SoftPulse.L evtl. unerwünschte Anwendung" ac=I fn="E:\# Backup Minnich PC\Downloads\Setup.exe"
|
|
24.09.2014, 11:15
| #15 |
| /// the machine /// TB-Ausbilder | Befall von Malware (zym.tollbahsuburban.com) auf Windows 7 Professional PC Sind schon in Quarantäne, also werden die beim Entfernen der Tools mit entfernt. Die DInger in Dokumente und Download Ordner kannste von Hand löschen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
WARNUNG an die MITLESER: 
Linear-Darstellung
