| |
| |||||||
Log-Analyse und Auswertung: Windows 7: im neuen Tab öffnet sich omiga-plus.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
03.02.2015, 13:02
| #1 |
 |  Windows 7: im neuen Tab öffnet sich omiga-plus.com Liebes Trojaner-Board Team, wie im Titel schon gesagt, öffnet sich bei mir immer die Seite omiga-plus.com, statt meiner eingestellten Startseite. Vielen Dank schon mal im Voraus bei der Behebung des Problems  LG Jooker defogger Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:18 on 03/02/2015 (Charly)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Charly (administrator) on CHARLY-PC on 03-02-2015 12:26:11
Running from C:\Users\Charly\Desktop
Loaded Profiles: Charly (Available profiles: Charly & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\WINDOWS\System32\rundll32.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(STab_Down) C:\Users\Charly\AppData\Local\Temp\Wtmp1432676756\tmp\STab_Down_6.0.6.6.exe
(SysTool PasSame LIMITED) C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
(Microsoft Corporation) C:\WINDOWS\SysWOW64\wbem\WmiPrvSE.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-10] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [Facebook Update] => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
HKU\S-1-5-21-1885151078-40185133-285767259-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
HKU\S-1-5-21-1885151078-40185133-285767259-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.29.11.1
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://isearch.omiga-plus.com/?type=sc&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
FireFox:
========
FF ProfilePath: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default
FF NewTab: hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
FF Homepage: hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8
FF NetworkProxy: "backup.ftp", "172.27.10.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "172.27.10.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "172.27.10.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "172.27.10.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "172.27.10.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "172.27.10.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "172.27.10.1"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\dudende-suche.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ixquick-ssl.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\leo-deu-fra.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\openthesaurus.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ponscom--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\visualbee.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\wettercom.xml
FF Extension: Web Developer - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-06]
FF Extension: Tab Mix Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-16]
FF HKLM-x32\...\Firefox\Extensions: [fftoolbar2014@etech.com] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\fftoolbar2014@etech.com
FF HKLM-x32\...\Firefox\Extensions: [faststartff@gmail.com] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\faststartff@gmail.com
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de
Chrome:
=======
CHR Profile: C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20]
CHR Extension: (Google Drive) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20]
CHR Extension: (YouTube) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20]
CHR Extension: (Google-Suche) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20]
CHR Extension: (Google Mail) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
S2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WindowsMangerProtect; C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [464384 2015-02-01] (SysTool PasSame LIMITED) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software)
R1 qrnfd_1_10_0_8; system32\drivers\qrnfd_1_10_0_8.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 12:25 - 2015-02-03 12:26 - 00039289 _____ () C:\Users\Charly\Desktop\Addition.txt
2015-02-03 12:24 - 2015-02-03 12:26 - 00025515 _____ () C:\Users\Charly\Desktop\FRST.txt
2015-02-03 12:23 - 2015-02-03 12:26 - 00000000 ____D () C:\FRST
2015-02-03 12:21 - 2015-02-03 12:22 - 02131456 _____ (Farbar) C:\Users\Charly\Desktop\FRST64.exe
2015-02-03 12:18 - 2015-02-03 12:18 - 00000474 _____ () C:\Users\Charly\Desktop\defogger_disable.log
2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 _____ () C:\Users\Charly\defogger_reenable
2015-02-03 12:07 - 2015-02-03 12:07 - 00050477 _____ () C:\Users\Charly\Desktop\Defogger.exe
2015-02-01 17:36 - 2015-02-01 17:36 - 00004018 _____ () C:\windows\System32\Tasks\LaunchSignup
2015-02-01 17:20 - 2015-02-01 17:20 - 00000000 ____D () C:\ProgramData\WindowsMangerProtect
2015-02-01 17:19 - 2015-02-01 17:20 - 00000000 ____D () C:\Users\Charly\Documents\ProPCCleaner
2015-02-01 17:19 - 2015-02-01 17:19 - 00003200 _____ () C:\windows\System32\Tasks\ProPCCleaner_Start
2015-02-01 17:19 - 2015-02-01 17:19 - 00000000 ____D () C:\Users\Charly\AppData\Local\Pro_PC_Cleaner
2015-02-01 17:18 - 2015-02-03 11:53 - 00001340 _____ () C:\windows\Tasks\DAPXB.job
2015-02-01 17:18 - 2015-02-03 11:53 - 00001338 _____ () C:\windows\Tasks\OAMZ.job
2015-02-01 17:18 - 2015-02-01 17:19 - 00004370 _____ () C:\windows\System32\Tasks\DAPXB
2015-02-01 17:18 - 2015-02-01 17:18 - 01960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe
2015-02-01 17:18 - 2015-02-01 17:18 - 01482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe
2015-02-01 17:18 - 2015-02-01 17:18 - 00004368 _____ () C:\windows\System32\Tasks\OAMZ
2015-02-01 17:18 - 2015-02-01 17:18 - 00000000 ____D () C:\Users\Charly\AppData\Local\globalUpdate
2015-02-01 17:18 - 2015-02-01 17:18 - 00000000 ____D () C:\Program Files (x86)\globalUpdate
2015-02-01 17:17 - 2015-02-01 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
2015-01-27 20:20 - 2015-01-27 20:20 - 19029752 _____ () C:\Users\Charly\Downloads\Anhänge_2015127.zip
2015-01-27 18:29 - 2015-01-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ
2015-01-20 00:46 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Charly\Desktop\Neuer Ordner
2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4.mp4
2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4(1).mp4
2015-01-18 12:33 - 2015-01-18 12:33 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-01-16 03:22 - 2015-01-16 03:22 - 00000197 _____ () C:\windows\system32\2015-01-16-02-22-30.004-AvastVBoxSVC.exe-168.log
2015-01-15 20:39 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-15 03:34 - 2015-01-15 03:34 - 00000197 _____ () C:\windows\system32\2015-01-15-02-34-10.058-AvastVBoxSVC.exe-4068.log
2015-01-14 17:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 17:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 17:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 17:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 17:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 17:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 17:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 17:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 17:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 17:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 13:52 - 2015-01-13 13:52 - 00000197 _____ () C:\windows\system32\2015-01-13-12-52-06.058-AvastVBoxSVC.exe-2148.log
2015-01-12 21:12 - 2015-01-12 21:12 - 00000197 _____ () C:\windows\system32\2015-01-12-20-12-30.041-AvastVBoxSVC.exe-3500.log
2015-01-09 19:29 - 2015-01-09 19:29 - 00000197 _____ () C:\windows\system32\2015-01-09-18-29-29.054-AvastVBoxSVC.exe-3500.log
2015-01-08 23:19 - 2015-01-08 23:19 - 00000197 _____ () C:\windows\system32\2015-01-08-22-19-02.027-AvastVBoxSVC.exe-3576.log
2015-01-07 19:00 - 2015-01-07 19:00 - 00000197 _____ () C:\windows\system32\2015-01-07-18-00-25.075-AvastVBoxSVC.exe-3132.log
2015-01-07 16:45 - 2015-01-07 16:45 - 00000197 _____ () C:\windows\system32\2015-01-07-15-45-35.011-AvastVBoxSVC.exe-2380.log
2015-01-06 10:53 - 2015-01-06 10:54 - 46637686 _____ () C:\Users\Charly\Downloads\Come Now Is The Time To Worship.avi
2015-01-05 14:59 - 2015-01-05 14:59 - 00000197 _____ () C:\windows\system32\2015-01-05-13-59-14.095-AvastVBoxSVC.exe-3328.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 12:26 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 12:26 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 12:18 - 2011-09-06 09:23 - 00000000 ____D () C:\Users\Charly
2015-02-03 12:14 - 2013-11-18 15:41 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-03 12:14 - 2013-11-18 15:41 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-03 12:14 - 2011-09-06 09:33 - 00001419 _____ () C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-03 12:00 - 2011-08-30 00:01 - 01226817 _____ () C:\windows\WindowsUpdate.log
2015-02-03 11:59 - 2011-10-15 13:32 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job
2015-02-03 11:53 - 2011-09-06 19:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 11:52 - 2012-12-16 19:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-03 11:51 - 2012-04-03 13:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 11:51 - 2011-10-15 13:32 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job
2015-02-01 18:16 - 2012-01-31 16:00 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0F102A3C-CB48-4F24-80C8-D0792A79F8D8}
2015-02-01 17:36 - 2014-03-14 09:32 - 00835584 ___SH () C:\Users\Charly\Desktop\Thumbs.db
2015-01-29 15:31 - 2011-08-30 00:43 - 00000000 ____D () C:\ProgramData\Sonic
2015-01-28 20:07 - 2012-04-03 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 20:07 - 2012-04-03 13:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 20:07 - 2011-09-06 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 23:24 - 2014-12-31 15:47 - 00000000 ____D () C:\Users\Charly\Desktop\Auslandsjahr
2015-01-20 16:17 - 2013-11-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-20 13:53 - 2011-08-30 02:51 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-01-20 13:53 - 2011-08-30 02:51 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-01-20 13:53 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-01-18 20:11 - 2014-12-24 00:09 - 00000000 ____D () C:\Users\Charly\Documents\Outlook-Dateien
2015-01-18 20:10 - 2014-12-20 11:21 - 00000000 ____D () C:\Users\Charly\Documents\SelfMV
2015-01-18 12:34 - 2012-12-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-18 12:33 - 2012-06-04 11:33 - 00000000 ____D () C:\Users\Charly\AppData\Roaming\HpUpdate
2015-01-18 10:56 - 2014-10-21 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-16 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-16 03:19 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-01-16 03:00 - 2011-09-25 07:51 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-01-15 03:13 - 2013-07-27 02:01 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 03:01 - 2011-09-06 19:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB
2015-02-01 17:18 - 2015-02-01 17:18 - 1482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ
2015-02-01 17:18 - 2015-02-01 17:18 - 1960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe
2011-09-06 21:35 - 2014-02-05 12:02 - 0055296 _____ () C:\Users\Charly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-13 09:54 - 2011-12-13 09:58 - 0000000 _____ () C:\Users\Charly\AppData\Local\{1EEE3C18-D95C-46E1-AAAF-BA19D1E4E698}
2014-10-12 16:25 - 2014-10-12 16:25 - 0000000 _____ () C:\Users\Charly\AppData\Local\{4699457A-6CBE-4B5A-9265-C55F6C7BFF53}
2012-06-04 11:31 - 2012-06-04 11:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-26 20:47 - 2012-02-26 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-05-14 17:21 - 2012-05-14 17:21 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat
Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
Some content of TEMP:
====================
C:\Users\Charly\AppData\Local\Temp\BackupSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 23:09
==================== End Of Log ============================
addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Charly at 2015-02-03 12:27:15
Running from C:\Users\Charly\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Decouvertes 5 Sprachtrainer Kommunikation (HKLM-x32\...\{3D220981-ECF5-4DD6-AF2F-963580810B9E}) (Version: 1.00.000 - Klett)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.042) - Open Text Corporation.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Klett Lernsoftware Mathematik - Lambacher Schweizer (6. Lernjah (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schwei~1FADBBB4_is1) (Version: - )
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM-x32\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\MyFreeCodec) (Version: - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH)
StreamTransport version: 1.1.0.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tippfix1_1 (HKLM-x32\...\{FEB690DE-045C-4FAF-A6A6-4DC7376E24EE}) (Version: 1.1.0.0 - )
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Unity Web Player (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software)
Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-11-2014 03:00:57 Windows Update
19-11-2014 03:00:26 Windows Update
25-11-2014 19:27:14 Windows Update
28-11-2014 22:28:29 Windows Update
02-12-2014 16:55:36 Windows Update
09-12-2014 22:30:09 Windows Update
11-12-2014 02:00:17 Windows Update
14-12-2014 03:00:28 Windows Update
14-12-2014 13:50:48 avast! antivirus system restore point
17-12-2014 17:37:38 Windows Update
21-12-2014 03:01:45 Windows Update
24-12-2014 03:00:43 Windows Update
27-12-2014 10:56:39 Windows Update
30-12-2014 17:01:02 Windows Update
06-01-2015 17:03:18 Windows Update
09-01-2015 19:52:07 Windows Update
14-01-2015 17:32:28 Windows Update
15-01-2015 03:00:41 Windows Update
16-01-2015 03:00:27 Windows Update
18-01-2015 12:33:17 Installed HP Update.
20-01-2015 17:56:42 Windows Update
27-01-2015 16:59:43 Windows Update
31-01-2015 16:49:54 Windows Update
01-02-2015 17:18:43 Uniblue DriverScanner installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {022E17CD-88B1-4993-ABC4-F1F5FE7830EA} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe
Task: {10F7DCF1-B638-49E9-B0B8-6ECF9A913871} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {16244C64-FD36-4C03-9392-85C21442DD2E} - System32\Tasks\{2DBD0BE9-228D-4709-B7A8-1ABAA66554A6} => pcalua.exe -a E:\eagle-win-5.11.0.exe -d E:\
Task: {17CFBAFA-3FB4-4D7A-B78E-7041A8E4DEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2F2D47A7-15AC-4224-8728-335B1F0C7C88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {34EEE8A7-8663-4555-B8A0-744CA61B99DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {36ED0340-B405-4899-8CED-CA555B1838A9} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4B6E4C8D-7250-410B-AE2F-C3F5B21249B0} - System32\Tasks\{5923F9D2-C4DF-4E6C-A56C-9D44DF76E510} => pcalua.exe -a C:\Users\Charly\Desktop\SamsungDrucker20.07.2007.exe -d C:\Users\Charly\Desktop
Task: {5676A1BC-7E68-45F5-8D15-07E5B34E6E68} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5D95D023-633E-4F6F-B91B-3F98846784F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software)
Task: {617A462C-A873-4136-B366-36768448CA05} - System32\Tasks\Dealply => C:\Users\Charly\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {822E83A1-BB9F-441F-A31B-F9A9480A6959} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)
Task: {904E9075-1CD3-4C14-94CA-1D4F9EE5E441} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {921F9CDB-11BC-414B-A1DF-2F4D9EA7B820} - System32\Tasks\{ABF30231-F573-4948-BCD9-15EF0CC86584} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin
Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {AE68D4AF-AC25-460E-9B0A-7FBA5CA7E0AD} - System32\Tasks\{0FFF9BE5-FFF0-4B43-AFDC-640B7357C855} => pcalua.exe -a C:\Users\Charly\Downloads\Minecraft_Client-3.0.2\mcorg_client.exe -d C:\Users\Charly\Downloads\Minecraft_Client-3.0.2
Task: {B65E526A-65B1-4D14-B622-55761BF3AEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B8FAF197-98C0-43C3-995C-4072239AF8B7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {C31044DD-9933-4D28-B935-AD99CF620707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CD1374FE-7841-41B4-9F36-2DFD393BAEF2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {E7AAC0B9-A5B5-4B3F-ABAA-298F7E571035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {EDCC8E3E-5DAD-46C1-81BF-AB4C18A8AAC0} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2011-08-30 02:29 - 2011-04-10 19:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-01-15 11:40 - 2015-01-15 11:40 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011500\algo.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2015-01-16 07:30 - 2015-01-16 07:30 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011502\algo.dll
2015-02-03 11:54 - 2015-02-03 11:54 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll
2014-10-22 02:59 - 2014-10-22 02:59 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-08-30 00:08 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2012-09-23 19:43 - 2012-09-23 19:43 - 00313992 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\sqlite.dll
2013-05-11 11:37 - 2013-05-11 11:37 - 14588632 _____ () C:\Program Files (x86)\Adobe\Reader 11.0\Reader\NPSWF32.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2015-01-27 18:29 - 2015-01-27 18:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1885151078-40185133-285767259-500 - Administrator - Disabled)
Charly (S-1-5-21-1885151078-40185133-285767259-1000 - Administrator - Enabled) => C:\Users\Charly
Gast (S-1-5-21-1885151078-40185133-285767259-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1885151078-40185133-285767259-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter
Description: Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Adapter
Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
Manufacturer: Intel Corporation
Service: BTHUSB
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (02/03/2015 00:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: qrsvc.exe, Version: 1.10.0.8, Zeitstempel: 0x54c00034
Name des fehlerhaften Moduls: qrsvc.exe, Version: 1.10.0.8, Zeitstempel: 0x54c00034
Ausnahmecode: 0x40000015
Fehleroffset: 0x000250fc
ID des fehlerhaften Prozesses: 0x87dc
Startzeit der fehlerhaften Anwendung: 0xqrsvc.exe0
Pfad der fehlerhaften Anwendung: qrsvc.exe1
Pfad des fehlerhaften Moduls: qrsvc.exe2
Berichtskennung: qrsvc.exe3
Error: (02/03/2015 00:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.1.5500, Zeitstempel: 0x54c1f9f3
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.1.5500, Zeitstempel: 0x54c1f224
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x6074
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/01/2015 05:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 35.0.0.5486, Zeitstempel: 0x54af7153
Name des fehlerhaften Moduls: mozalloc.dll, Version: 35.0.0.5486, Zeitstempel: 0x54af69d4
Ausnahmecode: 0x80000003
Fehleroffset: 0x00001425
ID des fehlerhaften Prozesses: 0x1e38
Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0
Pfad der fehlerhaften Anwendung: plugin-container.exe1
Pfad des fehlerhaften Moduls: plugin-container.exe2
Berichtskennung: plugin-container.exe3
Error: (02/01/2015 04:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: EXPLORERFRAME.dll, Version: 6.1.7601.17514, Zeitstempel: 0x4ce7c6a8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0000000000030a0d
ID des fehlerhaften Prozesses: 0xafc
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (01/28/2015 09:30:31 AM) (Source: Google Update) (EventID: 20) (User: Charly-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x
Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: jusched.exe, Version: 2.1.67.1, Zeitstempel: 0x53d2a1f4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x16e8
Startzeit der fehlerhaften Anwendung: 0xjusched.exe0
Pfad der fehlerhaften Anwendung: jusched.exe1
Pfad des fehlerhaften Moduls: jusched.exe2
Berichtskennung: jusched.exe3
Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: PSIA.exe, Version: 3.0.0.6001, Zeitstempel: 0x50b35946
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000
ID des fehlerhaften Prozesses: 0x910
Startzeit der fehlerhaften Anwendung: 0xPSIA.exe0
Pfad der fehlerhaften Anwendung: PSIA.exe1
Pfad des fehlerhaften Moduls: PSIA.exe2
Berichtskennung: PSIA.exe3
Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
Error: (01/17/2015 10:18:38 PM) (Source: Google Update) (EventID: 20) (User: Charly-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
System errors:
=============
Error: (02/03/2015 11:50:31 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (02/01/2015 06:14:19 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FINN-HP625-NB",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/01/2015 05:21:57 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "FINN-HP625-NB",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (02/01/2015 04:02:38 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Error: (01/30/2015 05:20:48 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2015 05:10:47 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2015 04:46:39 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2015 04:40:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2015 04:35:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "SMILEY",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{09DE0DEA-86DD-431D-AE9E-79C704B84016}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/30/2015 02:55:39 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {E579AB5F-1CC4-44B4-BED9-DE0991FF0623}
Microsoft Office Sessions:
=========================
Error: (02/03/2015 00:11:57 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: qrsvc.exe1.10.0.854c00034qrsvc.exe1.10.0.854c0003440000015000250fc87dc01d03e3aa6bd6377C:\Program Files (x86)\QuickRef_1.10.0.8\Service\qrsvc.exeC:\Program Files (x86)\QuickRef_1.10.0.8\Service\qrsvc.exe7718d061-ab95-11e4-b89a-ac72893b3926
Error: (02/03/2015 00:10:23 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.1.550054c1f9f3mozalloc.dll35.0.1.550054c1f2248000000300001425607401d03e3cf29512daC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll3f03bbcc-ab95-11e4-b89a-ac72893b3926
Error: (02/01/2015 05:17:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe35.0.0.548654af7153mozalloc.dll35.0.0.548654af69d480000003000014251e3801d03e30209dda22C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldc86a1b9-aa2d-11e4-b89a-ac72893b3926
Error: (02/01/2015 04:26:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4EXPLORERFRAME.dll6.1.7601.175144ce7c6a8c00000050000000000030a0dafc01d03191144f2bd1C:\windows\Explorer.EXEC:\windows\system32\EXPLORERFRAME.dllc31ae4ef-aa26-11e4-b89a-ac72893b3926
Error: (01/28/2015 09:30:31 AM) (Source: Google Update) (EventID: 20) (User: Charly-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=auto, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x
Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: jusched.exe2.1.67.153d2a1f4unknown0.0.0.000000000c00000050000000016e801d031912790eda9C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeunknown6797352f-a3e4-11e4-b89a-ac72893b3926
Error: (01/24/2015 05:16:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: PSIA.exe3.0.0.600150b35946unknown0.0.0.000000000c00000050000000091001d03132dba64299C:\Program Files (x86)\Secunia\PSI\PSIA.exeunknown67970e1f-a3e4-11e4-b89a-ac72893b3926
Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
C:\Program Files (x86)\Samsung\Kies\Kies.exe
Error: (01/18/2015 00:40:56 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: C:\Program Files (x86)\Samsung\Kies\Kies.exe . Error code = 0x80131f07
C:\Program Files (x86)\Samsung\Kies\Kies.exe
Error: (01/17/2015 10:18:38 PM) (Source: Google Update) (EventID: 20) (User: Charly-PC)
Description: Network Request Error.
Error: 0x80072ee7. Http status code: 0.
Url=https://www.facebook.com/omaha/update.php
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=FireFox, direct connection.
trying CUP:WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying WinHTTP.
Send request returned 0x80072ee7. Http status code 0.
trying CUP:iexplore.
Send request returned 0x80004005. Http status code 0.
Trying config: source=IE, wpad=1, script=.
trying CUP:WinHTTP.
Send request returned 0x80
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 54%
Total physical RAM: 4003.17 MB
Available physical RAM: 1837.61 MB
Total Pagefile: 8004.53 MB
Available Pagefile: 3725.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:226.51 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:0.03 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4219F81)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-03 12:47:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950042 rev.D005 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Charly\AppData\Local\Temp\kxdirpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80003609000 76 bytes [E4, 80, 91, 92, 80, 91, 93, ...]
INITKDBG C:\windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 527 fffff8000360904f 65 bytes [3B, 96, 9C, 80, 91, 9C, 80, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastui.exe[5772] C:\windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076728791 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
---- Threads - GMER 2.1 ----
Thread [1532:1628] 0000000077972e65
Thread [1532:1632] 0000000077973e85
Thread [1532:1636] 0000000074c5f28e
Thread [1532:1648] 0000000075797587
Thread [1532:1656] 00000000743d7390
Thread [1532:1660] 0000000074432240
Thread [1532:1688] 0000000074296780
Thread [1532:1692] 0000000074295c30
Thread [1532:1924] 0000000074c5f28e
Thread [1532:1184] 000000007427e070
Thread [1532:1136] 000000007427e070
Thread [1532:1204] 000000007427e070
Thread [1532:1220] 000000007427e070
Thread [1532:1256] 000000007427e070
Thread [1532:1276] 000000007427f630
Thread [1532:1280] 000000007427f630
Thread [1532:1292] 000000007427e7d0
Thread [1532:1296] 00000000742ec860
Thread [1532:1316] 00000000742ead70
Thread [1532:1324] 00000000742eb2d0
Thread [1532:1272] 00000000742823a0
Thread [1532:1332] 00000000742823a0
Thread [1532:1356] 00000000742823a0
Thread [1532:1348] 00000000742823a0
Thread [1532:1444] 00000000742823a0
Thread [1532:1480] 00000000742820e0
Thread [1532:1476] 00000000731a1080
Thread [1532:1552] 00000000731714b0
Thread [1532:1620] 0000000074297700
Thread [1532:1616] 0000000074281830
Thread [1532:1600] 000000007719d864
Thread [1532:1612] 0000000074c5f28e
Thread [1532:1604] 00000000729052c9
Thread [1532:1772] 00000000743085f0
Thread [1532:1980] 0000000074047740
Thread [1532:1132] 0000000074c5f28e
Thread [1532:1188] 0000000074c5f28e
Thread [1532:1596] 0000000074c5f28e
Thread [1532:2020] 0000000074c5f28e
Thread [1532:1428] 0000000074c5f28e
Thread [1532:2052] 0000000074c5f28e
Thread [1532:2088] 00000000725c8670
Thread [1532:2112] 0000000073f40480
Thread [1532:2116] 0000000074c5f28e
Thread [1532:2124] 00000000744365e0
Thread [1532:2128] 0000000074439850
Thread [1532:2132] 0000000074c5f28e
Thread [1532:2204] 0000000074c5f28e
Thread [1532:2216] 000000007432bae0
Thread [1532:2220] 0000000074c5f28e
Thread [1532:2224] 0000000074c5f28e
Thread [1532:2252] 0000000074c5f28e
Thread [1532:3496] 000000007719d864
Thread [1532:3640] 00000000730613b0
Thread [1532:4100] 0000000074c5f28e
Thread [1532:33704] 0000000074c5f28e
Thread [1532:24832] 0000000074c5f28e
Thread [1532:23032] 00000000756e42ed
Thread [1532:52372] 0000000077973e85
Thread [1532:35520] 0000000077973e85
Thread [1532:23048] 00000000733362ee
Thread [1532:61168] 0000000074c5f28e
Thread [1532:63404] 0000000074c5f28e
Thread [1532:31876] 0000000077973e85
Thread [1532:61596] 0000000077973e85
Thread [1532:33844] 0000000077973e85
Thread [1532:54852] 0000000077973e85
Thread [1532:61692] 0000000077973e85
Thread [1532:48436] 0000000077973e85
Thread [1532:60268] 0000000077973e85
Thread [1532:61356] 0000000077973e85
Thread [1532:63004] 0000000074c5f28e
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:3080] 000007fefb7d2bf8
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:3096] 000007fef4464830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:2168] 000007fef4464830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:3460] 000007fef8cd5124
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:9080] 000007fef43e9d90
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:13108] 000007fef4464830
Thread C:\Program Files\Windows Media Player\wmpnetwk.exe [788:16612] 000007fef5c93a18
---- Processes - GMER 2.1 ----
Process C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe (*** suspicious ***) @ C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe [49656] (Windows SysTool Service/SysTool PasSame LIMITED)(2015-02-01 16:20:28) 0000000000aa0000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}\Connection@Name isatap.{A586EDF0-8AA4-4F91-AB3D-B3E7423BFA56}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{93158D43-A689-4E9D-BA9D-D4349620E5E8}?\Device\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}?\Device\{88E0244C-573D-4272-9F26-C6BFD1E3223E}?\Device\{9892A028-2D9C-478E-92F0-0DEF19FA44B1}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{93158D43-A689-4E9D-BA9D-D4349620E5E8}"?"{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}"?"{88E0244C-573D-4272-9F26-C6BFD1E3223E}"?"{9892A028-2D9C-478E-92F0-0DEF19FA44B1}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{93158D43-A689-4E9D-BA9D-D4349620E5E8}?\Device\TCPIP6TUNNEL_{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}?\Device\TCPIP6TUNNEL_{88E0244C-573D-4272-9F26-C6BFD1E3223E}?\Device\TCPIP6TUNNEL_{9892A028-2D9C-478E-92F0-0DEF19FA44B1}?
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015007f6c3b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926@a00798404576 0x37 0x92 0x84 0x40 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926@001ddfcd0f8c 0x5B 0x9D 0x7D 0xD9 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac72893b3926@b85e7b25aa4c 0xBB 0x6D 0x19 0x35 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\bc7737048afc
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}@InterfaceName isatap.{A586EDF0-8AA4-4F91-AB3D-B3E7423BFA56}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{4E00D654-6C07-4CD6-AD65-2F147A85E4D4}@ReusableType 0
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015007f6c3b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926@a00798404576 0x37 0x92 0x84 0x40 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926@001ddfcd0f8c 0x5B 0x9D 0x7D 0xD9 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac72893b3926@b85e7b25aa4c 0xBB 0x6D 0x19 0x35 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\bc7737048afc (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
03.02.2015, 13:10
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Windows 7: im neuen Tab öffnet sich omiga-plus.com Hi,
__________________Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
03.02.2015, 13:56
| #3 |
| | Windows 7: im neuen Tab öffnet sich omiga-plus.com Hi,
__________________danke für die schnelle Antwort! AdwCleaner Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 13:21:57
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Charly - CHARLY-PC
# Gestartet von : C:\Users\Charly\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : WindowsMangerProtect
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WindowsMangerProtect
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Ordner Gelöscht : C:\Program Files (x86)\globalUpdate
Ordner Gelöscht : C:\Users\Charly\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\Charly\AppData\Local\Pro_PC_Cleaner
Ordner Gelöscht : C:\Users\Charly\Documents\ProPCCleaner
Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Startfenster.lnk
Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\visualbee.xml
***** [ Tasks ] *****
Task Gelöscht : Dealply
Task Gelöscht : LaunchSignup
Task Gelöscht : ProPCCleaner_Start
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [fftoolbar2014@etech.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\StormWatchApp
Schlüssel Gelöscht : HKCU\Software\ProPCCleanerLanguage
Schlüssel Gelöscht : HKLM\SOFTWARE\GlobalUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKLM\SOFTWARE\omiga-plusSoftware
Schlüssel Gelöscht : HKLM\SOFTWARE\supWindowsMangerProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Uniblue
Schlüssel Gelöscht : HKLM\SOFTWARE\VBMZ
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v35.0.1 (x86 de)
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://isearch.omiga-plus.com/newtab/?type=nt&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.alias", "omiga-plus");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://isearch.omiga-plus.com/favicon.ico");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.name", "omiga-plus");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.searchengine.url", "hxxp://isearch.omiga-plus.com/web/?type=ds&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8&q={searchTerms}");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://isearch.omiga-plus.com/?type=hp&ts=1422807498&from=tugs&uid=ST9500420AS_5VJDGZW8XXXX5VJDGZW8");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.ffxtlbr@visualbee.com.install-event-fired", true);
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.admin", false);
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.aflt", "babsst");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.appId", "{9C69AD01-2505-4FA3-BF08-38DCFB0BF6B3}");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.autoRvrt", "false");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.dfltLng", "en");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.excTlbr", false);
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.id", "b237ad23000000000000ac72893b3923");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.instlDay", "15909");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.instlRef", "sst");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.newTab", false);
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.prdct", "visualbee");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.prtnrId", "visualbee");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.rvrt", "false");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.smplGrp", "none");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.tlbrId", "vbeeyh");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.tlbrSrchUrl", "");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.vrsn", "1.8.9.1");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.vrsnTs", "1.8.9.110:08:30");
[rl566buh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.visualbee.vrsni", "1.8.9.1");
-\\ Google Chrome v
[C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://visualbee.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B237AC72893B3923&affID=121377&tsp=4952
[C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://visualbee.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B237AC72893B3923&affID=121377&tsp=4952
*************************
AdwCleaner[R0].txt - [16022 octets] - [03/02/2015 13:16:27]
AdwCleaner[S0].txt - [14710 octets] - [03/02/2015 13:21:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14771 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Charly on 03.02.2015 at 13:41:01,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Failed to delete: [Folder] "C:\ProgramData\pcdr"
Successfully deleted: [Folder] "C:\Users\Charly\AppData\Roaming\pcdr"
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ FireFox
Successfully deleted the following from C:\Users\Charly\AppData\Roaming\mozilla\firefox\profiles\rl566buh.default\prefs.js
user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
user_pref("browser.search.searchengine.ptid", "tugs");
user_pref("browser.search.searchengine.uid", "ST9500420AS_5VJDGZW8XXXX5VJDGZW8");
Emptied folder: C:\Users\Charly\AppData\Roaming\mozilla\firefox\profiles\rl566buh.default\minidumps [52 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at 13:47:23,22
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Charly (administrator) on CHARLY-PC on 03-02-2015 13:50:03
Running from C:\Users\Charly\Desktop
Loaded Profiles: Charly (Available profiles: Charly & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngtool.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\mftutil.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-01] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [Facebook Update] => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.29.11.1
FireFox:
========
FF ProfilePath: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default
FF NetworkProxy: "backup.ftp", "172.27.10.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "172.27.10.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "172.27.10.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "172.27.10.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "172.27.10.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "172.27.10.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "172.27.10.1"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\dudende-suche.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ixquick-ssl.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\leo-deu-fra.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\openthesaurus.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ponscom--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\wettercom.xml
FF Extension: Web Developer - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-06]
FF Extension: Tab Mix Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de
Chrome:
=======
CHR Profile: C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20]
CHR Extension: (Google Drive) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20]
CHR Extension: (YouTube) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20]
CHR Extension: (Google-Suche) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20]
CHR Extension: (Google Mail) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software)
S1 qrnfd_1_10_0_8; system32\drivers\qrnfd_1_10_0_8.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 13:47 - 2015-02-03 13:47 - 00001306 _____ () C:\Users\Charly\Desktop\JRT.txt
2015-02-03 13:39 - 2015-02-03 13:39 - 01388274 _____ (Thisisu) C:\Users\Charly\Desktop\JRT.exe
2015-02-03 13:33 - 2015-02-03 13:33 - 644974565 _____ () C:\windows\MEMORY.DMP
2015-02-03 13:33 - 2015-02-03 13:33 - 00472976 _____ () C:\windows\Minidump\020315-26956-01.dmp
2015-02-03 13:33 - 2015-02-03 13:33 - 00005990 _____ () C:\windows\PFRO.log
2015-02-03 13:33 - 2015-02-03 13:33 - 00000056 _____ () C:\windows\setupact.log
2015-02-03 13:33 - 2015-02-03 13:33 - 00000000 _____ () C:\windows\setuperr.log
2015-02-03 13:21 - 2015-02-03 13:22 - 00014880 _____ () C:\Users\Charly\Desktop\AdwCleaner[S0].txt
2015-02-03 13:16 - 2015-02-03 13:39 - 00000000 ____D () C:\AdwCleaner
2015-02-03 13:15 - 2015-02-03 13:15 - 02194432 _____ () C:\Users\Charly\Desktop\AdwCleaner_4.109.exe
2015-02-03 12:47 - 2015-02-03 12:47 - 00027016 _____ () C:\Users\Charly\Desktop\Gmer.log
2015-02-03 12:33 - 2015-02-03 12:33 - 00380416 _____ () C:\Users\Charly\Desktop\Gmer-19357.exe
2015-02-03 12:25 - 2015-02-03 12:27 - 00039289 _____ () C:\Users\Charly\Desktop\Addition.txt
2015-02-03 12:24 - 2015-02-03 13:50 - 00021943 _____ () C:\Users\Charly\Desktop\FRST.txt
2015-02-03 12:23 - 2015-02-03 13:50 - 00000000 ____D () C:\FRST
2015-02-03 12:21 - 2015-02-03 12:22 - 02131456 _____ (Farbar) C:\Users\Charly\Desktop\FRST64.exe
2015-02-03 12:18 - 2015-02-03 12:18 - 00000474 _____ () C:\Users\Charly\Desktop\defogger_disable.log
2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 _____ () C:\Users\Charly\defogger_reenable
2015-02-03 12:07 - 2015-02-03 12:07 - 00050477 _____ () C:\Users\Charly\Desktop\Defogger.exe
2015-02-01 17:18 - 2015-02-03 13:34 - 00001340 _____ () C:\windows\Tasks\DAPXB.job
2015-02-01 17:18 - 2015-02-03 13:34 - 00001338 _____ () C:\windows\Tasks\OAMZ.job
2015-02-01 17:18 - 2015-02-01 17:19 - 00004370 _____ () C:\windows\System32\Tasks\DAPXB
2015-02-01 17:18 - 2015-02-01 17:18 - 01960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe
2015-02-01 17:18 - 2015-02-01 17:18 - 01482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe
2015-02-01 17:18 - 2015-02-01 17:18 - 00004368 _____ () C:\windows\System32\Tasks\OAMZ
2015-01-27 20:20 - 2015-01-27 20:20 - 19029752 _____ () C:\Users\Charly\Downloads\Anhänge_2015127.zip
2015-01-27 18:29 - 2015-01-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ
2015-01-20 00:46 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Charly\Desktop\Neuer Ordner
2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4.mp4
2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4(1).mp4
2015-01-18 12:33 - 2015-01-18 12:33 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-01-16 03:22 - 2015-01-16 03:22 - 00000197 _____ () C:\windows\system32\2015-01-16-02-22-30.004-AvastVBoxSVC.exe-168.log
2015-01-15 20:39 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-15 03:34 - 2015-01-15 03:34 - 00000197 _____ () C:\windows\system32\2015-01-15-02-34-10.058-AvastVBoxSVC.exe-4068.log
2015-01-14 17:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 17:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 17:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 17:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 17:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 17:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 17:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 17:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 17:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 17:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 13:52 - 2015-01-13 13:52 - 00000197 _____ () C:\windows\system32\2015-01-13-12-52-06.058-AvastVBoxSVC.exe-2148.log
2015-01-12 21:12 - 2015-01-12 21:12 - 00000197 _____ () C:\windows\system32\2015-01-12-20-12-30.041-AvastVBoxSVC.exe-3500.log
2015-01-09 19:29 - 2015-01-09 19:29 - 00000197 _____ () C:\windows\system32\2015-01-09-18-29-29.054-AvastVBoxSVC.exe-3500.log
2015-01-08 23:19 - 2015-01-08 23:19 - 00000197 _____ () C:\windows\system32\2015-01-08-22-19-02.027-AvastVBoxSVC.exe-3576.log
2015-01-07 19:00 - 2015-01-07 19:00 - 00000197 _____ () C:\windows\system32\2015-01-07-18-00-25.075-AvastVBoxSVC.exe-3132.log
2015-01-07 16:45 - 2015-01-07 16:45 - 00000197 _____ () C:\windows\system32\2015-01-07-15-45-35.011-AvastVBoxSVC.exe-2380.log
2015-01-06 10:53 - 2015-01-06 10:54 - 46637686 _____ () C:\Users\Charly\Downloads\Come Now Is The Time To Worship.avi
2015-01-05 14:59 - 2015-01-05 14:59 - 00000197 _____ () C:\windows\system32\2015-01-05-13-59-14.095-AvastVBoxSVC.exe-3328.log
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 13:49 - 2012-04-03 13:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-03 13:47 - 2011-09-06 19:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-03 13:44 - 2012-01-31 16:00 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0F102A3C-CB48-4F24-80C8-D0792A79F8D8}
2015-02-03 13:43 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 13:43 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 13:42 - 2011-09-16 15:49 - 00000000 ____D () C:\ProgramData\PCDr
2015-02-03 13:41 - 2011-08-30 00:01 - 01255498 _____ () C:\windows\WindowsUpdate.log
2015-02-03 13:40 - 2011-08-30 02:51 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-02-03 13:40 - 2011-08-30 02:51 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-02-03 13:40 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-03 13:36 - 2011-08-30 00:43 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-03 13:33 - 2013-11-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 13:33 - 2011-12-08 17:57 - 00000000 ____D () C:\windows\Minidump
2015-02-03 13:33 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-03 12:18 - 2011-09-06 09:23 - 00000000 ____D () C:\Users\Charly
2015-02-03 12:14 - 2013-11-18 15:41 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-03 12:14 - 2013-11-18 15:41 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-03 12:14 - 2011-09-06 09:33 - 00001419 _____ () C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-03 11:59 - 2011-10-15 13:32 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job
2015-02-03 11:52 - 2012-12-16 19:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-03 11:51 - 2011-10-15 13:32 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job
2015-02-01 17:36 - 2014-03-14 09:32 - 00835584 ___SH () C:\Users\Charly\Desktop\Thumbs.db
2015-01-28 20:07 - 2012-04-03 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-01-28 20:07 - 2012-04-03 13:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-01-28 20:07 - 2011-09-06 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-25 23:24 - 2014-12-31 15:47 - 00000000 ____D () C:\Users\Charly\Desktop\Auslandsjahr
2015-01-18 20:11 - 2014-12-24 00:09 - 00000000 ____D () C:\Users\Charly\Documents\Outlook-Dateien
2015-01-18 20:10 - 2014-12-20 11:21 - 00000000 ____D () C:\Users\Charly\Documents\SelfMV
2015-01-18 12:34 - 2012-12-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-18 12:33 - 2012-06-04 11:33 - 00000000 ____D () C:\Users\Charly\AppData\Roaming\HpUpdate
2015-01-18 10:56 - 2014-10-21 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-16 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-16 03:00 - 2011-09-25 07:51 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-01-15 03:13 - 2013-07-27 02:01 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 03:01 - 2011-09-06 19:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB
2015-02-01 17:18 - 2015-02-01 17:18 - 1482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ
2015-02-01 17:18 - 2015-02-01 17:18 - 1960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe
2011-09-06 21:35 - 2014-02-05 12:02 - 0055296 _____ () C:\Users\Charly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-13 09:54 - 2011-12-13 09:58 - 0000000 _____ () C:\Users\Charly\AppData\Local\{1EEE3C18-D95C-46E1-AAAF-BA19D1E4E698}
2014-10-12 16:25 - 2014-10-12 16:25 - 0000000 _____ () C:\Users\Charly\AppData\Local\{4699457A-6CBE-4B5A-9265-C55F6C7BFF53}
2012-06-04 11:31 - 2012-06-04 11:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-26 20:47 - 2012-02-26 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-05-14 17:21 - 2012-05-14 17:21 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat
Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
Some content of TEMP:
====================
C:\Users\Charly\AppData\Local\Temp\BackupSetup.exe
C:\Users\Charly\AppData\Local\Temp\Quarantine.exe
C:\Users\Charly\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 23:09
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Charly at 2015-02-03 13:50:42
Running from C:\Users\Charly\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Decouvertes 5 Sprachtrainer Kommunikation (HKLM-x32\...\{3D220981-ECF5-4DD6-AF2F-963580810B9E}) (Version: 1.00.000 - Klett)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.042) - Open Text Corporation.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Klett Lernsoftware Mathematik - Lambacher Schweizer (6. Lernjah (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schwei~1FADBBB4_is1) (Version: - )
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM-x32\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\MyFreeCodec) (Version: - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH)
StreamTransport version: 1.1.0.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tippfix1_1 (HKLM-x32\...\{FEB690DE-045C-4FAF-A6A6-4DC7376E24EE}) (Version: 1.1.0.0 - )
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Unity Web Player (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software)
Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-11-2014 03:00:57 Windows Update
19-11-2014 03:00:26 Windows Update
25-11-2014 19:27:14 Windows Update
28-11-2014 22:28:29 Windows Update
02-12-2014 16:55:36 Windows Update
09-12-2014 22:30:09 Windows Update
11-12-2014 02:00:17 Windows Update
14-12-2014 03:00:28 Windows Update
14-12-2014 13:50:48 avast! antivirus system restore point
17-12-2014 17:37:38 Windows Update
21-12-2014 03:01:45 Windows Update
24-12-2014 03:00:43 Windows Update
27-12-2014 10:56:39 Windows Update
30-12-2014 17:01:02 Windows Update
06-01-2015 17:03:18 Windows Update
09-01-2015 19:52:07 Windows Update
14-01-2015 17:32:28 Windows Update
15-01-2015 03:00:41 Windows Update
16-01-2015 03:00:27 Windows Update
18-01-2015 12:33:17 Installed HP Update.
20-01-2015 17:56:42 Windows Update
27-01-2015 16:59:43 Windows Update
31-01-2015 16:49:54 Windows Update
01-02-2015 17:18:43 Uniblue DriverScanner installation
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10F7DCF1-B638-49E9-B0B8-6ECF9A913871} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {16244C64-FD36-4C03-9392-85C21442DD2E} - System32\Tasks\{2DBD0BE9-228D-4709-B7A8-1ABAA66554A6} => pcalua.exe -a E:\eagle-win-5.11.0.exe -d E:\
Task: {17CFBAFA-3FB4-4D7A-B78E-7041A8E4DEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2F2D47A7-15AC-4224-8728-335B1F0C7C88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {34EEE8A7-8663-4555-B8A0-744CA61B99DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {36ED0340-B405-4899-8CED-CA555B1838A9} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4B6E4C8D-7250-410B-AE2F-C3F5B21249B0} - System32\Tasks\{5923F9D2-C4DF-4E6C-A56C-9D44DF76E510} => pcalua.exe -a C:\Users\Charly\Desktop\SamsungDrucker20.07.2007.exe -d C:\Users\Charly\Desktop
Task: {5676A1BC-7E68-45F5-8D15-07E5B34E6E68} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5D95D023-633E-4F6F-B91B-3F98846784F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software)
Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {822E83A1-BB9F-441F-A31B-F9A9480A6959} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-28] (Adobe Systems Incorporated)
Task: {904E9075-1CD3-4C14-94CA-1D4F9EE5E441} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {921F9CDB-11BC-414B-A1DF-2F4D9EA7B820} - System32\Tasks\{ABF30231-F573-4948-BCD9-15EF0CC86584} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin
Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {AE68D4AF-AC25-460E-9B0A-7FBA5CA7E0AD} - System32\Tasks\{0FFF9BE5-FFF0-4B43-AFDC-640B7357C855} => pcalua.exe -a C:\Users\Charly\Downloads\Minecraft_Client-3.0.2\mcorg_client.exe -d C:\Users\Charly\Downloads\Minecraft_Client-3.0.2
Task: {B65E526A-65B1-4D14-B622-55761BF3AEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B8FAF197-98C0-43C3-995C-4072239AF8B7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {C31044DD-9933-4D28-B935-AD99CF620707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CD1374FE-7841-41B4-9F36-2DFD393BAEF2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {E7AAC0B9-A5B5-4B3F-ABAA-298F7E571035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2011-08-30 02:29 - 2011-04-10 19:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2014-12-14 13:53 - 2014-12-14 13:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-03 11:54 - 2015-02-03 11:54 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020300\algo.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-10-22 02:59 - 2014-10-22 02:59 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-08-30 00:08 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-27 18:29 - 2015-01-27 18:29 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1885151078-40185133-285767259-500 - Administrator - Disabled)
Charly (S-1-5-21-1885151078-40185133-285767259-1000 - Administrator - Enabled) => C:\Users\Charly
Gast (S-1-5-21-1885151078-40185133-285767259-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1885151078-40185133-285767259-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: qrnfd_1_10_0_8
Description: qrnfd_1_10_0_8
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qrnfd_1_10_0_8
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 52%
Total physical RAM: 4003.17 MB
Available physical RAM: 1896.5 MB
Total Pagefile: 8004.53 MB
Available Pagefile: 5579.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:224.39 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:0.03 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4219F81)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
03.02.2015, 14:09
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.comZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.02.2015, 13:00
| #5 |
| | Windows 7: im neuen Tab öffnet sich omiga-plus.com Der erste Proxy FF NetworkProxy: "http", "172.27.10.1", ist mir nicht bekannt, der zweit FF NetworkProxy: "http_port", 8080 ist unser Schulproxy. Mittlerweile öffnet sich die Seite nicht mehr, aber ich weiß ja nicht, was da im Hintergrund trotzdem noch gespeichert oder vorhanden ist. |
|
04.02.2015, 13:02
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com 8080 ist kein Proxy bzw keine IP-Adresse. Sondern der verwendete Port. Entweder ist 172.27.10.1 der Schulproxy oder nicht. Das kannst nur du wissen.
__________________ --> Windows 7: im neuen Tab öffnet sich omiga-plus.com |
|
04.02.2015, 22:07
| #7 |
| | Windows 7: im neuen Tab öffnet sich omiga-plus.com Hi, ich habe gerade mal nachgeschaut, also das ist unser Schulproxy. |
|
04.02.2015, 23:47
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Dann geht das i.O. Jetzt bitte Virenscanner deaktivieren, aktive Virenscanner nerven meist nur wenn man mit JRT oder adwCleaner die Junkware entfernen will Adware/Junkware/Toolbars entfernen (alte Versionen von adwCleaner und falls vorhanden JRT vorher löschen, danach neu runterladen auf den Desktop!) 1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2015, 15:21
| #9 |
| | Windows 7: im neuen Tab öffnet sich omiga-plus.com AdwCleaner Code:
ATTFilter # AdwCleaner v4.109 - Bericht erstellt am 05/02/2015 um 14:21:05
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-04.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Charly - CHARLY-PC
# Gestartet von : C:\Users\Charly\Desktop\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
-\\ Google Chrome v
*************************
AdwCleaner[R0].txt - [16022 octets] - [03/02/2015 13:16:27]
AdwCleaner[R1].txt - [868 octets] - [05/02/2015 14:18:07]
AdwCleaner[S1].txt - [790 octets] - [05/02/2015 14:21:05]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [849 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Charly on 05.02.2015 at 15:09:46,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\pcdr"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05.02.2015 at 15:14:14,54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by Charly (administrator) on CHARLY-PC on 05-02-2015 15:15:16
Running from C:\Users\Charly\Desktop
Loaded Profiles: Charly (Available profiles: Charly & Gast)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\WINDOWS\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Facebook Inc.) C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\WINDOWS\System32\StikyNot.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Creative Technology Ltd) C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [525312 2011-01-25] (IDT, Inc.)
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [609144 2011-04-13] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3666800 2011-01-22] (Dell Inc.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-12-17] (Intel(R) Corporation)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [Stage Remote] => C:\Program Files (x86)\Dell\Stage Remote\StageRemote.exe -Quiet
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [DellStage] => C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe [2195824 2012-02-01] ()
HKLM-x32\...\Run: [Dell Webcam Central] => C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [503942 2011-04-13] (Creative Technology Ltd)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-06] (Intel Corporation)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RoxWatchTray] => c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe [240112 2010-11-25] (Sonic Solutions)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Desktop Disc Tool] => c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe [514544 2010-11-17] ()
HKLM-x32\...\Run: [AccuWeatherWidget] => C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe [968048 2012-02-01] ()
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-01] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2015-01-14] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [Facebook Update] => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2012-07-12] (Facebook Inc.)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2014-10-14] (Microsoft Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [HP Officejet 6600 (NET)] => C:\Program Files\HP\HP Officejet 6600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [RESTART_STICKY_NOTES] => C:\WINDOWS\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1565504 2015-01-14] (Samsung)
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKLM -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15118/CTPID.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 172.29.11.1
FireFox:
========
FF ProfilePath: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default
FF NetworkProxy: "backup.ftp", "172.27.10.1"
FF NetworkProxy: "backup.ftp_port", 8080
FF NetworkProxy: "backup.socks", "172.27.10.1"
FF NetworkProxy: "backup.socks_port", 8080
FF NetworkProxy: "backup.ssl", "172.27.10.1"
FF NetworkProxy: "backup.ssl_port", 8080
FF NetworkProxy: "ftp", "172.27.10.1"
FF NetworkProxy: "ftp_port", 8080
FF NetworkProxy: "http", "172.27.10.1"
FF NetworkProxy: "http_port", 8080
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "172.27.10.1"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "ssl", "172.27.10.1"
FF NetworkProxy: "ssl_port", 8080
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_41 -> C:\windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Charly\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-1885151078-40185133-285767259-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Charly\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\duckduckgo.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\dudende-suche.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ixquick-ssl.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\leo-deu-fra.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\openthesaurus.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\ponscom--franzsisch--deutsch.xml
FF SearchPlugin: C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\searchplugins\wettercom.xml
FF Extension: YouTube Unblocker - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\youtubeunblocker@unblocker.yt [2015-02-03]
FF Extension: Web Developer - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{c45c406e-ab73-11d8-be73-000a95be3b12}.xpi [2014-11-16]
FF Extension: Adblock Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-06]
FF Extension: Tab Mix Plus - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-09-06]
FF HKLM-x32\...\Firefox\Extensions: [{D19CA586-DD6C-4a0a-96F8-14644F340D60}] - C:\Program Files (x86)\Common Files\McAfee\SystemCore
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-16]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de
Chrome:
=======
CHR Profile: C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-03-20]
CHR Extension: (Google Drive) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-03-20]
CHR Extension: (YouTube) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-03-20]
CHR Extension: (Google-Suche) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-03-20]
CHR Extension: (Google Mail) - C:\Users\Charly\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-03-20]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-12-14]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-12-14] (AVAST Software)
R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-12-14] (Avast Software)
R2 Bluetooth Device Monitor; C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [897088 2010-11-03] (Intel Corporation) [File not signed]
R3 Bluetooth Media Service; C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [1298496 2010-11-03] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-12-17] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1225312 2012-11-26] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [659040 2012-11-26] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-12-14] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-12-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-12-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-12-14] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-12-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-12-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-12-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-12-14] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2014-12-14] (Avast Software)
S1 qrnfd_1_10_0_8; system32\drivers\qrnfd_1_10_0_8.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 15:14 - 2015-02-05 15:14 - 00000682 _____ () C:\Users\Charly\Desktop\JRT.txt
2015-02-05 14:24 - 2015-02-05 14:24 - 00000197 _____ () C:\windows\system32\2015-02-05-13-24-43.069-AvastVBoxSVC.exe-2136.log
2015-02-05 14:21 - 2015-02-05 14:21 - 00000928 _____ () C:\Users\Charly\Desktop\AdwCleaner[S1].txt
2015-02-03 14:05 - 2015-02-03 14:05 - 00000247 _____ () C:\windows\system32\2015-02-03-13-05-17.099-aswFe.exe-5952.log
2015-02-03 13:53 - 2015-02-03 14:05 - 00000247 _____ () C:\windows\system32\2015-02-03-12-53-57.029-aswFe.exe-4972.log
2015-02-03 13:53 - 2015-02-03 13:53 - 00000197 _____ () C:\windows\system32\2015-02-03-12-53-49.053-AvastVBoxSVC.exe-6508.log
2015-02-03 13:39 - 2015-02-03 13:39 - 01388274 _____ (Thisisu) C:\Users\Charly\Desktop\JRT.exe
2015-02-03 13:33 - 2015-02-05 14:22 - 00006296 _____ () C:\windows\PFRO.log
2015-02-03 13:33 - 2015-02-05 14:22 - 00000112 _____ () C:\windows\setupact.log
2015-02-03 13:33 - 2015-02-03 13:33 - 644974565 _____ () C:\windows\MEMORY.DMP
2015-02-03 13:33 - 2015-02-03 13:33 - 00472976 _____ () C:\windows\Minidump\020315-26956-01.dmp
2015-02-03 13:33 - 2015-02-03 13:33 - 00000000 _____ () C:\windows\setuperr.log
2015-02-03 13:21 - 2015-02-03 13:22 - 00014880 _____ () C:\Users\Charly\Desktop\AdwCleaner[S0].txt
2015-02-03 13:16 - 2015-02-05 15:08 - 00000000 ____D () C:\AdwCleaner
2015-02-03 13:15 - 2015-02-03 13:15 - 02194432 _____ () C:\Users\Charly\Desktop\AdwCleaner_4.109.exe
2015-02-03 12:47 - 2015-02-03 12:47 - 00027016 _____ () C:\Users\Charly\Desktop\Gmer.log
2015-02-03 12:33 - 2015-02-03 12:33 - 00380416 _____ () C:\Users\Charly\Desktop\Gmer-19357.exe
2015-02-03 12:25 - 2015-02-03 13:51 - 00024138 _____ () C:\Users\Charly\Desktop\Addition.txt
2015-02-03 12:24 - 2015-02-05 15:15 - 00022050 _____ () C:\Users\Charly\Desktop\FRST.txt
2015-02-03 12:23 - 2015-02-05 15:15 - 00000000 ____D () C:\FRST
2015-02-03 12:21 - 2015-02-03 12:22 - 02131456 _____ (Farbar) C:\Users\Charly\Desktop\FRST64.exe
2015-02-03 12:18 - 2015-02-03 12:18 - 00000474 _____ () C:\Users\Charly\Desktop\defogger_disable.log
2015-02-03 12:18 - 2015-02-03 12:18 - 00000000 _____ () C:\Users\Charly\defogger_reenable
2015-02-03 12:07 - 2015-02-03 12:07 - 00050477 _____ () C:\Users\Charly\Desktop\Defogger.exe
2015-02-01 17:18 - 2015-02-05 15:04 - 00001338 _____ () C:\windows\Tasks\OAMZ.job
2015-02-01 17:18 - 2015-02-05 14:59 - 00001340 _____ () C:\windows\Tasks\DAPXB.job
2015-02-01 17:18 - 2015-02-01 17:19 - 00004370 _____ () C:\windows\System32\Tasks\DAPXB
2015-02-01 17:18 - 2015-02-01 17:18 - 01960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe
2015-02-01 17:18 - 2015-02-01 17:18 - 01482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe
2015-02-01 17:18 - 2015-02-01 17:18 - 00004368 _____ () C:\windows\System32\Tasks\OAMZ
2015-01-27 20:20 - 2015-01-27 20:20 - 19029752 _____ () C:\Users\Charly\Downloads\Anhänge_2015127.zip
2015-01-27 18:29 - 2015-01-27 18:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-25 17:12 - 2015-01-25 17:12 - 00002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB
2015-01-25 17:12 - 2015-01-25 17:12 - 00001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ
2015-01-20 00:46 - 2015-01-20 00:47 - 00000000 ____D () C:\Users\Charly\Desktop\Neuer Ordner
2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4.mp4
2015-01-18 21:41 - 2015-01-18 21:41 - 00247739 _____ () C:\Users\Charly\Downloads\video-1421609768.mp4(1).mp4
2015-01-18 12:33 - 2015-01-18 12:33 - 00000000 ____D () C:\windows\Hewlett-Packard
2015-01-16 03:22 - 2015-01-16 03:22 - 00000197 _____ () C:\windows\system32\2015-01-16-02-22-30.004-AvastVBoxSVC.exe-168.log
2015-01-15 20:39 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxdav.sys
2015-01-15 03:34 - 2015-01-15 03:34 - 00000197 _____ () C:\windows\system32\2015-01-15-02-34-10.058-AvastVBoxSVC.exe-4068.log
2015-01-14 17:33 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2015-01-14 17:33 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-01-14 17:33 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-01-14 17:33 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:33 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:33 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\TSWbPrxy.exe
2015-01-14 17:33 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\windows\system32\nlasvc.dll
2015-01-14 17:33 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncsi.dll
2015-01-14 17:33 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2015-01-14 17:32 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-01-14 17:32 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-01-14 17:32 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-01-13 13:52 - 2015-01-13 13:52 - 00000197 _____ () C:\windows\system32\2015-01-13-12-52-06.058-AvastVBoxSVC.exe-2148.log
2015-01-12 21:12 - 2015-01-12 21:12 - 00000197 _____ () C:\windows\system32\2015-01-12-20-12-30.041-AvastVBoxSVC.exe-3500.log
2015-01-09 19:29 - 2015-01-09 19:29 - 00000197 _____ () C:\windows\system32\2015-01-09-18-29-29.054-AvastVBoxSVC.exe-3500.log
2015-01-08 23:19 - 2015-01-08 23:19 - 00000197 _____ () C:\windows\system32\2015-01-08-22-19-02.027-AvastVBoxSVC.exe-3576.log
2015-01-07 19:00 - 2015-01-07 19:00 - 00000197 _____ () C:\windows\system32\2015-01-07-18-00-25.075-AvastVBoxSVC.exe-3132.log
2015-01-07 16:45 - 2015-01-07 16:45 - 00000197 _____ () C:\windows\system32\2015-01-07-15-45-35.011-AvastVBoxSVC.exe-2380.log
2015-01-06 10:53 - 2015-01-06 10:54 - 46637686 _____ () C:\Users\Charly\Downloads\Come Now Is The Time To Worship.avi
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-05 15:10 - 2011-08-30 00:01 - 01361120 _____ () C:\windows\WindowsUpdate.log
2015-02-05 14:59 - 2012-04-03 13:10 - 00701616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 14:59 - 2012-04-03 13:10 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-02-05 14:59 - 2012-04-03 13:10 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2015-02-05 14:59 - 2011-10-15 13:32 - 00001142 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job
2015-02-05 14:59 - 2011-09-06 20:44 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 14:59 - 2011-09-06 19:16 - 00001110 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-05 14:30 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-05 14:30 - 2009-07-14 05:45 - 00028576 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-05 14:28 - 2011-08-30 02:51 - 00699666 _____ () C:\windows\system32\perfh007.dat
2015-02-05 14:28 - 2011-08-30 02:51 - 00149774 _____ () C:\windows\system32\perfc007.dat
2015-02-05 14:28 - 2009-07-14 06:13 - 01620612 _____ () C:\windows\system32\PerfStringBackup.INI
2015-02-05 14:22 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2015-02-05 12:42 - 2011-10-15 13:32 - 00001120 _____ () C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job
2015-02-04 21:56 - 2012-01-31 16:00 - 00003938 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{0F102A3C-CB48-4F24-80C8-D0792A79F8D8}
2015-02-04 00:15 - 2012-08-27 13:25 - 00003488 _____ () C:\windows\System32\Tasks\PCDEventLauncher
2015-02-03 13:36 - 2011-08-30 00:43 - 00000000 ____D () C:\ProgramData\Sonic
2015-02-03 13:33 - 2013-11-18 15:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-03 13:33 - 2011-12-08 17:57 - 00000000 ____D () C:\windows\Minidump
2015-02-03 12:18 - 2011-09-06 09:23 - 00000000 ____D () C:\Users\Charly
2015-02-03 12:14 - 2013-11-18 15:41 - 00001157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-03 12:14 - 2013-11-18 15:41 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-02-03 12:14 - 2011-09-06 09:33 - 00001419 _____ () C:\Users\Charly\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-03 11:52 - 2012-12-16 19:35 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2015-02-01 17:36 - 2014-03-14 09:32 - 00835584 ___SH () C:\Users\Charly\Desktop\Thumbs.db
2015-01-25 23:24 - 2014-12-31 15:47 - 00000000 ____D () C:\Users\Charly\Desktop\Auslandsjahr
2015-01-18 20:11 - 2014-12-24 00:09 - 00000000 ____D () C:\Users\Charly\Documents\Outlook-Dateien
2015-01-18 20:10 - 2014-12-20 11:21 - 00000000 ____D () C:\Users\Charly\Documents\SelfMV
2015-01-18 12:34 - 2012-12-16 22:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-01-18 12:33 - 2012-06-04 11:33 - 00000000 ____D () C:\Users\Charly\AppData\Roaming\HpUpdate
2015-01-18 10:56 - 2014-10-21 19:01 - 00002000 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2015-01-16 14:36 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2015-01-16 03:00 - 2011-09-25 07:51 - 00000000 ____D () C:\windows\System32\Tasks\Games
2015-01-15 03:13 - 2013-07-27 02:01 - 00000000 ____D () C:\windows\system32\MRT
2015-01-15 03:01 - 2011-09-06 19:12 - 113365784 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2015-01-06 04:36 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2015-01-25 17:12 - 2015-01-25 17:12 - 0002086 _____ () C:\Users\Charly\AppData\Roaming\DAPXB
2015-02-01 17:18 - 2015-02-01 17:18 - 1482200 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\DAPXB.exe
2015-01-25 17:12 - 2015-01-25 17:12 - 0001248 _____ () C:\Users\Charly\AppData\Roaming\OAMZ
2015-02-01 17:18 - 2015-02-01 17:18 - 1960408 _____ (VenturesMPlayer) C:\Users\Charly\AppData\Roaming\OAMZ.exe
2011-09-06 21:35 - 2014-02-05 12:02 - 0055296 _____ () C:\Users\Charly\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2011-12-13 09:54 - 2011-12-13 09:58 - 0000000 _____ () C:\Users\Charly\AppData\Local\{1EEE3C18-D95C-46E1-AAAF-BA19D1E4E698}
2014-10-12 16:25 - 2014-10-12 16:25 - 0000000 _____ () C:\Users\Charly\AppData\Local\{4699457A-6CBE-4B5A-9265-C55F6C7BFF53}
2012-06-04 11:31 - 2012-06-04 11:31 - 0000057 _____ () C:\ProgramData\Ament.ini
2012-02-26 20:47 - 2012-02-26 20:47 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
2012-05-14 17:21 - 2012-05-14 17:21 - 0000004 __RSH () C:\ProgramData\sysqcl1129139270.dat
Files to move or delete:
====================
C:\ProgramData\sysqcl1129139270.dat
Some content of TEMP:
====================
C:\Users\Charly\AppData\Local\Temp\BackupSetup.exe
C:\Users\Charly\AppData\Local\Temp\Quarantine.exe
C:\Users\Charly\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-15 23:09
==================== End Of Log ============================
Addition Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by Charly at 2015-02-05 15:16:17
Running from C:\Users\Charly\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.22beta (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.5.146 - Adobe Systems, Inc.)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Avast Free Antivirus (HKLM-x32\...\avast) (Version: 10.0.2208 - AVAST Software)
Bandicam (HKLM-x32\...\Bandicam) (Version: 2.0.3.674 - Bandisoft.com)
Bandisoft MPEG-1 Decoder (HKLM-x32\...\BandiMPEG1) (Version: - Bandisoft.com)
Canon MG4100 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG4100_series) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Decouvertes 5 Sprachtrainer Kommunikation (HKLM-x32\...\{3D220981-ECF5-4DD6-AF2F-963580810B9E}) (Version: 1.00.000 - Klett)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell MusicStage (HKLM-x32\...\{3255BC3F-32BA-41ED-93A0-B9AEB6CDD9E6}) (Version: 1.5.201.0 - Fingertapps)
Dell PhotoStage (HKLM-x32\...\{E4335E82-17B3-460F-9E70-39D9BC269DB3}) (Version: 1.5.0.65 - ArcSoft)
Dell Stage (HKLM-x32\...\{E2F57269-065E-4B19-8CDA-AB6C401FAF1A}) (Version: 1.7.209.0 - Fingertapps)
Dell Stage Remote (HKLM-x32\...\{AF4D3C63-009B-4A17-B02E-D395065DD3F0}) (Version: 2.0.0.43 - ArcSoft)
Dell Support Center (HKLM\...\PC-Doctor for Windows) (Version: 3.2.6032.102 - PC-Doctor, Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1209.101.204 - ALPS ELECTRIC CO., LTD.)
Dell VideoStage (HKLM-x32\...\InstallShield_{DCE0E79A-B9AC-41AC-98C1-7EF0538BCA7F}) (Version: 1.2.0.1712 - CyberLink Corp.)
Dell VideoStage (x32 Version: 1.2.0.1712 - CyberLink Corp.) Hidden
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 2.00.44 - Creative Technology Ltd)
Die*Sims™*3 (HKLM-x32\...\{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}) (Version: 1.0.631 - Electronic Arts)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Facebook Video Calling 1.2.0.287 (HKLM-x32\...\{B92C5909-1D37-4C51-8397-A28BB28E5DC3}) (Version: 1.2.287 - Skype Limited)
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FirstClass® Client (HKLM-x32\...\{2869279D-7AE2-4A13-96B8-46078BA3F75B}) (Version: 11.0 (build 11.042) - Open Text Corporation.)
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GutscheinRausch.de - AddOn für Firefox (HKLM-x32\...\{2B11BA9C-7F97-4C16-970F-1491FD77969B}_is1) (Version: 2.81 - GutscheinRausch.de)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Officejet 6600 - Grundlegende Software für das Gerät (HKLM\...\{F58934BD-F483-43EB-B307-CFFD88B18455}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 6600 Hilfe (HKLM-x32\...\{2FA81482-5570-4CF0-9A10-D61D2F164916}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.9572 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6324.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1118 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2361 - Intel Corporation)
Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{7CE8BE79-ABC3-4B2C-9543-28ED2B0A9EA8}) (Version: 1.0.0.0454 - Intel Corporation)
Intel(R) PROSet/Wireless WiFi-Software (HKLM\...\{290D4DB2-F1B4-4B8E-918D-D71EF29A001B}) (Version: 14.00.1000 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.0.1008 - Intel Corporation)
Intel(R) WiDi (HKLM-x32\...\{25680C01-6753-4FE9-A891-7857F26457C1}) (Version: 2.1.35.0 - Intel Corporation)
Intel(R) Wireless Display (HKLM\...\{28EF7372-9087-4AC3-9B9F-D9751FCDF830}) (Version: - )
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Klett Lernsoftware Mathematik - Lambacher Schweizer (6. Lernjah (HKLM-x32\...\Klett Lernsoftware Mathematik - Lambacher Schwei~1FADBBB4_is1) (Version: - )
LEGO MINDSTORMS NXT - (Deutsch) Sprachenpaket (HKLM-x32\...\{611ED207-22E5-4543-B9D3-E73096759A4F}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{CB263F8D-EF2D-4EB5-A368-A27056EE92D4}) (Version: 2.0.108.0 - LEGO)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{820B6609-4C97-3A2B-B644-573B06A0F0CC}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MyFreeCodec (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\MyFreeCodec) (Version: - )
PC Inspector File Recovery (HKLM-x32\...\{0DD140D3-9563-481E-AA75-BA457CBDAEF2}) (Version: 4.0 - )
PhotoShowExpress (x32 Version: 2.0.063 - Sonic Solutions) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.09.20 - Dell Inc.)
RBVirtualFolder64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30126 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.42 - Piriform)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.32.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.32.0 - Renesas Electronics Corporation) Hidden
Roxio Creator Starter (HKLM-x32\...\{6F0BBEFE-BE1C-419B-BA1F-D36C9E7915BC}) (Version: 12.1.77.0 - Roxio)
Roxio File Backup (Version: 1.3.2 - Roxio) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.6.3.14044_17 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Secunia PSI (3.0.0.6001) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.6001 - Secunia)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Sprachtrainer Fonts (HKLM-x32\...\{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}) (Version: 1.00.01 - Ernst Klett Verlag GmbH)
StreamTransport version: 1.1.0.2 (HKLM-x32\...\{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1) (Version: - )
Studie zur Verbesserung von HP Officejet 6600 Produkten (HKLM\...\{E1A11879-5771-4E52-BA2E-CD5DD65BF970}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tippfix1_1 (HKLM-x32\...\{FEB690DE-045C-4FAF-A6A6-4DC7376E24EE}) (Version: 1.1.0.0 - )
UBitMenuDE (HKLM-x32\...\{CBCFD97D-FE82-43F4-A978-996CACF71E6B}_is1) (Version: 01.04 - UBit Schweiz AG)
Unity Web Player (HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\UnityWebPlayer) (Version: - Unity Technologies ApS)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Zinio Reader 4 (HKLM-x32\...\ZinioReader4) (Version: 4.2.4164 - Zinio LLC)
Zinio Reader 4 (x32 Version: 4.2.4164 - Zinio LLC) Hidden
Zoo Empire (HKLM-x32\...\InstallShield_{242BCCDC-B37B-4792-A52C-BCDDB1030AF9}) (Version: 1.00 - Enlight Software)
Zoo Empire (x32 Version: 1.00 - Enlight Software) Hidden
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
17-11-2014 03:00:57 Windows Update
19-11-2014 03:00:26 Windows Update
25-11-2014 19:27:14 Windows Update
28-11-2014 22:28:29 Windows Update
02-12-2014 16:55:36 Windows Update
09-12-2014 22:30:09 Windows Update
11-12-2014 02:00:17 Windows Update
14-12-2014 03:00:28 Windows Update
14-12-2014 13:50:48 avast! antivirus system restore point
17-12-2014 17:37:38 Windows Update
21-12-2014 03:01:45 Windows Update
24-12-2014 03:00:43 Windows Update
27-12-2014 10:56:39 Windows Update
30-12-2014 17:01:02 Windows Update
06-01-2015 17:03:18 Windows Update
09-01-2015 19:52:07 Windows Update
14-01-2015 17:32:28 Windows Update
15-01-2015 03:00:41 Windows Update
16-01-2015 03:00:27 Windows Update
18-01-2015 12:33:17 Installed HP Update.
20-01-2015 17:56:42 Windows Update
27-01-2015 16:59:43 Windows Update
31-01-2015 16:49:54 Windows Update
01-02-2015 17:18:43 Uniblue DriverScanner installation
04-02-2015 00:19:41 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {10F7DCF1-B638-49E9-B0B8-6ECF9A913871} - System32\Tasks\PCDEventLauncher => C:\Program Files\Dell Support Center\sessionchecker.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {16244C64-FD36-4C03-9392-85C21442DD2E} - System32\Tasks\{2DBD0BE9-228D-4709-B7A8-1ABAA66554A6} => pcalua.exe -a E:\eagle-win-5.11.0.exe -d E:\
Task: {17CFBAFA-3FB4-4D7A-B78E-7041A8E4DEF4} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2F2D47A7-15AC-4224-8728-335B1F0C7C88} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {34EEE8A7-8663-4555-B8A0-744CA61B99DA} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {36ED0340-B405-4899-8CED-CA555B1838A9} - System32\Tasks\HPCustParticipation HP Officejet 6600 => C:\Program Files\HP\HP Officejet 6600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {4B6E4C8D-7250-410B-AE2F-C3F5B21249B0} - System32\Tasks\{5923F9D2-C4DF-4E6C-A56C-9D44DF76E510} => pcalua.exe -a C:\Users\Charly\Desktop\SamsungDrucker20.07.2007.exe -d C:\Users\Charly\Desktop
Task: {5676A1BC-7E68-45F5-8D15-07E5B34E6E68} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {5D95D023-633E-4F6F-B91B-3F98846784F5} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-12-14] (AVAST Software)
Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {822E83A1-BB9F-441F-A31B-F9A9480A6959} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {904E9075-1CD3-4C14-94CA-1D4F9EE5E441} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-12] (Facebook Inc.)
Task: {921F9CDB-11BC-414B-A1DF-2F4D9EA7B820} - System32\Tasks\{ABF30231-F573-4948-BCD9-15EF0CC86584} => Firefox.exe hxxp://ui.skype.com/ui/0/6.6.0.106/de/abandoninstall?page=tsPlugin
Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {AE68D4AF-AC25-460E-9B0A-7FBA5CA7E0AD} - System32\Tasks\{0FFF9BE5-FFF0-4B43-AFDC-640B7357C855} => pcalua.exe -a C:\Users\Charly\Downloads\Minecraft_Client-3.0.2\mcorg_client.exe -d C:\Users\Charly\Downloads\Minecraft_Client-3.0.2
Task: {B65E526A-65B1-4D14-B622-55761BF3AEE1} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: {B8FAF197-98C0-43C3-995C-4072239AF8B7} - System32\Tasks\PCDoctorBackgroundMonitorTask-Delay => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {C31044DD-9933-4D28-B935-AD99CF620707} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: {CD1374FE-7841-41B4-9F36-2DFD393BAEF2} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell Support Center\uaclauncher.exe [2012-11-30] (PC-Doctor, Inc.)
Task: {E7AAC0B9-A5B5-4B3F-ABAA-298F7E571035} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-23] (Google Inc.)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000Core.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1885151078-40185133-285767259-1000UA.job => C:\Users\Charly\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\Libeay32.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll
2011-08-30 02:29 - 2011-04-10 19:40 - 00094208 _____ () C:\WINDOWS\System32\IccLibDll_x64.dll
2010-12-17 19:53 - 2010-12-17 19:53 - 01501696 _____ () C:\Program Files\Common Files\Intel\WirelessCommon\LIBEAY32.dll
2010-11-17 16:35 - 2010-11-17 16:35 - 00514544 _____ () C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2015-02-05 12:31 - 2015-02-05 12:31 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15020500\algo.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll
2014-10-22 02:59 - 2014-10-22 02:59 - 00169472 _____ () C:\windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\93182e9779b8be0f688fd0784df6d7fb\IsdiInterop.ni.dll
2011-08-30 00:08 - 2010-11-06 05:50 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2010-11-25 04:44 - 2010-11-25 04:44 - 00375280 _____ () c:\program files (x86)\common files\roxio shared\dllshared\SQLite352.dll
2014-12-14 13:53 - 2014-12-14 13:53 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-1885151078-40185133-285767259-500 - Administrator - Disabled)
Charly (S-1-5-21-1885151078-40185133-285767259-1000 - Administrator - Enabled) => C:\Users\Charly
Gast (S-1-5-21-1885151078-40185133-285767259-501 - Limited - Disabled) => C:\Users\Gast
HomeGroupUser$ (S-1-5-21-1885151078-40185133-285767259-1006 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
Name: qrnfd_1_10_0_8
Description: qrnfd_1_10_0_8
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qrnfd_1_10_0_8
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz
Percentage of memory in use: 37%
Total physical RAM: 4003.17 MB
Available physical RAM: 2507.24 MB
Total Pagefile: 8004.53 MB
Available Pagefile: 6350.72 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:451.01 GB) (Free:218.3 GB) NTFS
Drive e: () (Removable) (Total:1.88 GB) (Free:0.03 GB) FAT
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E4219F81)
Partition 1: (Not Active) - (Size=100 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=451 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
05.02.2015, 15:24
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Virenscanner jetzt vor dem Fix bitte komplett deaktivieren! Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de
Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION
Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION
C:\ProgramData\sysqcl1129139270.dat
EmptyTemp:
Hosts:
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.02.2015, 15:36
| #11 |
| | Windows 7: im neuen Tab öffnet sich omiga-plus.com Hier das Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-02-2015 01
Ran by Charly at 2015-02-05 15:31:03 Run:1
Running from C:\Users\Charly\Desktop
Loaded Profiles: Charly (Available profiles: Charly & Gast)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1885151078-40185133-285767259-1000 -> {2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} URL =
FF HKU\S-1-5-21-1885151078-40185133-285767259-1000\...\Firefox\Extensions: [mail@gutscheinrausch.de] - C:\Users\Charly\AppData\Roaming\Mozilla\Firefox\Profiles\rl566buh.default\extensions\mail@gutscheinrausch.de
Task: {6E04475C-89FC-45BA-968B-F41A8D1E20CB} - System32\Tasks\OAMZ => C:\Users\Charly\AppData\Roaming\OAMZ.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: {9AF1EAF0-9AEB-4AAB-9B32-0E969F421431} - System32\Tasks\DAPXB => C:\Users\Charly\AppData\Roaming\DAPXB.exe [2015-02-01] (VenturesMPlayer) <==== ATTENTION
Task: C:\windows\Tasks\DAPXB.job => C:\Users\Charly\AppData\Roaming\DAPXB.exe <==== ATTENTION
Task: C:\windows\Tasks\OAMZ.job => C:\Users\Charly\AppData\Roaming\OAMZ.exe <==== ATTENTION
C:\ProgramData\sysqcl1129139270.dat
EmptyTemp:
Hosts:
*****************
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-1885151078-40185133-285767259-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53}" => Key deleted successfully.
HKCR\CLSID\{2F1E335A-858A-4BE9-8F6B-D0AF1D018B53} => Key not found.
HKU\S-1-5-21-1885151078-40185133-285767259-1000\Software\Mozilla\Firefox\Extensions\\mail@gutscheinrausch.de => value deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6E04475C-89FC-45BA-968B-F41A8D1E20CB}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6E04475C-89FC-45BA-968B-F41A8D1E20CB}" => Key deleted successfully.
C:\Windows\System32\Tasks\OAMZ => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OAMZ" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9AF1EAF0-9AEB-4AAB-9B32-0E969F421431}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9AF1EAF0-9AEB-4AAB-9B32-0E969F421431}" => Key deleted successfully.
C:\Windows\System32\Tasks\DAPXB => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DAPXB" => Key deleted successfully.
C:\windows\Tasks\DAPXB.job => Moved successfully.
C:\windows\Tasks\OAMZ.job => Moved successfully.
C:\ProgramData\sysqcl1129139270.dat => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 573.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:31:19 ====
|
|
05.02.2015, 15:57
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows 7: im neuen Tab öffnet sich omiga-plus.com Okay, dann Kontrollscans mit MBAM und ESET bitte: Downloade Dir bitte  Malwarebytes Anti-Malware
ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Windows 7: im neuen Tab öffnet sich omiga-plus.com |
| adware, antivirus, browser, computer, cpu, down, failed, firefox, flash player, helper, home, homepage, iexplore.exe, monitor, mozilla, newtab, officejet, port, registry, rundll, scan, security, software, svchost.exe, system, tunnel, usb, windows |
Linear-Darstellung
