Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 17.12.2014, 12:07   #1
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Hallo zusammen!

Ich hoffe, dass mir hier weitergeholfen werden kann.

Folgendes Problem:

Ein Freund von mir hat auf seinem Laptop diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"), da er leider nie ein AntiVirus-Programm benutzt hat (nutzt den Laptop schon seit nem Jahr!). Ich hatte Malwarebytes Anti-Malware und Avast Free installiert. Ein Scan mit MBAM ergab 151 Infektionen, also alle in die Quarantäne verschoben. Dann wollte ich diese ganze Schadsoftware mit Revo Uninstaller deinstallieren und mit CCleaner nochmal rübergehen, aber Avast erkennt fast alle Prozesse (egal ob Revo, Firefox o.ä.) als Trojaner und blockiert.

Durch die Infektionen treten ständig Werbeeinblendungen, Hyperlinks usw. (bekannte Probleme) auf. Zudem ist der Laptop dadurch echt sehr langsam..

Nunja, da meine Maßnahmen als Laie eigentlich nichts gebracht haben, wollte ich die Experten hier um Hilfe bitten.

Was sollten wir tun, um den Laptop wieder sauber zu kriegen?

Viele Grüße!

Edit: Betriebssystem ist Windows 8.1

Geändert von Suchender12 (17.12.2014 um 12:27 Uhr)

Alt 17.12.2014, 13:26   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Hallo und

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!




Zudem bitte auch ein Log mit Farbars Tool machen:

Scan mit Farbar's Recovery Scan Tool (FRST)

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)



Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 17.12.2014, 14:38   #3
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Danke für die schnelle Antwort!

Mit Avast hatte ich noch keinen Scan, der meldet sich immer nur bei Programmaktivität, wie z.B. Download mit Firefox (da dort dann die Werbung auftaucht).

Malwarebytes hat leider kein Log vom Scan erstellt

Hier das Ergebnis von FRST (Nutzernamen durch ****** ersetzt):

FRST.txt


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by ****** (administrator) on VAIO on 17-12-2014 14:29:55
Running from C:\Users\******\Downloads
Loaded Profile: ****** (Available profiles: ****** & ******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginServices\PluginService.exe
(Fuyu LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
() C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
() C:\Users\******\AppData\Roaming\VOPackage\VOsrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_246.exe
(Farbar) C:\Users\******\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2752752 2013-07-12] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-04] (Broadcom Corporation.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-17] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk
ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
ShortcutTarget: MyPC Backup.lnk -> C:\Program Files (x86)\MyPC Backup\MyPC Backup.exe (MyPCBackup.com)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
ShortcutTarget: StormWatch.lnk -> C:\Users\******\AppData\Local\StormWatch\StormWatch.exe (No File)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
ShortcutTarget: StormWatchApp.lnk -> C:\Users\******\AppData\Local\StormWatch\StormWatchApp.exe (No File)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
SearchScopes: HKLM -> {77AA745B-F4F8-45DA-9B14-61D2D95054C8} URL = 
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002 -> DefaultScope {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002 -> {1C1745D0-56C0-4DA8-AAE5-0B651F495E59} URL = hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDyByDyBtC0FtBtG0C0ByDtDtG0AtB0ByBtGzytDyB0FtGtA0BtAtB0ByB0Czy0BtBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytB0FtAtD0BtDtG0BzytCyDtGyBtC0B0BtG0A0Czy0DtGtDyByCtA0FtAtAyC0FzztC0E2Q&cr=761249732&ir=
SearchScopes: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002 -> {2C9735F9-DC6F-491E-8B70-D280761920B7} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {2ddd4bed-9178-4d47-831c-7ea90170edf0} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} ->  No File
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: ddownlloaditkeep -> {a9d8d927-b5f2-4237-8def-dded2909914c} -> C:\ProgramData\ddownlloaditkeep\Nz0dcqEOXPF79F.x64.dll ()
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {23d4646c-263a-4e2d-a08c-6c704557973d} ->  No File
BHO-x32: No Name -> {2ddd4bed-9178-4d47-831c-7ea90170edf0} ->  No File
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name -> {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} ->  No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: ddownlloaditkeep -> {a9d8d927-b5f2-4237-8def-dded2909914c} -> C:\ProgramData\ddownlloaditkeep\Nz0dcqEOXPF79F.dll ()
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x3919pts.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x3919pts.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\faststartff@gmail.com
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-17]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avira SearchFree Toolbar plus Web Protection) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh [2014-12-11]
CHR Extension: (Avast Online Security) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-17]
CHR Extension: (Earth TV) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn [2014-12-12]
CHR Extension: (Vosteran New Tab) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce [2014-12-11]
CHR Extension: (G calize) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp [2014-11-17]
CHR Extension: (easytoshop) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmdkolkgokhiflhdddcfnbebofneifp [2014-11-17]
CHR HKLM\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM\...\Chrome\Extension: [Ìÿ] - No Path
CHR HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [ibnjmihbbanannlbobkbmnmckjnmdnom] - No Path
CHR HKLM-x32\...\Chrome\Extension: [oilkkkefbalmbfppgjmgjoefbclebkce] - No Path
CHR HKLM-x32\...\Chrome\Extension: [Ìÿ] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-17] (AVAST Software)
S2 BackupStack; C:\Program Files (x86)\MyPC Backup\BackupStack.exe [36936 2014-10-30] (Just Develop It) <==== ATTENTION
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 CouponArificService64; C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe [172544 2014-09-29] () [File not signed]
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-01] (WildTangent)
R2 IePluginServices; C:\ProgramData\IePluginServices\PluginService.exe [714208 2014-11-17] (Cherished Technololgy LIMITED)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [218248 2013-08-14] (Mentor Graphics Corporation) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
R2 servervo; C:\Users\******\AppData\Roaming\VOPackage\VOsrv.exe [89600 2014-11-17] () [File not signed]
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-10-08] (SolidWorks) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [490640 2014-11-17] (Fuyu LIMITED)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-17] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-17] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-06-03] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R1 netfilter64; C:\Windows\System32\drivers\netfilter64.sys [46376 2014-09-29] (NetFilterSDK.com)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-05-06] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-12] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
R1 {19854aff-7c07-4859-9831-cd028ac55dd0}Gw64; C:\Windows\System32\drivers\{19854aff-7c07-4859-9831-cd028ac55dd0}Gw64.sys [61120 2014-04-24] (StdLib)
R1 {55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64; C:\Windows\System32\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys [48776 2014-11-17] (StdLib)
R1 {820a714f-c526-4777-8e87-e9d6612e0938}Gw64; C:\Windows\System32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys [48776 2014-11-18] (StdLib)
R1 {e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64; C:\Windows\System32\drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys [48784 2014-12-07] (StdLib)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 14:29 - 2014-12-17 14:30 - 00027841 _____ () C:\Users\******\Downloads\FRST.txt
2014-12-17 14:29 - 2014-12-17 14:30 - 00000000 ____D () C:\FRST
2014-12-17 14:29 - 2014-12-17 14:29 - 02119168 _____ (Farbar) C:\Users\******\Downloads\FRST64(1).exe
2014-12-17 14:28 - 2014-12-17 14:28 - 01111040 _____ (Farbar) C:\Users\******\Downloads\FRST.exe
2014-12-17 14:26 - 2014-12-17 14:26 - 02116264 _____ () C:\Users\******\Downloads\FRST64.exe
2014-12-17 11:50 - 2014-12-17 11:54 - 156538732 _____ () C:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exe
2014-12-17 11:49 - 2014-12-17 11:49 - 00000589 _____ () C:\Users\******\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-17 11:49 - 2014-12-17 11:49 - 00000000 ____D () C:\EEK
2014-12-17 11:48 - 2014-12-17 11:49 - 160525284 _____ () C:\Users\******\Downloads\EmsisoftEmergencyKit.exe
2014-12-17 11:42 - 2014-12-17 11:42 - 00602112 _____ (OldTimer Tools) C:\Users\******\Downloads\OTL.exe
2014-12-17 11:38 - 2014-12-17 11:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Abelssoft
2014-12-17 11:37 - 2014-12-17 11:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Abelssoft
2014-12-17 11:37 - 2014-12-17 11:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-12-17 10:51 - 2014-12-17 10:51 - 00000000 ____D () C:\ProgramData\374311380
2014-12-17 06:56 - 2014-12-17 11:38 - 00000000 ____D () C:\Users\******\AppData\Local\Abelssoft
2014-12-17 06:56 - 2014-12-17 06:56 - 02942688 _____ (Abelssoft ) C:\Users\******\Downloads\CHIP_Updater_2.39.exe
2014-12-17 06:56 - 2014-12-17 06:56 - 00001066 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-12-17 06:56 - 2014-12-17 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-12-17 06:56 - 2014-12-17 06:56 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-12-17 06:52 - 2014-12-17 06:52 - 00001284 _____ () C:\Users\******\Desktop\Revo Uninstaller.lnk
2014-12-17 06:52 - 2014-12-17 06:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-17 06:51 - 2014-12-17 06:51 - 00001189 _____ () C:\Users\******\Desktop\Auslogics DiskDefrag.lnk
2014-12-17 06:51 - 2014-12-17 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-12-17 06:51 - 2014-12-17 06:51 - 00000000 ____D () C:\ProgramData\Auslogics
2014-12-17 06:51 - 2014-12-17 06:51 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-12-17 06:47 - 2014-12-17 06:47 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-17 06:47 - 2014-12-17 06:47 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-17 06:47 - 2014-12-17 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-17 06:47 - 2014-12-17 06:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-17 06:46 - 2014-12-17 06:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\******\Downloads\revosetup.exe
2014-12-17 06:44 - 2014-12-17 06:44 - 06739960 _____ (Auslogics Labs Pty Ltd ) C:\Users\******\Downloads\disk-defrag-setup.exe
2014-12-17 06:43 - 2014-12-17 06:43 - 05162080 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup500.exe
2014-12-17 04:32 - 2014-12-17 04:32 - 00001896 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-12-17 04:26 - 2014-06-10 02:55 - 00027901 _____ () C:\Users\******\Desktop\2014-06-10 01.55.34.jpeg
2014-12-17 04:17 - 2014-12-17 04:17 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-17 04:17 - 2014-12-17 04:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\AVAST Software
2014-12-17 04:17 - 2014-12-17 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-17 04:16 - 2014-12-17 05:33 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-17 04:16 - 2014-12-17 04:16 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-17 04:16 - 2014-12-17 04:16 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-17 04:16 - 2014-12-17 04:16 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-17 04:14 - 2014-12-17 04:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-17 04:09 - 2014-12-17 14:14 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 04:09 - 2014-12-17 04:09 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 04:09 - 2014-12-17 04:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-17 04:08 - 2014-12-17 04:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-17 04:08 - 2014-12-17 04:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 04:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-17 04:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-17 04:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-17 04:07 - 2014-12-17 04:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-17 04:07 - 2014-12-17 04:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-17 04:06 - 2014-12-17 04:07 - 131078000 _____ (AVAST Software) C:\Users\******\Downloads\avast_free_antivirus_setup.exe
2014-12-17 03:51 - 2014-12-17 03:51 - 00000000 ____D () C:\Users\******\Desktop\MTRT Referat
2014-12-17 03:49 - 2014-12-17 14:17 - 00000000 ___RD () C:\Users\******\Dropbox
2014-12-17 03:49 - 2014-12-17 03:49 - 00001164 _____ () C:\Users\******\Desktop\Dropbox.lnk
2014-12-17 03:47 - 2014-12-17 03:47 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 03:45 - 2014-12-17 14:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-12-17 03:45 - 2014-12-17 03:45 - 00324224 _____ (Dropbox, Inc.) C:\Users\******\Downloads\DropboxInstaller.exe
2014-12-17 03:31 - 2014-12-17 03:31 - 00000000 ____D () C:\Users\******\AppData\Local\Macromedia
2014-12-17 03:30 - 2014-12-17 03:30 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mozilla
2014-12-17 03:30 - 2014-12-17 03:30 - 00000000 ____D () C:\Users\******\AppData\Local\Mozilla
2014-12-17 03:27 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-17 03:27 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 21:16 - 2014-12-14 21:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-12 06:26 - 2014-12-12 06:26 - 00000000 ____D () C:\ProgramData\8014362988984944915
2014-12-12 06:25 - 2014-12-17 10:50 - 00000000 ____D () C:\ProgramData\ddownlloaditkeep
2014-12-11 19:06 - 2014-12-11 19:06 - 00011411 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-12-11 17:25 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-11 17:25 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-11 17:25 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 17:25 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 17:24 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 17:24 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 17:24 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 17:24 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 17:11 - 2014-12-11 17:11 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieBrowserModeList
2014-12-11 16:15 - 2014-12-11 19:06 - 00000000 ____D () C:\Users\******\AppData\Local\gtk-2.0
2014-12-11 16:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:05 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:05 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:05 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:05 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:05 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:05 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:05 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:05 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:05 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:05 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:05 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:05 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 16:05 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:05 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 15:58 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 15:58 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 15:58 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 15:58 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 15:41 - 2014-12-11 15:41 - 00000000 ____D () C:\Users\******\.thumbnails
2014-12-11 15:38 - 2014-12-11 19:08 - 00000000 ____D () C:\Users\******\.gimp-2.8
2014-12-11 15:38 - 2014-12-11 15:38 - 00000000 ____D () C:\Users\******\AppData\Local\gegl-0.2
2014-12-11 15:36 - 2014-12-11 15:36 - 00000910 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-12-11 15:34 - 2014-12-11 15:36 - 00000000 ____D () C:\Program Files\GIMP 2
2014-12-10 22:22 - 2014-12-10 22:22 - 01833582 _____ () C:\Users\******\Desktop\Kopie von 14-12-10_RT_Praktikum_II(1).xlsx
2014-12-10 21:12 - 2014-12-10 22:23 - 00003359 _____ () C:\Users\******\Desktop\treffen.ods
2014-12-08 05:01 - 2014-12-08 05:01 - 00022528 _____ () C:\Users\******\AppData\Local\dsisetup215364842.exe
2014-12-08 05:01 - 2014-12-08 05:01 - 00000010 _____ () C:\Users\******\AppData\Local\DSI.DAT
2014-12-07 23:07 - 2014-12-07 07:53 - 00048784 _____ (StdLib) C:\WINDOWS\system32\Drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys
2014-12-07 23:05 - 2014-12-07 23:05 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-12-07 22:51 - 2014-12-07 22:51 - 00000000 ____D () C:\ProgramData\SaleItCoupon
2014-11-21 21:14 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-21 21:14 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-21 21:14 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-21 21:14 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-21 21:02 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-21 21:02 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-21 21:02 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-21 21:02 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-21 21:02 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-21 21:02 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-21 21:02 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-21 21:02 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-21 21:02 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-21 21:02 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-21 21:02 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-21 21:01 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-21 21:01 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-21 21:01 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-21 21:01 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-21 21:01 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-21 21:01 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-21 21:01 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-21 21:01 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-21 21:01 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-21 21:01 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-21 21:01 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-21 21:01 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-21 21:01 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-21 21:01 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-21 21:01 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-19 21:00 - 2014-12-14 21:00 - 00000128 _____ () C:\Users\******\AppData\Roaming\WB.CFG
2014-11-18 19:32 - 2014-11-18 08:30 - 00048776 _____ (StdLib) C:\WINDOWS\system32\Drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys
2014-11-17 21:42 - 2014-11-17 21:42 - 00000000 ____D () C:\ProgramData\GetTheDiscount
2014-11-17 21:41 - 2014-12-17 10:59 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-17 21:41 - 2014-12-17 10:48 - 00000000 ____D () C:\ProgramData\CoolSaleCoupon
2014-11-17 21:41 - 2014-12-12 06:25 - 00000000 ____D () C:\ProgramData\6f38bcad337c4913
2014-11-17 21:39 - 2014-11-17 21:39 - 00004018 _____ () C:\WINDOWS\System32\Tasks\LaunchSignup
2014-11-17 21:39 - 2014-11-17 21:39 - 00001985 _____ () C:\Users\******\Desktop\Sync Folder.lnk
2014-11-17 21:39 - 2014-11-17 21:39 - 00001312 _____ () C:\Users\Public\Desktop\Chica Password Manager 2.0.lnk
2014-11-17 21:39 - 2014-11-17 21:39 - 00000000 ___SD () C:\Users\******\Documents\Chica Passwords
2014-11-17 21:39 - 2014-11-17 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChicaLogic
2014-11-17 21:39 - 2014-11-17 21:39 - 00000000 ____D () C:\Program Files (x86)\ChicaLogic
2014-11-17 21:38 - 2014-12-17 10:46 - 00000000 ____D () C:\Users\******\AppData\Roaming\VOPackage
2014-11-17 21:38 - 2014-11-17 21:39 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-11-17 21:38 - 2014-11-17 21:38 - 00001103 _____ () C:\Users\******\Desktop\MyPC Backup.lnk
2014-11-17 21:38 - 2014-11-17 21:38 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
2014-11-17 21:38 - 2014-11-17 21:38 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
2014-11-17 21:36 - 2014-12-08 05:53 - 00000000 ____D () C:\Users\******\AppData\Local\StormWatch
2014-11-17 21:36 - 2014-11-17 21:36 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
2014-11-17 21:36 - 2014-11-17 21:36 - 00000000 ____D () C:\Users\******\AppData\Local\Weather_Protector_LLC
2014-11-17 21:35 - 2014-12-17 11:57 - 00000000 ____D () C:\Program Files\CouponArific
2014-11-17 21:35 - 2014-11-17 21:35 - 00004316 _____ () C:\WINDOWS\System32\Tasks\RocketTab Update Task
2014-11-17 21:35 - 2014-11-17 21:35 - 00003530 _____ () C:\WINDOWS\System32\Tasks\RocketTab
2014-11-17 21:35 - 2014-11-17 21:35 - 00000005 _____ () C:\end
2014-11-17 21:35 - 2014-11-17 21:35 - 00000000 ____D () C:\Program Files (x86)\Search Extensions
2014-11-17 21:35 - 2014-11-17 21:35 - 00000000 ____D () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
2014-11-17 21:34 - 2014-12-17 12:13 - 00000000 ____D () C:\Program Files (x86)\SupTab
2014-11-17 21:34 - 2014-11-17 21:34 - 00000000 ____D () C:\Users\******\AppData\Roaming\omiga-plus
2014-11-17 21:34 - 2014-11-17 21:34 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2014-11-17 21:34 - 2014-11-17 21:34 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-11-17 21:33 - 2014-11-17 21:33 - 00403320 _____ (Premium Installer ) C:\Users\******\Downloads\evasi0n7_Setup.exe
2014-11-17 21:11 - 2014-11-17 06:32 - 00048776 _____ (StdLib) C:\WINDOWS\system32\Drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys
2014-11-17 21:05 - 2014-12-10 22:46 - 00003236 _____ () C:\WINDOWS\System32\Tasks\Optimizer Pro Schedule
2014-11-17 21:05 - 2014-11-17 21:05 - 00000000 ____D () C:\Users\******\Documents\Optimizer Pro
2014-11-17 21:01 - 2014-12-17 10:59 - 00000000 ____D () C:\Program Files (x86)\AppEnable
2014-11-17 21:01 - 2014-11-17 21:01 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
2014-11-17 21:00 - 2014-12-17 12:00 - 00000302 _____ () C:\WINDOWS\Tasks\WSE_Vosteran.job
2014-11-17 21:00 - 2014-12-08 05:01 - 00000000 ____D () C:\Users\******\AppData\Local\Vosteran
2014-11-17 21:00 - 2014-11-17 21:00 - 00002640 _____ () C:\WINDOWS\System32\Tasks\WSE_Vosteran
2014-11-17 21:00 - 2014-11-17 21:00 - 00000000 ____D () C:\Users\******\AppData\Roaming\WSE_Vosteran
2014-11-17 21:00 - 2014-11-17 21:00 - 00000000 ____D () C:\Program Files (x86)\WSE_Vosteran
2014-11-17 21:00 - 2014-11-17 20:59 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella.exe.EXE
2014-11-17 20:58 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-11-17 20:46 - 2014-11-17 20:46 - 00812376 _____ ( ) C:\Users\******\Downloads\tinyumbrella.exe
2014-11-17 20:40 - 2014-11-17 20:41 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00 (2).exe
2014-11-17 20:34 - 2014-11-17 20:34 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-17 20:15 - 2014-11-17 20:15 - 03458048 _____ () C:\Users\******\Downloads\tinyumbrella-7.11.00.exe
2014-11-17 20:15 - 2014-11-17 20:15 - 03458048 _____ () C:\Users\******\Downloads\tinyumbrella-7.11.00 (1).exe
2014-11-17 20:11 - 2014-11-17 20:11 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00 (3).exe
2014-11-17 19:59 - 2014-11-17 19:59 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00 (1).exe
2014-11-17 19:58 - 2014-11-17 21:45 - 00033275 _____ () C:\Users\******\Downloads\umbrella.log
2014-11-17 19:58 - 2014-11-17 19:58 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00.exe
2014-11-17 19:55 - 2014-11-17 19:55 - 00598589 _____ () C:\Users\******\Downloads\installtinyumbrella.dmg
2014-11-17 19:48 - 2014-11-17 19:48 - 00000000 ____D () C:\Users\******\.shsh
2014-11-17 19:39 - 2014-11-17 19:47 - 00000600 _____ () C:\Users\******\AppData\Roaming\winscp.rnd
2014-11-17 19:34 - 2014-11-17 19:40 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-11-17 19:34 - 2014-11-17 19:40 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-11-17 19:29 - 2014-11-17 20:05 - 11429902 _____ () C:\Users\******\Downloads\iCloud Aktivasyon.rar
2014-11-17 18:06 - 2014-11-17 18:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-17 18:06 - 2014-11-17 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-17 18:04 - 2014-11-17 18:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-17 18:04 - 2014-11-17 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-11-17 18:04 - 2014-11-17 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-17 18:04 - 2014-11-17 18:04 - 00000000 ____D () C:\Program Files\iPod
2014-11-17 17:38 - 2014-11-17 17:40 - 16969459 _____ () C:\Users\******\Downloads\evasi0n7-win-1.0.7-633a643e10531c58e7ce18018986b6d14774102d.zip
2014-11-17 17:34 - 2014-11-17 17:34 - 00399224 _____ (Premium Installer ) C:\Users\******\Downloads\Flash_Player_Pro_Setup (1).exe
2014-11-17 17:32 - 2014-11-17 17:32 - 00399224 _____ (Premium Installer ) C:\Users\******\Downloads\Flash_Player_Pro_Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 14:30 - 2013-10-31 04:18 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 14:24 - 2013-11-20 04:50 - 01391402 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 14:13 - 2013-10-31 04:17 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 14:13 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-17 12:12 - 2013-09-26 21:41 - 00000000 ____D () C:\Update
2014-12-17 12:00 - 2014-01-01 01:03 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-17 11:51 - 2014-03-21 14:46 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001UA.job
2014-12-17 11:35 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 10:56 - 2013-09-29 20:04 - 00121856 _____ () C:\WINDOWS\PFRO.log
2014-12-17 10:56 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 10:47 - 2013-11-19 22:52 - 00000000 ____D () C:\Program Files (x86)\AskPartnerNetwork
2014-12-17 10:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-17 10:22 - 2014-07-05 04:10 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{22D7EE09-EFDF-48F2-9ED0-037918AE97D1}
2014-12-17 10:18 - 2012-07-26 06:26 - 00000301 _____ () C:\WINDOWS\win.ini
2014-12-17 10:14 - 2013-08-22 15:44 - 00529768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-17 08:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-17 08:11 - 2014-07-01 14:03 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3488547966-3651287838-4017947475-1002
2014-12-17 05:01 - 2014-07-01 14:02 - 00000000 ____D () C:\Users\******\AppData\Local\Sony Corporation
2014-12-17 04:00 - 2014-07-01 13:57 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-12-17 03:49 - 2014-07-01 13:57 - 00000000 ____D () C:\Users\******
2014-12-14 21:16 - 2014-08-10 23:24 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-14 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-14 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-14 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-14 20:58 - 2014-01-10 12:38 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A994D6E-0A40-4024-9C81-D491F8749C3E}
2014-12-11 18:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-11 17:49 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-11 17:46 - 2013-09-26 22:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 17:38 - 2013-09-26 22:00 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 17:33 - 2013-09-15 20:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3488547966-3651287838-4017947475-1001
2014-12-11 15:37 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-11 15:37 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-11 15:37 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-10 23:00 - 2014-01-01 01:03 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-10 22:25 - 2013-09-15 18:45 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-12-10 21:27 - 2013-10-08 21:20 - 00000000 ___RD () C:\Users\******\Dropbox
2014-12-10 21:27 - 2013-10-08 21:13 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-12-10 20:57 - 2013-11-20 13:51 - 00000000 __RDO () C:\Users\******\SkyDrive
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-07 22:44 - 2013-08-22 15:46 - 00303080 _____ () C:\WINDOWS\setupact.log
2014-12-07 22:33 - 2014-03-09 23:56 - 00000000 ____D () C:\Users\******\Desktop\Studium
2014-11-21 21:14 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-19 20:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-17 21:33 - 2013-11-20 13:46 - 00001686 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 21:33 - 2013-09-20 22:24 - 00001383 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-17 20:49 - 2013-06-06 20:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-17 20:34 - 2013-06-06 20:37 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-11-17 20:34 - 2013-06-06 20:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-11-17 20:34 - 2013-06-06 20:23 - 00000000 ____D () C:\Program Files\Sony
2014-11-17 20:34 - 2013-06-06 20:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-17 20:26 - 2013-11-20 04:25 - 00000000 ____D () C:\Users\******
2014-11-17 18:29 - 2014-08-06 17:29 - 00000000 ____D () C:\Users\******\AppData\Roaming\Apple Computer
2014-11-17 18:04 - 2014-09-27 22:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-17 18:04 - 2014-07-19 22:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-17 16:25 - 2013-10-31 04:18 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-17 16:25 - 2013-10-31 04:17 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-17 15:36 - 2014-03-23 21:10 - 00000000 ____D () C:\Program Files (x86)\FreeHD-Sport TV V9.0

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegwtzb.dll
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\bs.exe
C:\Users\******\AppData\Local\Temp\CloudBackup668.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnf9ok.dll
C:\Users\******\AppData\Local\Temp\optprosetup.exe
C:\Users\******\AppData\Local\Temp\ose00000.exe
C:\Users\******\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite33072.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite37159.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite40265.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite43487.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite43885.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite47038.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite47626.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite53438.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite58871.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite72642.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite77860.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite82451.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite84498.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite85219.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite96345.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 10:32

==================== End Of Log ============================
         
--- --- ---


Addition.txt:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by ****** at 2014-12-17 14:31:51
Running from C:\Users\******\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
AppEnable (HKLM\...\AppEnable) (Version: 2014.11.17.162222 - AppEnable) <==== ATTENTION!
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
BrowserSafeguard with RocketTab (HKLM-x32\...\RocketTab) (Version:  - BrowserSafeguard with RocketTab) <==== ATTENTION
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
Buzzdock (HKLM\...\{ac225167-00fc-452d-94c5-bb93600e7d9a}) (Version:  - Alactro LLC) <==== ATTENTION
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Chica Password Manager 2.0 2.0.0.8 (HKLM-x32\...\Chica Password Manager 2.0_is1) (Version: 2.0 - ChicaLogic, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.39 - Abelssoft)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{D9ABE01A-6E18-4F30-9ED6-2494A5019074}) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
CoolSaleCoupon (HKLM-x32\...\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}) (Version:  - CoolSaleCoupon) <==== ATTENTION
CouponARific (HKLM\...\CouponARific) (Version:  - CouponARific) <==== ATTENTION!
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
ddownlloaditkeep (HKLM-x32\...\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}) (Version:  - "") <==== ATTENTION
Dropbox (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FreeHD-Sport TV V9.0 (HKLM-x32\...\FreeHD-Sport TV V9.0) (Version: 1.34.3.6 - installdaddy) <==== ATTENTION
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless NFC-Software (HKLM\...\Intel(R) PROSet/Wireless NFC-Software) (Version: 1.1.1.003 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
MyPC Backup  (HKLM\...\MyPC Backup) (Version:  - JDi Backup Ltd) <==== ATTENTION
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
omiga-plus uninstall (HKLM-x32\...\omiga-plus uninstall) (Version:  - omiga-plus) <==== ATTENTION
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Remote Desktop Access (VuuPC) (HKLM-x32\...\VOPackage) (Version: 1.0.0.0 - CMI Limited) <==== ATTENTION
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rocket (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
SaleItCoupon (HKLM-x32\...\{37476589-E48E-439E-A706-56189E2ED4C4}_is1) (Version:  - SaleItCoupon) <==== ATTENTION
Save Sense (remove only) (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION
SaveSense (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\SaveSense) (Version:  - SaveSense) <==== ATTENTION!
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SolidWorks 2013 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20130-40500-1100-100) (Version: 21.5.0.76 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP05 (Version: 21.150.76 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.150.76 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP05 (Version: 13.5.111 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2013 SP05 x64 Edition  (Version: 21.50.77 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP05 x64 Edition (Version: 21.50.76 - SolidWorks Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.2.4 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WindowsMangerProtect20.0.0.1270 (HKLM-x32\...\WindowsMangerProtect) (Version: 20.0.0.1270 - WindowsProtect LIMITED) <==== ATTENTION
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
WSE Rocket (HKLM-x32\...\WSE Rocket) (Version:  - WSE Rocket) <==== ATTENTION!
WSE_Vosteran (HKLM-x32\...\WSE_Vosteran) (Version:  - WSE_Vosteran) <==== ATTENTION!
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-12-2014 23:10:37 Windows Update
07-12-2014 21:56:27 Windows Update
11-12-2014 16:33:50 Windows Update
17-12-2014 03:10:56 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2013-10-28 08:08 - 00000908 ____A C:\WINDOWS\system32\Drivers\etc\hosts





















































































==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03F93B77-5BBF-4590-9DF7-610CED95D8E1} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {0C0EA2D6-A836-4E5D-B02F-EC8E0881A490} - System32\Tasks\Optimizer Pro Schedule => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe <==== ATTENTION
Task: {11856646-E52B-4526-B832-01D06F3BBF9D} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {1C03EEDD-BFEA-4D38-8649-F5822ED97001} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {21E757DC-BA72-464F-B970-C65FDE4C775F} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe [2014-10-30] (MyPC Backup) <==== ATTENTION
Task: {2446A2E4-1B21-485F-B363-8E4EC303D93A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {36818C82-DC5B-47B2-BE1E-ADC407159E3A} - System32\Tasks\RocketTab Update Task => C:\Program Files (x86)\Search Extensions\uninstall.exe [2014-11-17] () <==== ATTENTION
Task: {3718DBEB-AF64-48DF-94DF-7037E2969266} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {39E62DE5-E6C8-4A2C-8E75-FE71495CDC93} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {4A437B27-98BD-47F7-9DEF-CB2D734B53BA} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-12-04] (CHIP)
Task: {4B1E8777-94F3-4937-8A90-9DC580526426} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {53147E54-220C-4845-B1F1-D175C1806298} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {57B44258-EF47-4006-9A0E-4AD5052852B4} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {5B9DF295-D3BB-4B84-BDD5-F7C96D763F78} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {5FECF29C-E96C-47F8-9E27-8D70CBA3FEC8} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {6196A9BE-6919-4AD8-BB32-5BDC3826B7E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {62C41F9E-2702-43D0-A780-A89215CFA435} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {64D601B5-C7B1-437C-BD1C-04206A6BB2C7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {69D8D131-D574-4D81-9A2C-99BF7C15ED79} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {724EAAB4-DAD4-4885-BB80-45BC2EEDD397} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {7A55EE17-60B5-4D04-AAC7-E592FD6FFC2C} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {7FB43D3B-01B2-4A84-8471-3F9BB8054D7E} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {863200F9-DB38-4804-9E62-5A550EF93F24} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {86544186-D1D8-4EA5-ADF2-87404712F2F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {8C4405DB-FBD7-44DB-B1FF-DC8A80C2C17C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001Core => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-21] (Facebook Inc.)
Task: {8DF6D469-BE3B-434F-8159-A6F99A42A303} - System32\Tasks\GoforFilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATTENTION
Task: {8FAD4026-5C8C-4C10-8C05-B25F012F46E6} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {9053A21B-E461-4DD4-B2C6-CB04D6B744F5} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {907C651D-B7B6-4F58-A335-F084821AA9E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-17] (AVAST Software)
Task: {94F5FD87-405A-41ED-8BD6-2BA13C476AE7} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
Task: {9ED700FB-C3C2-4F10-AB0B-17DFEDF1AF0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5F7B14A-4B83-45B3-9F74-D42A8194A105} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {A6728A23-AE92-4A1A-A7A5-0C2D4D6769CF} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {A6BEE292-837E-4ADC-A020-AD4D1DF4E322} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B7296E30-C4A5-4214-A40E-92FEED6CCEC3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C03A0301-9CB9-4045-A199-B601EEF97456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {C12A3DEA-6EC4-46D6-BB69-BCE4250BA60D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {C416A0BC-B42A-4FBF-8EB1-F3F3380A6A08} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001UA => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-21] (Facebook Inc.)
Task: {C7F4352D-0198-4D5A-8C5F-EC38B6FA36C9} - System32\Tasks\RocketTab => cmd.exe /C start "" "C:\Program Files (x86)\Search Extensions\Client.exe" /Preferred=true <==== ATTENTION
Task: {CD7AC3E0-8BB9-455D-B23C-7C44025D181B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {CF59742D-D01D-4082-866C-56569ABA9390} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D1142BD1-0213-4CD8-8B6F-9FBC76ED6735} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D34E23AB-704A-4A73-9A04-0DCB3CD42E33} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D3C9C71B-D84C-4937-82F7-31659C757CBF} - System32\Tasks\WSE_Vosteran => C:\Users\******\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe [2014-11-17] () <==== ATTENTION
Task: {FA4F5CD7-6E7A-4F76-97D7-30CFB8660C71} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001Core.job => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001UA.job => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\WSE_Vosteran.job => C:\Users\******\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-09-04 19:13 - 2013-09-04 19:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00172544 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe
2014-09-29 21:13 - 2014-09-29 21:13 - 00110080 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\nfapi.dll
2014-09-29 21:13 - 2014-09-29 21:13 - 00456192 _____ () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\ProtocolFilters.dll
2014-11-17 21:38 - 2014-11-17 21:38 - 00089600 _____ () C:\Users\******\AppData\Roaming\VOPackage\VOsrv.exe
2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2013-03-14 20:21 - 2013-03-14 04:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-01 22:25 - 2013-10-01 22:25 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2014-06-11 04:34 - 2014-06-11 04:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-12-17 10:15 - 2014-12-17 10:15 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121700\algo.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-06 20:17 - 2013-01-23 10:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-12-17 04:16 - 2014-12-17 04:16 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-17 14:14 - 2014-12-17 14:14 - 00043008 _____ () c:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpegwtzb.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-06-02 06:02 - 2014-06-02 06:02 - 03839088 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\******\Desktop\2014-06-10 01.55.34.jpeg:com.dropbox.attributes
AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "avgnt"

========================= Accounts: ==========================

Administrator (S-1-5-21-3488547966-3651287838-4017947475-500 - Administrator - Disabled)
Gast (S-1-5-21-3488547966-3651287838-4017947475-501 - Limited - Disabled)
****** (S-1-5-21-3488547966-3651287838-4017947475-1002 - Administrator - Enabled) => C:\Users\******
****** (S-1-5-21-3488547966-3651287838-4017947475-1001 - Administrator - Enabled) => C:\Users\******

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2014 02:28:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 02:27:36 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 02:27:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 02:27:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 02:27:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 02:27:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 11:54:58 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 11:54:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "1". Fehler in Manifest- oder Richtliniendatei "2" in Zeile 3.
Ungültige XML-Syntax.

Error: (12/17/2014 07:03:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: DllHost.exe, Version: 6.3.9600.16384, Zeitstempel: 0x5215dfc6
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.3.9600.17278, Zeitstempel: 0x53eebd22
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000039a7a
ID des fehlerhaften Prozesses: 0xf2c
Startzeit der fehlerhaften Anwendung: 0xDllHost.exe0
Pfad der fehlerhaften Anwendung: DllHost.exe1
Pfad des fehlerhaften Moduls: DllHost.exe2
Berichtskennung: DllHost.exe3
Vollständiger Name des fehlerhaften Pakets: DllHost.exe4
Anwendungs-ID, die relativ zum fehlerhaften Paket ist: DllHost.exe5

Error: (12/17/2014 05:12:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm VAIOUpdt.exe, Version 7.0.1.2280 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15f0

Startzeit: 01d019a1643a3d88

Endzeit: 74

Anwendungspfad: C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe

Berichts-ID: cb4d0239-85a2-11e4-beab-b8763fc11b90

Vollständiger Name des fehlerhaften Pakets: 

Anwendungs-ID, die relativ zum fehlerhaften Paket ist:


System errors:
=============
Error: (12/17/2014 11:41:33 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: Der Dienst "Intel(R) System Behavior Tracker Collector Service" wurde nicht richtig gestartet.

Error: (12/17/2014 11:37:03 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}VAIO******S-1-5-21-3488547966-3651287838-4017947475-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/17/2014 11:37:01 AM) (Source: DCOM) (EventID: 10016) (User: VAIO)
Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}VAIO******S-1-5-21-3488547966-3651287838-4017947475-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar

Error: (12/17/2014 11:36:35 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Computer Backup (MyPC Backup)" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (12/17/2014 11:36:35 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Computer Backup (MyPC Backup) erreicht.

Error: (12/17/2014 11:24:40 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst CouponArificService64 erreicht.

Error: (12/17/2014 11:24:10 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst CouponArificService64 erreicht.

Error: (12/17/2014 10:59:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Util AppEnable" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/17/2014 10:59:39 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Update AppEnable" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (12/17/2014 10:59:25 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "MaintainerSvc4.00.5030318" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (12/17/2014 02:28:31 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\FRST64.exeC:\Users\******\Downloads\FRST64.exe0

Error: (12/17/2014 02:27:36 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\FRST64.exeC:\Users\******\Downloads\FRST64.exe0

Error: (12/17/2014 02:27:30 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\FRST64.exeC:\Users\******\Downloads\FRST64.exe0

Error: (12/17/2014 02:27:15 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\FRST64.exeC:\Users\******\Downloads\FRST64.exe0

Error: (12/17/2014 02:27:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exeC:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exe0

Error: (12/17/2014 02:27:11 PM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\FRST64.exeC:\Users\******\Downloads\FRST64.exe0

Error: (12/17/2014 11:54:58 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exeC:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exe0

Error: (12/17/2014 11:54:57 AM) (Source: SideBySide) (EventID: 59) (User: )
Description: C:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exeC:\Users\******\Downloads\EmsisoftEmergencyKit_9.0.0.4523.exe0

Error: (12/17/2014 07:03:27 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: DllHost.exe6.3.9600.163845215dfc6ntdll.dll6.3.9600.1727853eebd22c00000050000000000039a7af2c01d019be4e1be228C:\WINDOWS\system32\DllHost.exeC:\WINDOWS\SYSTEM32\ntdll.dll6a2f71c2-85b2-11e4-beab-b8763fc11b90

Error: (12/17/2014 05:12:10 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: VAIOUpdt.exe7.0.1.228015f001d019a1643a3d8874C:\Program Files\Sony\VAIO Update\VAIOUpdt.execb4d0239-85a2-11e4-beab-b8763fc11b90


CodeIntegrity Errors:
===================================
  Date: 2014-12-07 23:29:53.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 50%
Total physical RAM: 3972.8 MB
Available physical RAM: 1958.61 MB
Total Pagefile: 5252.8 MB
Available Pagefile: 3258.39 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.49 GB) (Free:337.35 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3B91CCB5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
Ich hoffe das bringt dich weiter..
__________________

Alt 17.12.2014, 14:52   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Malwarebytes erstellt immer Logs. Zu Finden unter Verlauf => Anwendungsprotokolle

Bitte alle Suchlaufprotokolle mit Funde (im TXT format) in CODE-Tags posten
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2014, 15:05   #5
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Ja, aber das ist glaube ich nicht das Protokoll, das du willst. Unter Verlauf ist nur ein "Protection Log", aber kein "Scan Log" aufgeführt.

Naja, hier der Protection Log:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org


Update, 17.12.2014 04:09:30, SYSTEM, VAIO, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
Update, 17.12.2014 04:09:30, SYSTEM, VAIO, Manual, Rootkit Database, 2014.11.18.1, 2014.12.14.1, 
Update, 17.12.2014 04:09:32, SYSTEM, VAIO, Manual, Malware Database, 2014.11.20.6, 2014.12.16.5, 
Protection, 17.12.2014 04:09:34, SYSTEM, VAIO, Protection, Malware Protection, Starting, 
Protection, 17.12.2014 04:09:34, SYSTEM, VAIO, Protection, Malware Protection, Started, 
Protection, 17.12.2014 04:09:34, SYSTEM, VAIO, Protection, Malicious Website Protection, Starting, 
Protection, 17.12.2014 04:09:34, SYSTEM, VAIO, Protection, Refresh, Starting, 
Protection, 17.12.2014 04:09:34, SYSTEM, VAIO, Protection, Malicious Website Protection, Started, 
Protection, 17.12.2014 04:09:34, SYSTEM, VAIO, Protection, Malicious Website Protection, Stopping, 
Protection, 17.12.2014 04:09:35, SYSTEM, VAIO, Protection, Malicious Website Protection, Stopped, 
Protection, 17.12.2014 04:09:45, SYSTEM, VAIO, Protection, Refresh, Success, 
Protection, 17.12.2014 04:09:45, SYSTEM, VAIO, Protection, Malicious Website Protection, Starting, 
Protection, 17.12.2014 04:09:45, SYSTEM, VAIO, Protection, Malicious Website Protection, Started, 
Protection, 17.12.2014 04:09:47, SYSTEM, VAIO, Protection, Malicious Website Protection, Stopping, 
Protection, 17.12.2014 04:09:47, SYSTEM, VAIO, Protection, Malicious Website Protection, Stopped, 
Protection, 17.12.2014 04:09:47, SYSTEM, VAIO, Protection, Malware Protection, Stopping, 
Protection, 17.12.2014 04:09:49, SYSTEM, VAIO, Protection, Malware Protection, Stopped, 

(end)
         


Alt 17.12.2014, 15:10   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Adware/Junkware/Toolbars entfernen

(alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!)

1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!

Alt 17.12.2014, 16:25   #7
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



So, hier die geforderten Logs:

AdwCleaner

Code:
ATTFilter
# AdwCleaner v4.105 - Bericht erstellt am 17/12/2014 um 15:44:18
# Aktualisiert 08/12/2014 von Xplode
# Database : 2014-12-16.1 [Live]
# Betriebssystem : Windows 8.1  (64 bits)
# Benutzername : ****** - VAIO
# Gestartet von : C:\Users\******\Desktop\AdwCleaner_4.105.exe
# Option : Löschen

***** [ Dienste ] *****

[#] Dienst Gelöscht : BackupStack
Dienst Gelöscht : IePluginServices
Dienst Gelöscht : netfilter64
Dienst Gelöscht : servervo
Dienst Gelöscht : WindowsMangerProtect
Dienst Gelöscht : CouponArificService64
Dienst Gelöscht : {19854aff-7c07-4859-9831-cd028ac55dd0}Gw64
Dienst Gelöscht : {55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64
Dienst Gelöscht : {820a714f-c526-4777-8e87-e9d6612e0938}Gw64
Dienst Gelöscht : {e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\374311380 
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\ProgramData\SaveSenseLive
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\getthediscount
Ordner Gelöscht : C:\ProgramData\CoolSaleCoupon
Ordner Gelöscht : C:\ProgramData\ddownlloaditkeep
Ordner Gelöscht : C:\ProgramData\SaleItCoupon
Ordner Gelöscht : C:\ProgramData\6f38bcad337c4913
Ordner Gelöscht : C:\ProgramData\8014362988984944915
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\FreeHD-Sport TV V9.0
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\SupTab
Ordner Gelöscht : C:\Program Files (x86)\WSE Rocket
Ordner Gelöscht : C:\Program Files (x86)\Search Extensions
Ordner Gelöscht : C:\Program Files (x86)\AppEnable
Ordner Gelöscht : C:\Program Files (x86)\WSE_Vosteran
Ordner Gelöscht : C:\Users\HALILK~1\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\******\AppData\Local\Rocket
Ordner Gelöscht : C:\Users\******\AppData\Local\SaveSense
Ordner Gelöscht : C:\Users\******\AppData\Local\SaveSenseLive
Ordner Gelöscht : C:\Users\******\AppData\Roaming\RocketUpdater
Ordner Gelöscht : C:\Users\******\AppData\Roaming\SaveSense
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Rocket
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Ordner Gelöscht : C:\Users\******\AppData\Local\StormWatch
Ordner Gelöscht : C:\Users\******\AppData\Local\Weather_Protector_LLC
Ordner Gelöscht : C:\Users\******\AppData\Local\Vosteran
Ordner Gelöscht : C:\Users\******\AppData\LocalLow\FreeHD-Sport TV V9.0
Ordner Gelöscht : C:\Users\******\AppData\Roaming\goforfiles
Ordner Gelöscht : C:\Users\******\AppData\Roaming\omiga-plus
Ordner Gelöscht : C:\Users\******\AppData\Roaming\VOPackage
Ordner Gelöscht : C:\Users\******\AppData\Roaming\WSE_Vosteran
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyPC Backup
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StormWatch
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vosteran
Ordner Gelöscht : C:\Users\******\Documents\Optimizer Pro
Ordner Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\Extensions\wculZ@S.edu
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaacalgebmfelllfiaoknifldpngjh
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmdkolkgokhiflhdddcfnbebofneifp
Ordner Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmdkolkgokhiflhdddcfnbebofneifp
Datei Gelöscht : C:\END
Datei Gelöscht : C:\WINDOWS\System32\drivers\netfilter64.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\{19854aff-7c07-4859-9831-cd028ac55dd0}Gw64.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys
Datei Gelöscht : C:\WINDOWS\System32\drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys
Datei Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MyPC Backup.lnk
Datei Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatch.lnk
Datei Gelöscht : C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormWatchApp.lnk
Datei Gelöscht : C:\Users\******\Desktop\MyPC Backup.lnk
Datei Gelöscht : C:\Users\******\Desktop\Sync Folder.lnk
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\omiga-plus.xml
Datei Gelöscht : C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\searchplugins\Vosteran.xml
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_inst.shoppingate.info_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.boostsaves.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.livelyrics00.live-lyrics.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal
Datei Gelöscht : C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.re-markable00.re-markable.net_0.localstorage-journal

***** [ Tasks ] *****

Task Gelöscht : GoforFilesUpdate
Task Gelöscht : LaunchSignup
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : RocketTab Update Task
Task Gelöscht : RocketTab
Task Gelöscht : WSE_Vosteran

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\oilkkkefbalmbfppgjmgjoefbclebkce
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.superfish.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AmiBs.Installer.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\mypc backup
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\.
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\..9
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Update AppEnable
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\Util AppEnable
Schlüssel Gelöscht : HKEY_USERS\.DEFAULT\Software\Microsoft\.NETFramework\SQM\Apps\updateAppEnable.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A6FEED89-3BCD-4D19-9DC2-3E613A80A2A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132286}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135586}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136686}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1C1356DA-1E98-4810-A9F6-18D89BD1C0C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DCABB943-792E-44C4-9029-ECBEE6265AF9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544134486}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{23D4646C-263A-4E2D-A08C-6C704557973D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522132286}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555135586}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566136686}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{120926E2-2F0C-4DBB-9101-25EC98DEFB36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-00A7-7A786E7484D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a9d8d927-b5f2-4237-8def-dded2909914c}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1C1745D0-56C0-4DA8-AAE5-0B651F495E59}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Rocket Browser
Schlüssel Gelöscht : HKCU\Software\RocketUpdater
Schlüssel Gelöscht : HKCU\Software\SaveSense
Schlüssel Gelöscht : HKCU\Software\SaveSenseLive
Schlüssel Gelöscht : HKCU\Software\WSE Rocket
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AppEnable
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\GoforFiles
Schlüssel Gelöscht : HKLM\SOFTWARE\InstallCore
Schlüssel Gelöscht : HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\RocketTab
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SupTab
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\supWPM
Schlüssel Gelöscht : HKLM\SOFTWARE\AppEnable
Schlüssel Gelöscht : HKLM\SOFTWARE\couponarific
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RocketTab
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE Rocket
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\omiga-plus uninstall
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{37476589-E48E-439E-A706-56189E2ED4C4}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WSE_Vosteran
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{0C516764-8CFC-C2FE-7BB0-A50A646E4DCD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\couponarific
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ac225167-00fc-452d-94c5-bb93600e7d9a}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MyPC Backup
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AppEnable
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\couponarific

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.17416

Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v29.0.1 (de)

[5pzluep6.default-1407710099692\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[5pzluep6.default-1407710099692\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "omiga-plus");
[5pzluep6.default-1407710099692\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "omiga-plus");
[5pzluep6.default-1407710099692\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX");
[5pzluep6.default-1407710099692\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[5pzluep6.default-1407710099692\prefs.js] - Zeile gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", true);

-\\ Google Chrome v38.0.2125.111

[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDyByDyBtC0FtBtG0C0ByDtDtG0AtB0ByBtGzytDyB0FtGtA0BtAtB0ByB0Czy0BtBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytB0FtAtD0BtDtG0BzytCyDtGyBtC0B0BtG0A0Czy0DtGtDyByCtA0FtAtAyC0FzztC0E2Q&cr=761249732&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDyByDyBtC0FtBtG0C0ByDtDtG0AtB0ByBtGzytDyB0FtGtA0BtAtB0ByB0Czy0BtBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytB0FtAtD0BtDtG0BzytCyDtGyBtC0B0BtG0A0Czy0DtGtDyByCtA0FtAtAyC0FzztC0E2Q&cr=761249732&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDyByDyBtC0FtBtG0C0ByDtDtG0AtB0ByBtGzytDyB0FtGtA0BtAtB0ByB0Czy0BtBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytB0FtAtD0BtDtG0BzytCyDtGyBtC0B0BtG0A0Czy0DtGtDyByCtA0FtAtAyC0FzztC0E2Q&cr=761249732&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://rocket-find.com/results.php?f=4&q={searchTerms}&a=rckt_ir_14_27_ie&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0SzytCyCtN1L2XzutBtFtBtCtFtCyEtFtDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyDyDyByDyBtC0FtBtG0C0ByDtDtG0AtB0ByBtGzytDyB0FtGtA0BtAtB0ByB0Czy0BtBtC0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCzytB0FtAtD0BtDtG0BzytCyDtGyBtC0B0BtG0A0Czy0DtGtDyByCtA0FtAtAyC0FzztC0E2Q&cr=761249732&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : aaaaacalgebmfelllfiaoknifldpngjh
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : plmdkolkgokhiflhdddcfnbebofneifp
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0B0C0DzytDtG0A0DyD0AtG0EtC0FyBtGyEtDtA0CtGtD0CzzyE0FtBtCyCtBtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtB0D0F0E0ByEyBtG0CyC0EtDtGyEtA0A0CtGzzyBtA0FtGyB0DtAtCtBtA0AyB0A0DtAyC2Q&cr=1658464606&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0B0C0DzytDtG0A0DyD0AtG0EtC0FyBtGyEtDtA0CtGtD0CzzyE0FtBtCyCtBtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtB0D0F0E0ByEyBtG0CyC0EtDtGyEtA0A0CtGzzyBtA0FtGyB0DtAtCtBtA0AyB0A0DtAyC2Q&cr=1658464606&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX&q={searchTerms}
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : aaaaacalgebmfelllfiaoknifldpngjh
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : ibnjmihbbanannlbobkbmnmckjnmdnom
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : oilkkkefbalmbfppgjmgjoefbclebkce
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Extension] : plmdkolkgokhiflhdddcfnbebofneifp
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://Vosteran.com/?f=1&a=vst_ir_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0B0C0DzytDtG0A0DyD0AtG0EtC0FyBtGyEtDtA0CtGtD0CzzyE0FtBtCyCtBtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtB0D0F0E0ByEyBtG0CyC0EtDtGyEtA0A0CtGzzyBtA0FtGyB0DtAtCtBtA0AyB0A0DtAyC2Q&cr=1658464606&ir=
[C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\preferences] - Gelöscht [Homepage] : hxxp://Vosteran.com/?f=1&a=vst_ir_14_47_ch&cd=2XzuyEtN2Y1L1Qzu0B0AyByCtA0F0CtCtC0Bzz0FzztDyCtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1V1QtN1L1G1B1V1N2Y1L1Qzu2StDtAtA0B0C0DzytDtG0A0DyD0AtG0EtC0FyBtGyEtDtA0CtGtD0CzzyE0FtBtCyCtBtDyEtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBtB0D0F0E0ByEyBtG0CyC0EtDtGyEtA0A0CtGzzyBtA0FtGyB0DtAtCtBtA0AyB0A0DtAyC2Q&cr=1658464606&ir=

*************************

AdwCleaner[R0].txt - [28346 octets] - [17/12/2014 15:40:38]
AdwCleaner[S0].txt - [26761 octets] - [17/12/2014 15:44:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26822 octets] ##########
         

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by ****** on 17.12.2014 at 15:53:41,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511131186}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ddd4bed-9178-4d47-831c-7ea90170edf0}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{2ddd4bed-9178-4d47-831c-7ea90170edf0}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2ddd4bed-9178-4d47-831c-7ea90170edf0}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{2ddd4bed-9178-4d47-831c-7ea90170edf0}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 17.12.2014 at 16:03:15,95
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

FRST


FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-12-2014 01
Ran by ****** (administrator) on VAIO on 17-12-2014 16:06:32
Running from C:\Users\******\Desktop
Loaded Profile: ****** (Available profiles: ****** & ******)
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.11\GoogleCrashHandler64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe
(Mentor Graphics Corporation) C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\dispatcher.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\SUSSoundProxy.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files\SolidWorks Corp\SolidWorks\sldworks_fs.exe
(Dassault Systèmes SolidWorks Corp.) C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Dropbox, Inc.) C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Farbar) C:\Users\******\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1381744 2014-02-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10590208 2013-03-14] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2752752 2013-07-12] (Synaptics Incorporated)
HKLM\...\Run: [Bluetooth] => C:\Program Files\WIDCOMM\Bluetooth Software\bttray.exe [534232 2013-09-04] (Broadcom Corporation.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [740376 2013-02-06] (Sony Corporation)
HKLM-x32\...\Run: [Intel AppUp(R) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [156000 2013-02-19] (Intel Corporation)
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-11] (Cisco Systems, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5223016 2014-12-17] (AVAST Software)
Winlogon\Notify\igfxcui: C:\WINDOWS\SYSTEM32\igfxdev.dll (Intel Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks 2013 Schnellstart.lnk
ShortcutTarget: SolidWorks 2013 Schnellstart.lnk -> C:\Windows\Installer\{B6B5EA7E-B91F-443D-A958-B0062FB53804}\NewShortcut2_87EDF6C81D0A4B7B84F42FE0C6A9D608.exe (Flexera Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SolidWorks Hintergrund-Downloader.lnk
ShortcutTarget: SolidWorks Hintergrund-Downloader.lnk -> C:\Program Files (x86)\Common Files\SolidWorks Installations-Manager\BackgroundDownloading\sldBgDwld.exe (Dassault Systèmes SolidWorks Corp.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.google.com/search?trackid=sp-006&q={searchTerms}
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?trackid=sp-006
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://vaioportal.sony.eu
HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.google.com/?trackid=sp-006
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKLM-x32 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002 -> {2C9735F9-DC6F-491E-8B70-D280761920B7} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-&_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002 -> {E9410C70-B6AE-41FF-AB71-32F4B279EA5F} URL = https://www.google.com/search?trackid=sp-006&q={searchTerms}
BHO: No Name -> {2ddd4bed-9178-4d47-831c-7ea90170edf0} ->  No File
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x3919pts.default
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_246.dll ()
FF Plugin: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.13.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.13.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin -> C:\Program Files (x86)\Sony\MSS\3.8.130\npMcAfeeMss.dll No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Adblock Plus - C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\x3919pts.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-12-17]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-12-17]
FF StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome: 
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR Profile: C:\Users\******\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Avast Online Security) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-12-17]
CHR Extension: (Earth TV) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn [2014-12-12]
CHR Extension: (G calize) - C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp [2014-11-17]
CHR HKLM\...\Chrome\Extension: [Ìÿ] - No Path
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-17]
CHR HKLM-x32\...\Chrome\Extension: [Ìÿ] - No Path
CHR StartMenuInternet: Google Chrome - chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-17] (AVAST Software)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-01] (WildTangent)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129824 2013-01-23] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166688 2013-01-23] (Intel Corporation)
S3 McComponentHostServiceSony; C:\Program Files (x86)\Sony\MSS\3.8.130\McCHSvc.exe [235216 2013-10-16] (McAfee, Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [483864 2013-02-06] (Sony Corporation)
R2 RemoteSolverDispatcher; C:\Program Files\SolidWorks Corp\SolidWorks Flow Simulation\binCFW\remotesolverdispatcherservice.exe [218248 2013-08-14] (Mentor Graphics Corporation) [File not signed]
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-19] (Intel Corporation)
S3 SolidWorks Licensing Service; C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2013-10-08] (SolidWorks) [File not signed]
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-19] (Intel Corporation)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [972000 2013-01-06] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [6070272 2013-03-14] (Broadcom Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-17] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-17] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-17] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-17] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-17] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-17] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-17] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-17] ()
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7488176 2014-06-03] (Broadcom Corporation)
S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 semav6thermal64ro; C:\WINDOWS\system32\drivers\semav6thermal64ro.sys [13792 2014-05-06] ()
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-07-12] (Synaptics Incorporated)
S3 vpnva; C:\Windows\system32\DRIVERS\vpnva64-6.sys [52592 2014-06-11] (Cisco Systems, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\WINDOWS\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 16:06 - 2014-12-17 16:07 - 00021780 _____ () C:\Users\******\Desktop\FRST.txt
2014-12-17 16:03 - 2014-12-17 16:03 - 00001499 _____ () C:\Users\******\Desktop\JRT.txt
2014-12-17 15:53 - 2014-12-17 15:53 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-12-17 15:52 - 2014-12-17 15:52 - 00026850 _____ () C:\Users\******\Desktop\AdwCleaner[S0].txt
2014-12-17 15:40 - 2014-12-17 15:45 - 00000000 ____D () C:\AdwCleaner
2014-12-17 15:39 - 2014-12-17 15:39 - 02166272 _____ () C:\Users\******\Desktop\AdwCleaner_4.105.exe
2014-12-17 15:34 - 2014-12-17 15:36 - 01707646 _____ (Thisisu) C:\Users\******\Desktop\JRT.exe
2014-12-17 15:02 - 2014-12-17 15:02 - 00001685 _____ () C:\Users\******\Desktop\MBAM.txt
2014-12-17 14:31 - 2014-12-17 14:32 - 00041526 _____ () C:\Users\******\Downloads\Addition.txt
2014-12-17 14:29 - 2014-12-17 16:06 - 00000000 ____D () C:\FRST
2014-12-17 14:29 - 2014-12-17 14:32 - 00063160 _____ () C:\Users\******\Downloads\FRST.txt
2014-12-17 14:29 - 2014-12-17 14:29 - 02119168 _____ (Farbar) C:\Users\******\Desktop\FRST64(1).exe
2014-12-17 14:28 - 2014-12-17 14:28 - 01111040 _____ (Farbar) C:\Users\******\Downloads\FRST.exe
2014-12-17 11:49 - 2014-12-17 11:49 - 00000589 _____ () C:\Users\******\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-17 11:49 - 2014-12-17 11:49 - 00000000 ____D () C:\EEK
2014-12-17 11:42 - 2014-12-17 11:42 - 00602112 _____ (OldTimer Tools) C:\Users\******\Downloads\OTL.exe
2014-12-17 11:38 - 2014-12-17 11:38 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Abelssoft
2014-12-17 11:37 - 2014-12-17 11:37 - 00000000 ____D () C:\Users\******\AppData\Roaming\Abelssoft
2014-12-17 11:37 - 2014-12-17 11:37 - 00000000 ____D () C:\ProgramData\XDMessagingv4
2014-12-17 06:56 - 2014-12-17 11:38 - 00000000 ____D () C:\Users\******\AppData\Local\Abelssoft
2014-12-17 06:56 - 2014-12-17 06:56 - 02942688 _____ (Abelssoft ) C:\Users\******\Downloads\CHIP_Updater_2.39.exe
2014-12-17 06:56 - 2014-12-17 06:56 - 00001066 _____ () C:\Users\Public\Desktop\CHIP Updater.lnk
2014-12-17 06:56 - 2014-12-17 06:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CHIP Updater
2014-12-17 06:56 - 2014-12-17 06:56 - 00000000 ____D () C:\Program Files (x86)\CHIP Updater
2014-12-17 06:52 - 2014-12-17 06:52 - 00001284 _____ () C:\Users\******\Desktop\Revo Uninstaller.lnk
2014-12-17 06:52 - 2014-12-17 06:52 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-17 06:51 - 2014-12-17 06:51 - 00001189 _____ () C:\Users\******\Desktop\Auslogics DiskDefrag.lnk
2014-12-17 06:51 - 2014-12-17 06:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2014-12-17 06:51 - 2014-12-17 06:51 - 00000000 ____D () C:\ProgramData\Auslogics
2014-12-17 06:51 - 2014-12-17 06:51 - 00000000 ____D () C:\Program Files (x86)\Auslogics
2014-12-17 06:47 - 2014-12-17 06:47 - 00002790 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-12-17 06:47 - 2014-12-17 06:47 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-12-17 06:47 - 2014-12-17 06:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-12-17 06:47 - 2014-12-17 06:47 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-17 06:46 - 2014-12-17 06:46 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\******\Downloads\revosetup.exe
2014-12-17 06:44 - 2014-12-17 06:44 - 06739960 _____ (Auslogics Labs Pty Ltd ) C:\Users\******\Downloads\disk-defrag-setup.exe
2014-12-17 06:43 - 2014-12-17 06:43 - 05162080 _____ (Piriform Ltd) C:\Users\******\Downloads\ccsetup500.exe
2014-12-17 04:32 - 2014-12-17 04:32 - 00001896 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-12-17 04:26 - 2014-06-10 02:55 - 00027901 _____ () C:\Users\******\Desktop\2014-06-10 01.55.34.jpeg
2014-12-17 04:17 - 2014-12-17 04:17 - 00001980 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2014-12-17 04:17 - 2014-12-17 04:17 - 00000000 ____D () C:\Users\******\AppData\Roaming\AVAST Software
2014-12-17 04:17 - 2014-12-17 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2014-12-17 04:16 - 2014-12-17 05:33 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-12-17 04:16 - 2014-12-17 04:16 - 01050432 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00436624 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00364512 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-12-17 04:16 - 2014-12-17 04:16 - 00267632 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00116728 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00083280 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-12-17 04:16 - 2014-12-17 04:16 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-12-17 04:16 - 2014-12-17 04:16 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-12-17 04:14 - 2014-12-17 04:14 - 00000000 ____D () C:\Program Files\AVAST Software
2014-12-17 04:09 - 2014-12-17 15:04 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-12-17 04:09 - 2014-12-17 04:09 - 00001118 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-12-17 04:09 - 2014-12-17 04:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2014-12-17 04:08 - 2014-12-17 04:09 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 
2014-12-17 04:08 - 2014-12-17 04:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-17 04:08 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-12-17 04:08 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-12-17 04:08 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-12-17 04:07 - 2014-12-17 04:14 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-12-17 04:07 - 2014-12-17 04:07 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\******\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-17 04:06 - 2014-12-17 04:07 - 131078000 _____ (AVAST Software) C:\Users\******\Downloads\avast_free_antivirus_setup.exe
2014-12-17 03:51 - 2014-12-17 03:51 - 00000000 ____D () C:\Users\******\Desktop\MTRT Referat
2014-12-17 03:49 - 2014-12-17 15:50 - 00000000 ___RD () C:\Users\******\Dropbox
2014-12-17 03:49 - 2014-12-17 03:49 - 00001164 _____ () C:\Users\******\Desktop\Dropbox.lnk
2014-12-17 03:47 - 2014-12-17 03:47 - 00000000 ____D () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-17 03:45 - 2014-12-17 15:50 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-12-17 03:45 - 2014-12-17 03:45 - 00324224 _____ (Dropbox, Inc.) C:\Users\******\Downloads\DropboxInstaller.exe
2014-12-17 03:31 - 2014-12-17 03:31 - 00000000 ____D () C:\Users\******\AppData\Local\Macromedia
2014-12-17 03:30 - 2014-12-17 03:30 - 00000000 ____D () C:\Users\******\AppData\Roaming\Mozilla
2014-12-17 03:30 - 2014-12-17 03:30 - 00000000 ____D () C:\Users\******\AppData\Local\Mozilla
2014-12-17 03:27 - 2014-11-26 22:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-17 03:27 - 2014-11-26 22:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-14 21:16 - 2014-12-14 21:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2014-12-11 19:06 - 2014-12-11 19:06 - 00011411 _____ () C:\Users\******\AppData\Local\recently-used.xbel
2014-12-11 17:25 - 2014-12-04 00:37 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-12-11 17:25 - 2014-12-04 00:09 - 00830464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 01083392 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00740864 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00396288 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2014-12-11 17:25 - 2014-12-03 00:09 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-12-11 17:25 - 2014-10-31 00:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-11 17:25 - 2014-10-31 00:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-11 17:24 - 2014-11-10 03:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-11 17:24 - 2014-11-10 02:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-11 17:24 - 2014-11-01 00:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-11 17:24 - 2014-11-01 00:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-11 17:11 - 2014-12-11 17:11 - 00000000 __SHD () C:\Users\******\AppData\Local\EmieBrowserModeList
2014-12-11 16:15 - 2014-12-11 19:06 - 00000000 ____D () C:\Users\******\AppData\Local\gtk-2.0
2014-12-11 16:05 - 2014-11-22 04:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-11 16:05 - 2014-11-22 03:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-11 16:05 - 2014-11-22 03:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-11 16:05 - 2014-11-22 03:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-11 16:05 - 2014-11-22 03:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-11 16:05 - 2014-11-22 03:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-11 16:05 - 2014-11-22 03:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-11 16:05 - 2014-11-22 03:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-11 16:05 - 2014-11-22 03:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-11 16:05 - 2014-11-22 03:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-11 16:05 - 2014-11-22 03:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-11 16:05 - 2014-11-22 03:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-11 16:05 - 2014-11-22 03:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-11 16:05 - 2014-11-22 03:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-11 16:05 - 2014-11-22 03:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-11 16:05 - 2014-11-22 02:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-11 16:05 - 2014-11-22 02:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-11 16:05 - 2014-11-22 02:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-11 16:05 - 2014-11-22 02:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-11 16:05 - 2014-11-22 02:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-11 16:05 - 2014-11-22 02:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-11 16:05 - 2014-11-22 02:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-11 16:05 - 2014-11-22 02:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-11 16:05 - 2014-11-22 02:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-11 16:05 - 2014-11-22 02:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-11 16:05 - 2014-11-22 02:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-11 16:05 - 2014-11-22 02:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-11 16:05 - 2014-11-22 02:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-11 16:05 - 2014-11-22 02:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-11 16:05 - 2014-11-22 02:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-11 16:05 - 2014-11-22 02:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-11 16:05 - 2014-11-22 02:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-11 16:05 - 2014-11-22 02:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-11 16:05 - 2014-11-22 02:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-11 16:05 - 2014-11-22 02:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-11 16:05 - 2014-11-22 02:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-11 16:05 - 2014-11-22 02:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-11 16:05 - 2014-11-22 01:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-11 16:05 - 2014-11-22 01:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-11 16:05 - 2014-11-07 05:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-11 16:05 - 2014-11-07 04:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-11 15:58 - 2014-10-13 03:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-11 15:58 - 2014-10-13 03:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-11 15:58 - 2014-10-13 03:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-11 15:58 - 2014-10-13 03:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-11 15:41 - 2014-12-11 15:41 - 00000000 ____D () C:\Users\******\.thumbnails
2014-12-11 15:38 - 2014-12-11 19:08 - 00000000 ____D () C:\Users\******\.gimp-2.8
2014-12-11 15:38 - 2014-12-11 15:38 - 00000000 ____D () C:\Users\******\AppData\Local\gegl-0.2
2014-12-11 15:36 - 2014-12-11 15:36 - 00000910 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
2014-12-11 15:34 - 2014-12-11 15:36 - 00000000 ____D () C:\Program Files\GIMP 2
2014-12-10 22:22 - 2014-12-10 22:22 - 01833582 _____ () C:\Users\******\Desktop\Kopie von 14-12-10_RT_Praktikum_II(1).xlsx
2014-12-10 21:12 - 2014-12-10 22:23 - 00003359 _____ () C:\Users\******\Desktop\treffen.ods
2014-12-08 05:01 - 2014-12-08 05:01 - 00022528 _____ () C:\Users\******\AppData\Local\dsisetup215364842.exe
2014-12-08 05:01 - 2014-12-08 05:01 - 00000010 _____ () C:\Users\******\AppData\Local\DSI.DAT
2014-12-07 23:05 - 2014-12-07 23:05 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-11-21 21:14 - 2014-11-10 00:19 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-11-21 21:14 - 2014-11-10 00:19 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-11-21 21:14 - 2014-11-10 00:18 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
2014-11-21 21:14 - 2014-11-10 00:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
2014-11-21 21:02 - 2014-09-07 23:08 - 00389176 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-11-21 21:02 - 2014-09-04 03:22 - 00670384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-11-21 21:02 - 2014-09-04 01:32 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-11-21 21:02 - 2014-08-31 01:17 - 00148800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-11-21 21:02 - 2014-08-30 23:59 - 18723112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-11-21 21:02 - 2014-08-30 21:53 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2014-11-21 21:02 - 2014-08-30 21:17 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-11-21 21:02 - 2014-08-28 01:21 - 02480128 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-11-21 21:02 - 2014-08-28 01:06 - 02030592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-11-21 21:02 - 2014-08-23 06:04 - 11820544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-11-21 21:02 - 2014-08-02 01:35 - 00485376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
2014-11-21 21:01 - 2014-09-10 07:25 - 00474432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-11-21 21:01 - 2014-09-08 04:07 - 02497344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-11-21 21:01 - 2014-09-08 04:07 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-11-21 21:01 - 2014-09-04 23:30 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-11-21 21:01 - 2014-09-04 23:21 - 01053184 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-11-21 21:01 - 2014-09-04 04:05 - 00836176 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-11-21 21:01 - 2014-09-04 02:01 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-11-21 21:01 - 2014-08-31 01:15 - 21197152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-11-21 21:01 - 2014-08-30 23:05 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2014-11-21 21:01 - 2014-08-30 22:58 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2014-11-21 21:01 - 2014-08-30 22:04 - 00941568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-11-21 21:01 - 2014-08-28 03:55 - 07484224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-11-21 21:01 - 2014-08-23 06:14 - 13424128 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-11-21 21:01 - 2014-08-23 05:50 - 02714112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-11-21 21:01 - 2014-08-02 01:51 - 00545792 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
2014-11-19 21:00 - 2014-12-14 21:00 - 00000128 _____ () C:\Users\******\AppData\Roaming\WB.CFG
2014-11-17 21:41 - 2014-12-17 10:59 - 00000000 ____D () C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
2014-11-17 21:39 - 2014-11-17 21:39 - 00001312 _____ () C:\Users\Public\Desktop\Chica Password Manager 2.0.lnk
2014-11-17 21:39 - 2014-11-17 21:39 - 00000000 ___SD () C:\Users\******\Documents\Chica Passwords
2014-11-17 21:39 - 2014-11-17 21:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ChicaLogic
2014-11-17 21:39 - 2014-11-17 21:39 - 00000000 ____D () C:\Program Files (x86)\ChicaLogic
2014-11-17 21:35 - 2014-12-17 15:01 - 00000000 ____D () C:\Program Files\CouponArific
2014-11-17 21:35 - 2014-11-17 21:35 - 00000000 ____D () C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
2014-11-17 21:33 - 2014-11-17 21:33 - 00403320 _____ (Premium Installer ) C:\Users\******\Downloads\evasi0n7_Setup.exe
2014-11-17 21:00 - 2014-11-17 20:59 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella.exe.EXE
2014-11-17 20:58 - 2014-10-30 12:25 - 00275080 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-11-17 20:46 - 2014-11-17 20:46 - 00812376 _____ ( ) C:\Users\******\Downloads\tinyumbrella.exe
2014-11-17 20:40 - 2014-11-17 20:41 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00 (2).exe
2014-11-17 20:34 - 2014-11-17 20:34 - 00000998 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk
2014-11-17 20:15 - 2014-11-17 20:15 - 03458048 _____ () C:\Users\******\Downloads\tinyumbrella-7.11.00.exe
2014-11-17 20:15 - 2014-11-17 20:15 - 03458048 _____ () C:\Users\******\Downloads\tinyumbrella-7.11.00 (1).exe
2014-11-17 20:11 - 2014-11-17 20:11 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00 (3).exe
2014-11-17 19:59 - 2014-11-17 19:59 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00 (1).exe
2014-11-17 19:58 - 2014-11-17 21:45 - 00033275 _____ () C:\Users\******\Downloads\umbrella.log
2014-11-17 19:58 - 2014-11-17 19:58 - 03618816 _____ () C:\Users\******\Downloads\tinyumbrella-7.12.00.exe
2014-11-17 19:55 - 2014-11-17 19:55 - 00598589 _____ () C:\Users\******\Downloads\installtinyumbrella.dmg
2014-11-17 19:48 - 2014-11-17 19:48 - 00000000 ____D () C:\Users\******\.shsh
2014-11-17 19:39 - 2014-11-17 19:47 - 00000600 _____ () C:\Users\******\AppData\Roaming\winscp.rnd
2014-11-17 19:34 - 2014-11-17 19:40 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP.lnk
2014-11-17 19:34 - 2014-11-17 19:40 - 00000000 ____D () C:\Program Files (x86)\WinSCP
2014-11-17 19:29 - 2014-11-17 20:05 - 11429902 _____ () C:\Users\******\Downloads\iCloud Aktivasyon.rar
2014-11-17 18:06 - 2014-11-17 18:06 - 00001795 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-11-17 18:06 - 2014-11-17 18:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-11-17 18:04 - 2014-11-17 18:06 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-11-17 18:04 - 2014-11-17 18:06 - 00000000 ____D () C:\Program Files\iTunes
2014-11-17 18:04 - 2014-11-17 18:06 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-11-17 18:04 - 2014-11-17 18:04 - 00000000 ____D () C:\Program Files\iPod
2014-11-17 17:38 - 2014-11-17 17:40 - 16969459 _____ () C:\Users\******\Downloads\evasi0n7-win-1.0.7-633a643e10531c58e7ce18018986b6d14774102d.zip
2014-11-17 17:34 - 2014-11-17 17:34 - 00399224 _____ (Premium Installer ) C:\Users\******\Downloads\Flash_Player_Pro_Setup (1).exe
2014-11-17 17:32 - 2014-11-17 17:32 - 00399224 _____ (Premium Installer ) C:\Users\******\Downloads\Flash_Player_Pro_Setup.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-17 16:03 - 2014-07-01 14:03 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3488547966-3651287838-4017947475-1002
2014-12-17 16:00 - 2014-01-01 01:03 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-12-17 16:00 - 2013-11-20 04:50 - 01446063 _____ () C:\WINDOWS\WindowsUpdate.log
2014-12-17 16:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-12-17 15:49 - 2013-10-31 04:17 - 00001124 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-17 15:49 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-12-17 15:48 - 2013-09-29 20:04 - 00122174 _____ () C:\WINDOWS\PFRO.log
2014-12-17 15:45 - 2013-10-31 04:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-12-17 15:45 - 2013-09-20 22:24 - 00001077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-17 15:30 - 2013-10-31 04:18 - 00001128 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-17 12:12 - 2013-09-26 21:41 - 00000000 ____D () C:\Update
2014-12-17 11:51 - 2014-03-21 14:46 - 00000938 _____ () C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001UA.job
2014-12-17 10:56 - 2013-08-22 14:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-12-17 10:44 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-12-17 10:22 - 2014-07-05 04:10 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{22D7EE09-EFDF-48F2-9ED0-037918AE97D1}
2014-12-17 10:18 - 2012-07-26 06:26 - 00000301 _____ () C:\WINDOWS\win.ini
2014-12-17 10:14 - 2013-08-22 15:44 - 00529768 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-12-17 08:38 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-17 05:01 - 2014-07-01 14:02 - 00000000 ____D () C:\Users\******\AppData\Local\Sony Corporation
2014-12-17 04:00 - 2014-07-01 13:57 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-12-17 03:49 - 2014-07-01 13:57 - 00000000 ____D () C:\Users\******
2014-12-14 21:16 - 2014-08-10 23:24 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-12-14 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-14 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-14 21:16 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-12-14 20:58 - 2014-01-10 12:38 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4A994D6E-0A40-4024-9C81-D491F8749C3E}
2014-12-11 18:47 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-12-11 17:49 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-11 17:46 - 2013-09-26 22:00 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-11 17:38 - 2013-09-26 22:00 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-11 17:33 - 2013-09-15 20:20 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3488547966-3651287838-4017947475-1001
2014-12-11 15:37 - 2013-09-30 05:14 - 01776918 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-12-11 15:37 - 2013-09-30 04:56 - 00765582 _____ () C:\WINDOWS\system32\perfh007.dat
2014-12-11 15:37 - 2013-09-30 04:56 - 00159366 _____ () C:\WINDOWS\system32\perfc007.dat
2014-12-10 23:00 - 2014-01-01 01:03 - 00003772 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-12-10 22:25 - 2013-09-15 18:45 - 00000000 ____D () C:\Users\******\AppData\Local\Packages
2014-12-10 21:27 - 2013-10-08 21:20 - 00000000 ___RD () C:\Users\******\Dropbox
2014-12-10 21:27 - 2013-10-08 21:13 - 00000000 ____D () C:\Users\******\AppData\Roaming\Dropbox
2014-12-10 20:57 - 2013-11-20 13:51 - 00000000 __RDO () C:\Users\******\SkyDrive
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-12-07 22:59 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-12-07 22:44 - 2013-08-22 15:46 - 00303080 _____ () C:\WINDOWS\setupact.log
2014-12-07 22:33 - 2014-03-09 23:56 - 00000000 ____D () C:\Users\******\Desktop\Studium
2014-11-21 21:14 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-11-19 20:53 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\GroupPolicy
2014-11-17 21:33 - 2013-11-20 13:46 - 00001686 _____ () C:\Users\******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-17 20:49 - 2013-06-06 20:15 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-17 20:34 - 2013-06-06 20:37 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Sony Corporation
2014-11-17 20:34 - 2013-06-06 20:33 - 00000000 ____D () C:\ProgramData\Sony Corporation
2014-11-17 20:34 - 2013-06-06 20:23 - 00000000 ____D () C:\Program Files\Sony
2014-11-17 20:34 - 2013-06-06 20:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-17 20:26 - 2013-11-20 04:25 - 00000000 ____D () C:\Users\******
2014-11-17 18:29 - 2014-08-06 17:29 - 00000000 ____D () C:\Users\******\AppData\Roaming\Apple Computer
2014-11-17 18:04 - 2014-09-27 22:10 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-11-17 18:04 - 2014-07-19 22:33 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-11-17 16:25 - 2013-10-31 04:18 - 00004100 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-17 16:25 - 2013-10-31 04:17 - 00003864 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

Some content of TEMP:
====================
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2ioiq.dll
C:\Users\******\AppData\Local\Temp\Quarantine.exe
C:\Users\******\AppData\Local\Temp\sqlite3.dll
C:\Users\******\AppData\Local\Temp\avgnt.exe
C:\Users\******\AppData\Local\Temp\bs.exe
C:\Users\******\AppData\Local\Temp\CloudBackup668.exe
C:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgnf9ok.dll
C:\Users\******\AppData\Local\Temp\optprosetup.exe
C:\Users\******\AppData\Local\Temp\ose00000.exe
C:\Users\******\AppData\Local\Temp\System.Data.SQLite.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite33072.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite37159.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite40265.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite43487.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite43885.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite47038.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite47626.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite53438.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite58871.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite72642.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite77860.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite82451.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite84498.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite85219.dll
C:\Users\******\AppData\Local\Temp\System.Data.SQLite96345.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-17 10:32

==================== End Of Log ============================
         
--- --- ---



Addition

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-12-2014 01
Ran by ****** at 2014-12-17 16:08:59
Running from C:\Users\******\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.08)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.08 - Adobe Systems Incorporated)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Auslogics DiskDefrag (HKLM-x32\...\{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2206 - AVAST Software)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Behind The Reflection 2: Witch's Revenge (x32 Version: 3.0.2.32 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.223.181 - Broadcom Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.59.125 - Broadcom Corporation)
Build-a-lot: On Vacation (x32 Version: 2.2.0.110 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Chica Password Manager 2.0 2.0.0.8 (HKLM-x32\...\Chica Password Manager 2.0_is1) (Version: 2.0 - ChicaLogic, Inc.)
CHIP Updater (HKLM-x32\...\CHIP Updater_is1) (Version: 2.39 - Abelssoft)
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Cisco AnyConnect Diagnostics and Reporting Tool (HKLM-x32\...\{D9ABE01A-6E18-4F30-9ED6-2494A5019074}) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client  (HKLM-x32\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (x32 Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.2529 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.6426.52 - CyberLink Corp.)
Dropbox (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Einstellungen für VAIO Media Server (HKLM\...\{62A172B2-550E-499D-9A82-5190D18390AA}) (Version: 1.1.0.02220 - Sony Corporation)
Enchanted Cavern 2 (x32 Version: 2.2.0.110 - WildTangent) Hidden
ESDL (x32 Version: 1.0.0 - Sony Corporation) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FDUx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
FreeHD-Sport TV V9.0 (HKLM-x32\...\FreeHD-Sport TV V9.0) (Version: 1.34.3.6 - installdaddy) <==== ATTENTION
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Heroes of Hellas 3: Athens (x32 Version: 3.0.2.32 - WildTangent) Hidden
Intel AppUp(R) center (HKLM-x32\...\Intel AppUp(R) center 41800) (Version: 3.8.0.41800.66 - Intel)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1281 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
Intel(R) PROSet/Wireless NFC-Software (HKLM\...\Intel(R) PROSet/Wireless NFC-Software) (Version: 1.1.1.003 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.6.0.1030 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 13 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417013FF}) (Version: 7.0.130 - Oracle)
Java 7 Update 13 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217013FF}) (Version: 7.0.130 - Oracle)
Luxor HD (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mahjongg Artifacts (x32 Version: 2.2.0.110 - WildTangent) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office 2003 Web Components (HKLM-x32\...\{90120000-00A4-0409-0000-0000000FF1CE}) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU (HKLM\...\Microsoft Visual Studio 2005 Remote Debugger Light (x64) - ENU) (Version:  - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
My Kingdom for the Princess 3 (x32 Version: 2.2.0.110 - WildTangent) Hidden
Mystery of Mortlake Mansion (x32 Version: 2.2.0.98 - WildTangent) Hidden
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{1E5C7043-09C5-4974-A69F-A5271FD82BBC}) (Version: 7.0.02.14060 - Sony Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9600.28145 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7177 - Realtek Semiconductor Corp.)
Restore (x32 Version: 1.0.0 - Sony Corporation) Hidden
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Rocket (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Rocket) (Version: 31.0.1650.23 - Rocket) <==== ATTENTION!
Save Sense (remove only) (HKU\S-1-5-21-3488547966-3651287838-4017947475-1002\...\Save Sense) (Version: 6.4.1.0 - SaveSense) <==== ATTENTION
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SolidWorks 2013 x64 Edition SP05 (HKLM-x32\...\SolidWorks Installation Manager 20130-40500-1100-100) (Version: 21.5.0.76 - SolidWorks Corporation)
SolidWorks 2013 x64 Edition SP05 (Version: 21.150.76 - SolidWorks) Hidden
SolidWorks 2013 x64 German Resources (Version: 21.150.76 - SolidWorks Corporation) Hidden
SolidWorks eDrawings 2013 x64 Edition SP05 (Version: 13.5.111 - Dassault Systèmes SolidWorks Corp) Hidden
SolidWorks Flow Simulation 2013 SP05 x64 Edition  (Version: 21.50.77 - SolidWorks Corporation) Hidden
SolidWorks Plastics 2013 SP05 x64 Edition (Version: 21.50.76 - SolidWorks Corporation) Hidden
SSLx64 (Version: 1.0.0 - Sony Corporation ) Hidden
SSLx86 (x32 Version: 1.0.0 - Sony Corporation ) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.2.4 - Synaptics Incorporated)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
VAIO - Xperia Link (HKLM-x32\...\{D91558BF-D1F3-411F-AEFE-8774CB406512}) (Version: 1.3.2.07020 - Sony Corporation)
VAIO BIOS Data Transfer Utility (x32 Version: 1.0.0.02050 - Sony Corporation) Hidden
VAIO Care (HKLM\...\{92907606-B2FC-4193-B0CE-A21159DA3ABB}) (Version: 8.4.0.14286 - Sony Corporation)
VAIO Care Recovery (HKLM\...\{15B9204E-BA09-485E-8F2C-094AC0077664}) (Version: 1.1.2.13230 - Sony Corporation)
VAIO Care-Hardwarediagnose-Plugin (HKLM-x32\...\{EC153498-00E1-4C9C-89BE-81527C6750BE}) (Version: 4.11.1.11210 - Sony Corporation)
VAIO Control Center (HKLM-x32\...\{8E797841-A110-41FD-B17A-3ABC0641187A}) (Version: 6.2.0.03070 - Sony Corporation)
VAIO Data Restore Tool (HKLM-x32\...\{57B955CE-B5D3-495D-AF1B-FAEE0540BFEF}) (Version: 1.11.0.13250 - Sony Corporation)
VAIO Easy Connect (x32 Version: 8.2.0.14170 - Sony Corporation) Hidden
VAIO Gesture Control (HKLM-x32\...\{692955F2-DE9F-4078-8FAA-858D6F3A1776}) (Version: 2.2.0.01230 - Sony Corporation)
VAIO Gesture Control (x32 Version: 2.2.0.01230 - Sony Corporation) Hidden
VAIO Image Optimizer (HKLM-x32\...\InstallShield_{5597C927-029A-46A7-A0C0-8DABD9891A50}) (Version: 3.3.00.10220 - Sony Corporation)
VAIO Image Optimizer (x32 Version: 3.1.00.14260 - Sony Corporation) Hidden
VAIO Improvement (HKLM-x32\...\{3A26D9BD-0F73-432D-B522-2BA18138F7EF}) (Version: 2.2.0.01240 - Sony Corporation)
VAIO Movie Creator (HKLM-x32\...\InstallShield_{C2CC5822-32E6-4D21-88EA-DE8CED09EE2F}) (Version: 4.1.01.15140 - Sony Corporation)
VAIO Movie Creator (x32 Version: 4.1.01.15140 - Sony Corporation) Hidden
VAIO Sample Music (HKLM-x32\...\{FBEE3D44-0933-4B84-BB6A-49957F89187F}) (Version: 1.0.0.03051 - Sony Corporation)
VAIO Update (HKLM-x32\...\{9FF95DA2-7DA1-4228-93B7-DED7EC02B6B2}) (Version: 7.0.1.02280 - Sony Corporation)
VAIO*CPU-Lüfterdiagnose (HKLM-x32\...\{BCE6E3D7-B565-4E1B-AC77-F780666A35FB}) (Version: 1.2.0.03050 - Sony Corporation)
VAIO-Support für Übertragungen (HKLM-x32\...\{5DDAFB4B-C52E-468A-9E23-3B0CEEB671BF}) (Version: 1.9.0.11060 - Sony Corporation)
VCCx64 (Version: 1.0.0 - Sony Corporation) Hidden
VCCx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VHD (x32 Version: 1.0.0 - Sony Corporation) Hidden
Virtual Villagers 5 - New Believers (x32 Version: 3.0.2.32 - WildTangent) Hidden
VIx64 (Version: 1.0.0 - Sony Corporation) Hidden
VIx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VLC media player 2.1.1 (HKLM\...\VLC media player) (Version: 2.1.1 - VideoLAN)
VPMx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx64 (Version: 1.0.0 - Sony Corporation ) Hidden
VSSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
VU5x64 (Version: 1.1.0 - Sony Corporation ) Hidden
VU5x86 (x32 Version: 1.1.0 - Sony Corporation ) Hidden
VWSTx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.7850 - Broadcom Corporation)
WildTangent Games App (x32 Version: 4.0.10.5 - WildTangent) Hidden
WildTangent-Spiele (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WinRAR 5.00 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.00.0 - win.rar GmbH)
WinSCP 5.1.8 (HKLM-x32\...\winscp3_is1) (Version: 5.1.8 - Martin Prikryl)
XperiaLinkx86 (x32 Version: 1.0.0 - Sony Corporation) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3488547966-3651287838-4017947475-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\******\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

02-12-2014 23:10:37 Windows Update
07-12-2014 21:56:27 Windows Update
11-12-2014 16:33:50 Windows Update
17-12-2014 03:10:56 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-26 06:26 - 2013-10-28 08:08 - 00000908 ____A C:\WINDOWS\system32\Drivers\etc\hosts





















































































==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {03F93B77-5BBF-4590-9DF7-610CED95D8E1} - System32\Tasks\Sony Corporation\VAIO Improvement\VAIOImprovementUploader => C:\Program Files\Sony\VAIO Improvement\viuploader.exe [2013-01-24] (Sony Corporation)
Task: {11856646-E52B-4526-B832-01D06F3BBF9D} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterUser => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {1C03EEDD-BFEA-4D38-8649-F5822ED97001} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Month => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {2446A2E4-1B21-485F-B363-8E4EC303D93A} - System32\Tasks\Sony Corporation\VAIO Care\VAIO Care => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {3061CA9B-32AA-40DB-AD6A-6109A0F0B638} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update => C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe [2014-02-28] (Sony Corporation)
Task: {3718DBEB-AF64-48DF-94DF-7037E2969266} - System32\Tasks\Sony Corporation\VAIO Care\GetPOTInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {39E62DE5-E6C8-4A2C-8E75-FE71495CDC93} - System32\Tasks\Sony Corporation\VAIO Care\UpdateSolution => C:\Program Files\Sony\VAIO Care\Solution.Updater.exe [2014-02-27] (Sony Corporation)
Task: {4A437B27-98BD-47F7-9DEF-CB2D734B53BA} - System32\Tasks\Abelssoft\Updater scan => C:\Program Files (x86)\CHIP Updater\CHIPUpdater.exe [2014-12-04] (CHIP)
Task: {53147E54-220C-4845-B1F1-D175C1806298} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {57B44258-EF47-4006-9A0E-4AD5052852B4} - System32\Tasks\Sony Corporation\VAIO Control Center\NetworkSetting\NetworkSetting Logon Start => C:\Program Files (x86)\Sony\VAIO Control Center\NetworkSetting\NetworkClient
Task: {5B9DF295-D3BB-4B84-BDD5-F7C96D763F78} - System32\Tasks\Sony Corporation\VAIO Update\VAIO Update Self Repair => C:\Program Files\Sony\VAIO Update\VUSR.exe [2014-03-01] (Sony Corporation)
Task: {5FECF29C-E96C-47F8-9E27-8D70CBA3FEC8} - System32\Tasks\Sony Corporation\VAIO Update\Launch Application => C:\Program Files\SONY\VAIO Update\ShellExeProxy.exe [2014-02-28] (Sony Corporation)
Task: {6196A9BE-6919-4AD8-BB32-5BDC3826B7E3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {62C41F9E-2702-43D0-A780-A89215CFA435} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {64D601B5-C7B1-437C-BD1C-04206A6BB2C7} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
Task: {69D8D131-D574-4D81-9A2C-99BF7C15ED79} - System32\Tasks\Sony Corporation\VAIO Control Center\VAIOControlCenterSystem => C:\Program Files (x86)\Sony\VAIO Control Center\vim.exe [2013-03-08] (Sony Corporation)
Task: {724EAAB4-DAD4-4885-BB80-45BC2EEDD397} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-11] (Microsoft Corporation)
Task: {7A55EE17-60B5-4D04-AAC7-E592FD6FFC2C} - System32\Tasks\USER_ESRV_SVC => Wscript.exe //B //NoLogo "C:\Program Files\Sony\VAIO Care\ESRV\task.vbs"
Task: {7FB43D3B-01B2-4A84-8471-3F9BB8054D7E} - System32\Tasks\Sony Corporation\VAIO Care\DeployCRMflag => C:\Program Files\Sony\VAIO Care\DeployCRMflag.exe [2014-01-16] (Sony Corporation)
Task: {863200F9-DB38-4804-9E62-5A550EF93F24} - System32\Tasks\Sony Corporation\VAIO Control Center\Level4Daily => C:\Program Files (x86)\Sony\VAIO Control Center\WBCBatteryCare.exe [2013-02-02] (Sony Corporation)
Task: {86544186-D1D8-4EA5-ADF2-87404712F2F3} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-10] (Adobe Systems Incorporated)
Task: {8C4405DB-FBD7-44DB-B1FF-DC8A80C2C17C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001Core => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-21] (Facebook Inc.)
Task: {8FAD4026-5C8C-4C10-8C05-B25F012F46E6} - System32\Tasks\Sony Corporation\VAIO Care\UploadPOT => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {9053A21B-E461-4DD4-B2C6-CB04D6B744F5} - System32\Tasks\Sony Corporation\Xperia Link\Xperia Link Logon Start => C:\Program Files (x86)\Sony\Xperia Link\Xperia Link.exe [2014-07-03] (Sony Corporation)
Task: {907C651D-B7B6-4F58-A335-F084821AA9E5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-17] (AVAST Software)
Task: {94F5FD87-405A-41ED-8BD6-2BA13C476AE7} - System32\Tasks\Microsoft\Office\Office First Run Task => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
Task: {9ED700FB-C3C2-4F10-AB0B-17DFEDF1AF0C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {A5F7B14A-4B83-45B3-9F74-D42A8194A105} - System32\Tasks\Sony Corporation\VAIO Care\VCCheckIolo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {A6728A23-AE92-4A1A-A7A5-0C2D4D6769CF} - System32\Tasks\Sony Corporation\VAIO Gesture Control\VCGULogonTask => C:\Program Files (x86)\Sony\VAIO Camera Gesture Utility\VCGU.exe [2013-01-23] (Sony Corporation)
Task: {A6BEE292-837E-4ADC-A020-AD4D1DF4E322} - System32\Tasks\Sony Corporation\VAIO Care\VCRLog => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {B7296E30-C4A5-4214-A40E-92FEED6CCEC3} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {C03A0301-9CB9-4045-A199-B601EEF97456} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-10-31] (Google Inc.)
Task: {C12A3DEA-6EC4-46D6-BB69-BCE4250BA60D} - System32\Tasks\Sony Corporation\VAIO Care\VCMetrics => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {C416A0BC-B42A-4FBF-8EB1-F3F3380A6A08} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001UA => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-03-21] (Facebook Inc.)
Task: {CD7AC3E0-8BB9-455D-B23C-7C44025D181B} - System32\Tasks\Sony Corporation\VAIO Care\CheckSystemInfo => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {CF59742D-D01D-4082-866C-56569ABA9390} - System32\Tasks\Sony Corporation\VAIO Care\VCOneClick => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {D1142BD1-0213-4CD8-8B6F-9FBC76ED6735} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {D34E23AB-704A-4A73-9A04-0DCB3CD42E33} - System32\Tasks\Sony Corporation\VAIO Care\VCSelfHeal => C:\Program Files\Sony\VAIO Care\VCSystemTray.exe [2014-02-20] (Sony Corporation)
Task: {FA4F5CD7-6E7A-4F76-97D7-30CFB8660C71} - System32\Tasks\Sony Corporation\VAIO Care\UpdateContacts => %ProgramData%\Sony Corporation\VAIO Care\UpdateContacts.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001Core.job => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-3488547966-3651287838-4017947475-1001UA.job => C:\Users\******\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (whitelisted) =============

2013-09-04 19:13 - 2013-09-04 19:13 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2013-03-14 20:21 - 2013-03-14 04:31 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2013-10-01 22:25 - 2013-10-01 22:25 - 00276008 _____ () C:\Program Files\SolidWorks Corp\SolidWorks\sldBodyDiffu.dll
2013-11-19 09:21 - 2013-11-19 09:21 - 00062464 _____ () C:\Program Files\Sony\VAIO Care\listener.exe
2014-06-11 04:34 - 2014-06-11 04:34 - 00063400 _____ () C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-12-17 10:15 - 2014-12-17 10:15 - 02908160 _____ () C:\Program Files\AVAST Software\Avast\defs\14121700\algo.dll
2014-07-03 12:20 - 2014-07-03 12:20 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 13:05 - 2014-10-11 13:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-12-17 04:16 - 2014-12-17 04:16 - 38561576 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00750080 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2014-12-17 15:50 - 2014-12-17 15:50 - 00043008 _____ () c:\Users\******\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpy2ioiq.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00047616 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00863744 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-12-17 03:47 - 2014-10-22 01:22 - 00200704 _____ () C:\Users\******\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2013-06-06 20:17 - 2013-01-23 10:26 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\******\Desktop\2014-06-10 01.55.34.jpeg:com.dropbox.attributes
AlternateDataStreams: C:\Users\******\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Avira Systray"
HKLM\...\StartupApproved\Run32: => "avgnt"

========================= Accounts: ==========================

Administrator (S-1-5-21-3488547966-3651287838-4017947475-500 - Administrator - Disabled)
Gast (S-1-5-21-3488547966-3651287838-4017947475-501 - Limited - Disabled)
****** (S-1-5-21-3488547966-3651287838-4017947475-1002 - Administrator - Enabled) => C:\Users\******
****** (S-1-5-21-3488547966-3651287838-4017947475-1001 - Administrator - Enabled) => C:\Users\******

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows x64
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============
Error: (12/17/2014 04:07:14 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/17/2014 04:06:44 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/17/2014 04:06:14 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}

Error: (12/17/2014 04:05:44 PM) (Source: DCOM) (EventID: 10010) (User: VAIO)
Description: {9AA46009-3CE0-458A-A354-715610A075E6}


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-12-07 23:29:53.256
  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU 987 @ 1.50GHz
Percentage of memory in use: 36%
Total physical RAM: 3972.8 MB
Available physical RAM: 2537.29 MB
Total Pagefile: 5252.8 MB
Available Pagefile: 3767.86 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:438.49 GB) (Free:336.54 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3B91CCB5)

Partition: GPT Partition Type.

==================== End Of Log ============================
         

Alt 17.12.2014, 16:45   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [Ìÿ] - No Path
CHR HKLM-x32\...\Chrome\Extension: [Ìÿ] - No Path
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
EmptyTemp:
Hosts:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 17.12.2014, 17:02   #9
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-12-2014
Ran by ****** at 2014-12-17 16:53:27 Run:1
Running from C:\Users\******\Desktop
Loaded Profile: ****** (Available profiles: ****** & ******)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKLM\...\Chrome\Extension: [Ìÿ] - No Path
CHR HKLM-x32\...\Chrome\Extension: [Ìÿ] - No Path
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009
C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C
EmptyTemp:
Hosts:

*****************

C:\WINDOWS\system32\GroupPolicy\Machine => Moved successfully.
C:\WINDOWS\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
"HKLM\SOFTWARE\Google\Chrome\Extensions\Ìÿ" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\Ìÿ" => Key deleted successfully.
C:\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009 => Moved successfully.
C:\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 2.9 GB temporary data.


The system needed a reboot. 

==== End of Fixlog ====
         

Alt 17.12.2014, 20:57   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Okay, dann Kontrollscans mit MBAM und ESET bitte:

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 18.12.2014, 22:18   #11
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



mbam.txt:

Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 17.12.2014
Suchlauf-Zeit: 22:07:34
Logdatei: mbam2.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2014.12.17.04
Rootkit Datenbank: v2014.12.14.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: ******

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 450116
Verstrichene Zeit: 35 Min, 42 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 34
PUP.Optional.AppEnable.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{23D4646C-263A-4E2D-A08C-6C704557973D}, In Quarantäne, [b038f76c8bf174c24ea90fffb44fa759], 
PUP.Optional.AppEnable.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{23D4646C-263A-4E2D-A08C-6C704557973D}, In Quarantäne, [b038f76c8bf174c24ea90fffb44fa759], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [6e7a590accb00432e82ee6f0cb3728d8], 
PUP.Optional.SupTab.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, In Quarantäne, [6e7a590accb00432e82ee6f0cb3728d8], 
PUP.Optional.FreeHDSportTV.A, HKLM\SOFTWARE\WOW6432NODE\FreeHD-Sport TV V9.0, In Quarantäne, [f3f59ec5720a95a1f311612f4db68d73], 
PUP.Optional.FreeHDSportTV.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FreeHD-Sport TV V9.0, In Quarantäne, [14d44023fa82f541788e1878da29b34d], 
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [73750b58681443f3d7f4327ad62e3dc3], 
PUP.Optional.AppEnable.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\AppEnable, In Quarantäne, [5197580b2b51290dbc9d13c028dc23dd], 
PUP.Optional.Iminent.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [b1379cc72458a492e569fd9906fd54ac], 
PUP.Optional.RocketTab.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\RocketTabInstalled, In Quarantäne, [d414a3c0ee8e06303e6bf27140c307f9], 
PUP.Optional.StormWatchApp.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\StormWatchApp, In Quarantäne, [5d8bca99611be1552b6c055724df7c84], 
PUP.Optional.WebSearches.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, In Quarantäne, [ad3baab92f4d8fa7d3063037df2410f0], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Vosteran Browser, In Quarantäne, [6c7c441fbfbd55e1b5fa874db94b669a], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_vosteran, In Quarantäne, [35b3d98a314bd066f253369e83815fa1], 
PUP.Optional.CouponArific.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\CouponARific, In Quarantäne, [30b8ce953b41b185009d5ffb26dd639d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, In Quarantäne, [0ade550e1963e155f9b24e71897b4eb2], 
PUP.Optional.FreeHDSportTV.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\FreeHD-Sport TV V9.0, In Quarantäne, [27c13f24324a58debb4b018fb44f639d], 
PUP.Optional.Vosteran.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\oilkkkefbalmbfppgjmgjoefbclebkce, In Quarantäne, [7d6b9bc81963c96d1e95450e6c9735cb], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [60883e2574081f170658ace993708e72], 
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [6b7d2f34225af541ed9004a750b4f30d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\3874, In Quarantäne, [10d8bda6aad2b3832a185b07e61df30d], 
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\installdaddy, In Quarantäne, [ca1e5e055d1f83b3bea593199a6a9a66], 
PUP.Optional.Qone8, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [09df293aeb918caa9575f5c2679dfd03], 
PUP.Optional.FastStart.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS, In Quarantäne, [ebfd76eda6d60e2844f850132cd70cf4], 
PUP.Optional.RocketTab.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS, In Quarantäne, [9e4ac79c08745cda32447c56ee1632ce], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{2ddd4bed-9178-4d47-831c-7ea90170edf0}, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\CLASSES\CoolSaleCoupon.CoolSaleCoupon, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\CLASSES\CoolSaleCoupon.CoolSaleCoupon.9, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoolSaleCoupon.CoolSaleCoupon, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CoolSaleCoupon.CoolSaleCoupon.9, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{2DDD4BED-9178-4D47-831C-7EA90170EDF0}, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{2DDD4BED-9178-4D47-831C-7EA90170EDF0}, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2DDD4BED-9178-4D47-831C-7EA90170EDF0}, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 
PUP.Optional.CoolSaleCoupon.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{2DDD4BED-9178-4D47-831C-7EA90170EDF0}, In Quarantäne, [9b4da3c03c4031050857a0d964a18b75], 

Registrierungswerte: 3
PUP.Optional.InstallCore.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0Z1B1L2Z1S, In Quarantäne, [6b7d2f34225af541ed9004a750b4f30d]
PUP.Optional.FastStart.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS|appid, faststartff@gmail.com, In Quarantäne, [ebfd76eda6d60e2844f850132cd70cf4]
PUP.Optional.RocketTab.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH EXTENSIONS|RocketTab, 1, In Quarantäne, [9e4ac79c08745cda32447c56ee1632ce]

Registrierungsdaten: 2
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX),Ersetzt,[20c83f24f5872d09611998dcfa0bd030]
PUP.Optional.OmigaPlus.A, HKU\S-1-5-21-3488547966-3651287838-4017947475-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX, Gut: (www.google.com), Schlecht: (hxxp://isearch.omiga-plus.com/?type=hp&ts=1416256435&from=adks&uid=HGSTXHTS545050A7E380_130413TE8513491NYZZCX),Ersetzt,[fbeda5be621ac274a9d093e1b64f7888]

Ordner: 6
PUP.Optional.CouponArific, C:\Program Files\CouponArific, In Quarantäne, [b632075c384424127ced7dce956e3fc1], 
PUP.Optional.CouponArific, C:\Program Files\CouponArific\SSL, In Quarantäne, [b632075c384424127ced7dce956e3fc1], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 

Dateien: 25
PUP.Optional.OptimunInstaller, C:\Users\******\Downloads\Flash_Player_Pro_Setup (1).exe, In Quarantäne, [7a6e10537efec07603fdb09aa35d9e62], 
PUP.Optional.OptimunInstaller, C:\Users\******\Downloads\Flash_Player_Pro_Setup.exe, In Quarantäne, [dd0b4d16fc80320401ffb397e8181be5], 
PUP.Optional.InstallBrain, C:\Users\******\Downloads\unZipExpressSetup.exe, In Quarantäne, [5b8d84dfd3a9d066e73e6bcaa65a48b8], 
PUP.Optional.OptimunInstaller, C:\Users\******\Downloads\evasi0n7_Setup.exe, In Quarantäne, [e008bea5c2ba1a1c7b852624d828ae52], 
PUP.Optional.SelectNGo.A, C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [6385075cf18b89ad74f8dd9db2519070], 
PUP.Optional.SelectNGo.A, C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage, In Quarantäne, [697fd88b314bed49e884adcd9c67a45c], 
PUP.Optional.SelectNGo.A, C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.select-n-go00.select-n-go.com_0.localstorage-journal, In Quarantäne, [895f8bd8dd9f57dff7754337d330639d], 
PUP.Optional.CouponArific, C:\Program Files\CouponArific\mfsD928.tmp, In Quarantäne, [b632075c384424127ced7dce956e3fc1], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\bootstrap.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\chrome.manifest, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon.png, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\icon64.png, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\install.rdf, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\background.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\browser.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\header.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\timer.jsm, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2.jsm, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\browser\vstr.1.0.2h.jsm, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\aes.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\hmac-md5.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\jsencrypt.min.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\md5.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\string.min.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 
PUP.Optional.Vosteran.A, C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{a2bff6ba-8d18-488c-853c-ad9bc29f2482}\content\external\underscore-min.js, In Quarantäne, [eff95b08ef8db97d352a103ebb487888], 

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

ESET Log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=5663d17787725a478c5482ed964c2ed5
# engine=21602
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-12-18 02:00:39
# local_time=2014-12-18 03:00:39 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.2.9200 NT 
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 94 38659 85508 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 83747 9172358 0 0
# scanned=300966
# found=120
# cleaned=0
# scan_time=14022
sh=5CC54C31E53CDB4AD76AE1F03C85323DD514FB29 ft=1 fh=be953427e2d96ee6 vn="Variante von Win32/BrowseFox.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\AppEnableBHO.dll.vir"
sh=CE3ECEB26073C2B16B2AD94E4AA3E9C95221B18D ft=1 fh=abdf253246e38fc9 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\AppEnableUn.exe.vir"
sh=63699E6D40B50C59EFE8258EA6D7E857DB1DB6CD ft=1 fh=aaaa82c4aa63c2ca vn="Win32/BrowseFox.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\AppEnableUninstall.exe.vir"
sh=9F7C7B19DB09C2E4910127EDF8A8EE37F43CDFCA ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bnaeackconkmhppdoemdbhohlkbjfggd.crx.vir"
sh=60C239B16847CA8380EF2C04311DA521F65BE775 ft=1 fh=12228aa4a6c55e42 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\55bbc577fb0b4e778a51.dll.vir"
sh=A1DD48BE645BC419A2B30012D006147657AF1843 ft=1 fh=68ad92ad02e21ca4 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\55bbc577fb0b4e778a5164.dll.vir"
sh=36921C3E9933C5839EB76AD988ACC0B157C0D737 ft=1 fh=f4ce6513051befa8 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\820a714fc52647778e87.dll.vir"
sh=E745B3FB6BD92C657E74FACD75C07E0D02E8651B ft=1 fh=8d8db181b0dde41b vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\820a714fc52647778e8764.dll.vir"
sh=55DDA7A8CA72B5CE31933E0E10FC6650ADB597F0 ft=1 fh=6f85354871aebbc4 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BOAS.exe.vir"
sh=8A600F80D33901825665FD43372A4BC94BFCA6FF ft=1 fh=a38acddafafade62 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BOASHelper.exe.vir"
sh=DC17B99733B325551369E84E00629DB0C6F046C3 ft=1 fh=ab28866cb9053c61 vn="Variante von Win32/BrowseFox.R evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BOASPRT.exe.vir"
sh=C2C62FC161A66687716D6D171A2E3A77FF7F63D0 ft=1 fh=9e6eb9094a607579 vn="Variante von Win32/BrowseFox.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter.exe.vir"
sh=881388000BAEBBEC28D4A54569A5335968FBAC4E ft=1 fh=0e3ad1087c7e41c0 vn="Variante von Win64/BrowseFox.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.BrowserAdapter64.exe.vir"
sh=979DE109F5B2105606684910F13D36447ECDBF38 ft=1 fh=7b5330b544fa8d49 vn="Variante von Win32/BrowseFox.AA evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.expext.exe.vir"
sh=6D47EE8FACBCE6FDFBFEFE7B953FF948568EAD18 ft=1 fh=c1a3144aad9b89a3 vn="Variante von Win64/BrowseFox.CJ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.expextdll.dll.vir"
sh=2298F3D456044AA69F3D19A59FFEBA7FD1136B52 ft=1 fh=4721a8b75c825a4b vn="Variante von Win64/BrowseFox.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\AppEnable.PurBrowse64.exe.vir"
sh=BD740FE2899C1FAC1BFBABF8F4F5525305D03FE9 ft=1 fh=2de363b61620b387 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\e7ea42ad4fa44fcea37a.dll.vir"
sh=2B2DBA547A896C18DE9757CA470A23E864C8A7D6 ft=1 fh=8bc3891d083362cf vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\e7ea42ad4fa44fcea37a64.dll.vir"
sh=5453B0606EEAEEC292C3D813829D2EF2220183AB ft=1 fh=7fb13711dd3f6966 vn="Variante von Win32/BrowseFox.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\efe93952e0414e49a1cc.dll.vir"
sh=DD85239416099B2310FF062055170A950E7EDFCE ft=1 fh=386741586ba0d357 vn="Variante von Win64/BrowseFox.CI evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\efe93952e0414e49a1cc64.dll.vir"
sh=EEE293D8421A037780FC0509C712BC04451BCBBC ft=1 fh=c04ca2646cf2b208 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{55bbc577-fb0b-4e77-8a51-e033716a9ead}.dll.vir"
sh=2F38D6C241899EF106E7D02881A9619B72172768 ft=1 fh=b38fdbb61498b541 vn="Variante von Win64/BrowseFox.CH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{55bbc577-fb0b-4e77-8a51-e033716a9ead}64.dll.vir"
sh=B2A2D373C95C7AF3EC37A927C78DA82A8099BEBF ft=1 fh=147b6ea98f766338 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}.dll.vir"
sh=D3C059D18FEDEBB9F7AC97EF14717796E405BB9D ft=1 fh=5664f4a64a8c437e vn="Variante von Win64/BrowseFox.CH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{820a714f-c526-4777-8e87-e9d6612e0938}64.dll.vir"
sh=B9995933037A4391908E22CE46D73AD5FE95A005 ft=1 fh=8ffa53e422eab206 vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}.dll.vir"
sh=2F7379B1A29A540958C1EBAA20C703F8F97C9449 ft=1 fh=4e6a2018b2aa1630 vn="Variante von Win64/BrowseFox.CH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}64.dll.vir"
sh=3A71D0968B329746BC6F374AB84E52FBA9115345 ft=1 fh=a8426bb23595c98e vn="Variante von Win32/BrowseFox.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{efe93952-e041-4e49-a1cc-461436cf69d0}.dll.vir"
sh=B77A7F18BE1379C5476B924C7B4B1AA7FBD1DC9C ft=1 fh=5ce0aabf3a39f281 vn="Variante von Win64/BrowseFox.CH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\{efe93952-e041-4e49-a1cc-461436cf69d0}64.dll.vir"
sh=967A17C7530FF3F8053A7177A05513408D603347 ft=1 fh=637f093c7ad9f254 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.BOAS.dll.vir"
sh=C86F983E59422A33D7BB911BECF755AB3E77AE54 ft=1 fh=f1ea4853365e5229 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.Bromon.dll.vir"
sh=ED99F99CD70D9961912EFC307C8E2F4887A7EA5A ft=1 fh=b988e7fced5a9f22 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.BroStats.dll.vir"
sh=908A201D24ECC1D8B784700FDFC65B05EF3B8726 ft=1 fh=c4bce75590c6be40 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.BrowserAdapter.dll.vir"
sh=F276EC7503418A059D2D03096BFDC4428CE29DED ft=1 fh=0d90042c2890dfda vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.CompatibilityChecker.dll.vir"
sh=25BCE0CF8455B0CABC3E4094FA78E90AEA48E6FF ft=1 fh=fcb063a508048ec0 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.ExpExt.dll.vir"
sh=0A04E479274091F87BC2C7F141C874B9CCC64D89 ft=1 fh=981f6b2aa7f9ea35 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.FFUpdate.dll.vir"
sh=147B248C9AA95C52C3C96407A86E4FEA20DBF663 ft=1 fh=cf13d907e9c7bac9 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.GCUpdate.dll.vir"
sh=D014C4F7FCD1304D7803949688EBF13ADEC88815 ft=1 fh=51d9cc4d5c5ea2e4 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.IEUpdate.dll.vir"
sh=2A40E7C603BAAB6B672E45E30B904736D77AE865 ft=1 fh=1e8aa548c3a220a3 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.Msvcmon.dll.vir"
sh=E9514FFD0BD8EEA931C72F94F7C7D32C3812F9C4 ft=1 fh=2c353cd37cae6e79 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.OptChecker.dll.vir"
sh=55CDA6597EEBBB2A3F42D7ED715EB3BD9117B26B ft=1 fh=a3ffa42251f027e6 vn="Variante von MSIL/BrowseFox.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.PurBrowse.dll.vir"
sh=A69D7382E3E7EE741621CF10EE9F11A8646F5529 ft=1 fh=a15ce1a1392e5122 vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.PurBrowseG.dll.vir"
sh=AE35DB5EFBF003B83D06EE380512CFBDF02709B9 ft=1 fh=16589fcd9890daee vn="Variante von MSIL/BrowseFox.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\AppEnable\bin\plugins\AppEnable.Repmon.dll.vir"
sh=532955F08D04FB6C4A069DFF08A9AAEAB1696594 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeHD-Sport TV V9.0\51386.crx.vir"
sh=5C27958A97C19A260349ED760DE4D3DEEF2CF8AE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeHD-Sport TV V9.0\51386.xpi.vir"
sh=9E5B9026CF4D11A66DB292EAEDA9FBEF56E790D8 ft=1 fh=c71c00112eab44a0 vn="Variante von Win64/Toolbar.Crossrider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeHD-Sport TV V9.0\FreeHD-Sport TV V9.0-buttonutil64.dll.vir"
sh=24DDEEC0580609DB801FD7C63D953800EC43F246 ft=1 fh=5fee560e784e5f2d vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeHD-Sport TV V9.0\Uninstall.exe.vir"
sh=927F320760CB54EF6D972B7D3928DFF33F46198D ft=1 fh=3e85e3f735d0fa5f vn="Win32/Toolbar.CrossRider.AB evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\FreeHD-Sport TV V9.0\utils.exe.vir"
sh=6B077A2100E06DEA1ECC3A7F9A2F05212486FF9C ft=1 fh=c9a915b4dabd43db vn="Variante von MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\MyPC Backup.exe.vir"
sh=30AE45E3CBED6E27195C35B00440DE1E98C0043B ft=1 fh=c71c00115f60ddd0 vn="Variante von MSIL/Adware.iBryte.O Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\Client.exe.vir"
sh=91F8DD8B8C15F511342F324CC1C540279EA983E8 ft=1 fh=c71c001190b110b6 vn="Variante von MSIL/Adware.iBryte.J Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Search Extensions\uninstall.exe.vir"
sh=21CAB45134CBAB08DA9DEF13EECAC86B46F3E669 ft=1 fh=5fc65ef6698c7c41 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface32.dll.vir"
sh=1727DEA1E7C028D11876CFC42F3553C3C6718467 ft=1 fh=f9e5b6a85939375c vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\DpInterface64.dll.vir"
sh=12EBF6FC8AD543662053CA101C2D5DA175137EB2 ft=1 fh=c71c00119e5c1a87 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader32.exe.vir"
sh=8F0ABE23DDA3F9DC04497B1A4F455AF8CE9D45B8 ft=1 fh=787e176d56997de7 vn="Win64/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\Loader64.exe.vir"
sh=6796FD43F04FE933E9155F5DD9B5B928E8C1AC71 ft=1 fh=0691f007be75c371 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect32.dll.vir"
sh=147893B2EC59DC338295C9DB77760076F7817A79 ft=1 fh=f16cf01e720a3dcc vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SearchProtect64.dll.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupIePluginServiceUpdate.exe.vir"
sh=43B2963293CE3865C32132A4802B92531C16D256 ft=1 fh=e1d0248c77f0c9d9 vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\SupTab.dll.vir"
sh=9AE9A2C0B8241366357206097FD312B5671FCAE8 ft=1 fh=dc7a3c84863e13b7 vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SupTab\uninstall.exe.vir"
sh=A5FE5C71D62BD9648AB25660D7CAE6EFF98AF3ED ft=1 fh=c71c00113e20c1ff vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CoolSaleCoupon\VdM4CjrIUFqIdi.dll.vir"
sh=8B31E1D5B92FF6642CC5FB707EC76596CE84002C ft=1 fh=1e4a03f52794c59a vn="Variante von Win64/Adware.MultiPlug.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\CoolSaleCoupon\VdM4CjrIUFqIdi.x64.dll.vir"
sh=B8D35238AB8FC45B1363B9229FCFD3FF7E6844C5 ft=1 fh=c71c00114b81337a vn="Variante von Win32/AdWare.MultiPlug.BN Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ddownlloaditkeep\Nz0dcqEOXPF79F.dll.vir"
sh=6EA4AD40526D2FF098B833C8B89DC1B787DA46C3 ft=1 fh=12e84785a28b9650 vn="Variante von Win64/Adware.MultiPlug.E Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\ddownlloaditkeep\Nz0dcqEOXPF79F.x64.dll.vir"
sh=2B55DF509EC5D62C5FB44E14E63AAC90371B917F ft=1 fh=918bb53878474d1f vn="Variante von Win32/ELEX.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\IePluginServices\PluginService.exe.vir"
sh=84616836894B9CACA83D683872A132424128D9CB ft=1 fh=23b3d2b5787c7150 vn="Win32/ELEX.BC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe.vir"
sh=0CDDBFAC8EF5146B6A827219D016E1E9AA438C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmdkolkgokhiflhdddcfnbebofneifp\1.8\v.js.vir"
sh=036B01DD2688D046A867787659545ACD1F78FC22 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Rocket\Application\31.0.1650.23\Extensions\Rocket.crx.vir"
sh=BF60ADDA4AD69DC3D70795605BDDBE46993ACC4D ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Rocket\Application\31.0.1650.23\Installer\chrome.7z.vir"
sh=50164001C8B484365DD2F5A701C582D52D7AD2B8 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_1\js\background.js.vir"
sh=2A52439FB823A672620DF3D634E33A9ADCE74E7C ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_1\js\bootstrap.js.vir"
sh=0CE9A2B76440CB57A2FBF700EA345D24AAEAFB17 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_1\js\newtab.js.vir"
sh=6E2F49F9CA86FE8D9613E02FB7159B376AEF40C8 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Rocket\User Data\Default\Extensions\ibnjmihbbanannlbobkbmnmckjnmdnom\0.2.4_1\js\opentab.js.vir"
sh=C7438D942F5D66F71822D807D890EA30B68DEA5E ft=1 fh=cea6bc5b719b3fa1 vn="Variante von Win32/DealPly.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\SaveSense\SaveSenseUpdateVer.exe.vir"
sh=0CDDBFAC8EF5146B6A827219D016E1E9AA438C42 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmdkolkgokhiflhdddcfnbebofneifp\1.8\v.js.vir"
sh=A148FE16E5DB3B6F67AC7BFEB0A918BE9E3ABEC7 ft=1 fh=3d0f5b1f98dab79f vn="Win32/Verti.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\StormWatch\StormWatchApp.exe.vir"
sh=2707BE89CD8B0CF675180163D0BE9B65447DEAA1 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Vosteran\Application\31.0.1650.23\Extensions\Vosteran.crx.vir"
sh=A89A768C4ECBE9EFFAE22162944E8A776C94153E ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Vosteran\Application\31.0.1650.23\Installer\chrome.7z.vir"
sh=E5A22D682B5B9C1F5AD1E1F7D98E685772BED8FC ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\background.js.vir"
sh=F2A8917500E1C6B9E4ADD5299BAF66B57DD4EB63 ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\bootstrap.js.vir"
sh=CE3159B58A6DFF52E43F2445A4E094B983DD0EBA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\newtab.js.vir"
sh=FD7368BFE59CB6D2E4853110A8BDE09937D30BFA ft=0 fh=0000000000000000 vn="JS/Astromenda.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Local\Vosteran\User Data\Default\Extensions\bjaelnipcipenlfdoncdclohekeglkac\0.3.8_0\js\opentab.js.vir"
sh=DFC204EC778E2F406D92CDC0D66CD9A91C56AFD5 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\Extensions\wculZ@S.edu\content\bg.js.vir"
sh=20509FA2B69F4F520808C47C8512FA95C6CCBD89 ft=1 fh=fbea23574f0e2b5a vn="Win32/VOPackage.AT evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Roaming\VOPackage\Uninstall.exe.vir"
sh=DB6975D3260B6B0A5E718EB43CDF8536D67D6E3E ft=1 fh=a02280cc354e021a vn="Variante von Win32/VOPackage.AV evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Roaming\VOPackage\VOsrv.exe.vir"
sh=77C41F7DE0C08A26E70826946D91A9DC9BDD1C33 ft=1 fh=eed3d5e2751d7146 vn="Variante von Win32/DealPly.U evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\******\AppData\Roaming\WSE_Vosteran\UpdateProc\UpdateTask.exe.vir"
sh=8B67C4946B050285FE89EFE36AB6DC2F7B3E2D2F ft=1 fh=d91722da20002316 vn="Variante von Win64/Riskware.NetFilter.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\netfilter64.sys.vir"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys.vir"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys.vir"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\System32\drivers\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys.vir"
sh=2B160B725103F03C553499A0FCC802833406360D ft=1 fh=2173bba019656767 vn="Variante von Win64/Adware.Adpeak.F Anwendung" ac=I fn="C:\FRST\Quarantine\C\Program Files (x86)\35556262-902E-49AE-8622-66E14F1F041C\arrmeapsie64.exe"
sh=0CFCD251E8842BDEF45E5B0B566B32DC3DE0241B ft=1 fh=664d8905e691ccb7 vn="Win32/BrowseFox.V evtl. unerwünschte Anwendung" ac=I fn="C:\FRST\Quarantine\C\ProgramData\e25f457c-9287-4f2d-b5a8-8cd714c55009\maintainer.bak"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys-k.mbam"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys-r.mbam"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys-u.mbam"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys-k.mbam"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys-r.mbam"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys-u.mbam"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys-k.mbam"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys-r.mbam"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\ProgramData\Malwarebytes\ Malwarebytes Anti-Malware \{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys-u.mbam"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys-k.mbam"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys-r.mbam"
sh=3F07D47B33E637549BCA17455CB48F5BC83AAE9E ft=1 fh=e85f00dea0d5519e vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{55bbc577-fb0b-4e77-8a51-e033716a9ead}Gw64.sys-u.mbam"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys-k.mbam"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys-r.mbam"
sh=26852AF2A6DB4F6A499F73854B052C30EA553377 ft=1 fh=6043fa7df229486b vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{820a714f-c526-4777-8e87-e9d6612e0938}Gw64.sys-u.mbam"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys-k.mbam"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys-r.mbam"
sh=8643A3AFAF638E544CFE03DBEFC7B54DFA140BEC ft=1 fh=dff6abe5bc3fb4aa vn="Variante von Win64/BrowseFox.CG evtl. unerwünschte Anwendung" ac=I fn="C:\Users\All Users\Malwarebytes\ Malwarebytes Anti-Malware \{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}w64.sys-u.mbam"
sh=AA92BC878974CB71E4592F49A70A92CE475B7D40 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js"
sh=29784503483FA39B69DC037416155FE028EE58DE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js"
sh=E2B622E9815E9BC537F2BFF723EEA340BFB7EB6A ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\background.js"
sh=73BC47D655C4BE86ACF2015C9828A7EB01188827 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\content.js"
sh=AA92BC878974CB71E4592F49A70A92CE475B7D40 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js"
sh=29784503483FA39B69DC037416155FE028EE58DE ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js"
sh=7424E5A3EEA00C4B57D4675A112033A01F146794 ft=0 fh=0000000000000000 vn="Win32/BrowseFox.X evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}.xpi"
sh=995EB7699FFA691FB537CC4B6AD5D330B3DB3DF1 ft=0 fh=0000000000000000 vn="JS/Kryptik.ATB Trojaner" ac=I fn="C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\staged\z@buV6LBX3.net\content\bg.js"
sh=3972109B1974BEA7EAA2CFCAF92269548E9C2E72 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Desktop\Alte Firefox-Daten\4zo20cia.default\extensions\aba3db73-c9bd-47b3-99c1-ebaf0b0b87ad@c4364137-5195-4339-81dd-ebf2e8579728.com\extensionData\plugins\91_monetizationLoader.js.js"
sh=F5AE01197AF9D8425D7A5FF6B76BFE06AD8CF248 ft=0 fh=0000000000000000 vn="OSX/Adware.Genieo.A Anwendung" ac=I fn="C:\Users\******\Downloads\installtinyumbrella.dmg"
sh=EC9525C36D090176AB061CE64CB6060CE39ACA1D ft=1 fh=1083b042f0fb3be7 vn="Variante von Win32/InstallCore.QD evtl. unerwünschte Anwendung" ac=I fn="C:\Users\******\Downloads\tinyumbrella.exe"
         


Eine Frage: Hätte ich bei ESET nicht auswählen sollen, dass er die Infektionen auch gleich beseitigt?

Vielen Dank bisher und viele Grüße!

Alt 19.12.2014, 09:05   #12
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\background.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\content.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js
C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}.xpi
C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\staged\z@buV6LBX3.net\content\bg.js
C:\Users\******\Desktop\Alte Firefox-Daten\4zo20cia.default\extensions\aba3db73-c9bd-47b3-99c1-ebaf0b0b87ad@c4364137-5195-4339-81dd-ebf2e8579728.com\extensionData\plugins\91_monetizationLoader.js.js
C:\Users\******\Downloads\installtinyumbrella.dmg
C:\Users\******\Downloads\tinyumbrella.exe
EmptyTemp:
Hosts:
         
Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.01.2015, 09:57   #13
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Hallo,

tut mir sehr Leid für die Verzögerung, aber ich habe den Kollegen eine Zeit lang nicht gesehen, da konnte ich natürlich schlecht weiterarbeiten ohne den Laptop.

Hier der Inhalt der Datei "Fixlog.txt":

Zitat:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-01-2015
Ran by ****** at 2015-01-11 09:43:06 Run:2
Running from C:\Users\******\Desktop\FRST
Loaded Profiles: **** & ****** (Available profiles: **** & ******)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\background.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\content.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js
C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}.xpi
C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\staged\z@buV6LBX3.net\content\bg.js
C:\Users\******\Desktop\Alte Firefox-Daten\4zo20cia.default\extensions\aba3db73-c9bd-47b3-99c1-ebaf0b0b87ad@c4364137-5195-4339-81dd-ebf2e8579728.com\extensionData\plugins\91_monetizationLoader.js.js
C:\Users\******\Downloads\installtinyumbrella.dmg
C:\Users\******\Downloads\tinyumbrella.exe
EmptyTemp:
Hosts:

*****************

C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js => Moved successfully.
C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js => Moved successfully.
"C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\background.js" => File/Directory not found.
"C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\bnaeackconkmhppdoemdbhohlkbjfggd\1.0.1_0\content.js" => File/Directory not found.
"C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpnmncjdpbehanjnmpmodhbheohhcpdn\182\xq.js" => File/Directory not found.
"C:\Users\******\AppData\Local\Google\Chrome\User Data\Default\Extensions\peconnficnlajdpgfcjfmhjibkoijlbp\184\yRkM.js" => File/Directory not found.
"C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\{e7ea42ad-4fa4-4fce-a37a-c42931f721e3}.xpi" => File/Directory not found.
"C:\Users\******\AppData\Roaming\Mozilla\Firefox\Profiles\5pzluep6.default-1407710099692\extensions\staged\z@buV6LBX3.net\content\bg.js" => File/Directory not found.
"C:\Users\******\Desktop\Alte Firefox-Daten\4zo20cia.default\extensions\aba3db73-c9bd-47b3-99c1-ebaf0b0b87ad@c4364137-5195-4339-81dd-ebf2e8579728.com\extensionData\plugins\91_monetizationLoader.js.js" => File/Directory not found.
"C:\Users\******\Downloads\installtinyumbrella.dmg" => File/Directory not found.
"C:\Users\******\Downloads\tinyumbrella.exe" => File/Directory not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 446.6 MB temporary data.


The system needed a reboot.

==== End of Fixlog 09:43:39 ====

Eine Frage:

Auf dem Laptop sind 2 verschiedene Nutzerkonten angemeldet. Hätte ich den ganzen Prozess auch auf dem anderen Nutzerkonto durchführen müssen, oder wurde das alles jetzt automatisch auch auf das andere Konto angewandt? Sind beides Administratoren-Konten.

Viele Grüße

Alt 11.01.2015, 15:09   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Das passt so schon.

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) empfehle ich die Erweiterung Ghostery, diese verhindert weitgehend Usertracking bzw. das Anzeigen von Werbebannern.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 11.01.2015, 15:22   #15
Suchender12
 
Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Standard

Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!



Ok, vielen Dank für die Tips

Nein, seit den Maßnahmen gab es keine Probleme mehr, auch keine Meldungen vom Antivirus-Programm o.ä. Vielen Dank!

Darf ich die Tools und die Dokumente, die für die Analyse erstellt wurden, jetzt entfernen?

Antwort

Themen zu Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
appenable entfernen, browsersafeguard with rockettab entfernen, buzzdock entfernen, coolsalecoupon entfernen, couponarific entfernen, ddownlloaditkeep entfernen, fehlercode 0xc0000005, fehlercode 22, freehd-sport tv v9.0 entfernen, malwarebytes, mypc backup entfernen, omiga-plus uninstall entfernen, osx/adware.genieo.a, pup.optional.appenable.a, pup.optional.suptab.a, remote desktop access entfernen, rocket entfernen, saleitcoupon entfernen, save sense entfernen, savesense entfernen, this device is disabled. (code 22), werbeeinblendungen, win32/installcore.qd, wse rocket entfernen, wse_vosteran entfernen



Ähnliche Themen: Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!


  1. Link Klick öffnet zunächst eine Link Fremde Seite " Casino Werbung " " Siele Werbung " "Erotik Seiten " oder ähnliches!
    Plagegeister aller Art und deren Bekämpfung - 26.08.2015 (17)
  2. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  3. "Antiviren Werbung" "Langsamer PC" "PC stürzt ab" Banner und Popups beim surfen
    Plagegeister aller Art und deren Bekämpfung - 05.11.2013 (28)
  4. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  5. Diverse Fehlermeldungen bei Start des Systems nach "Entfernen" des "Polizei-Virus"
    Log-Analyse und Auswertung - 27.10.2012 (10)
  6. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  7. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  8. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  9. Malwarereinigung: "TR/Kazy.25747.40", "Trojan.Downloader..." und "Backdoor: Win32Cycbot.B"
    Log-Analyse und Auswertung - 09.06.2011 (1)
  10. Öffentliches Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Netzwerk und Hardware - 02.05.2011 (14)
  11. Netzwerk: Opera sendet/empfängt Daten an/von "Dani-PC", "Anne-PC", "PAULA-HP"...
    Alles rund um Windows - 16.04.2011 (0)
  12. "0.05870814618642739.exe" ("Win32:Trojan-gen") in "C:\Users\***\AppData\Local\Temp\"
    Plagegeister aller Art und deren Bekämpfung - 02.01.2011 (25)
  13. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  14. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  15. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)
  16. Beheben des Problems "kein Internet"/"rsvp32_2.dll"/"Can't load library from memory"
    Plagegeister aller Art und deren Bekämpfung - 25.03.2007 (22)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! - Hallo zusammen! Ich hoffe, dass mir hier weitergeholfen werden kann. Folgendes Problem: Ein Freund von mir hat auf seinem Laptop diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"), da er leider - Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!...
Archiv
Du betrachtest: Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.