Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 10.03.2015, 17:16   #1
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Icon27

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Liebes Trojaner-Board Team,

seit geraumer Zeit taucht snap.do in meinen Systemprogrammen auf und lässt sich nicht deinstallieren. Ich habe diesen Torjaner schon einmal gelöscht (mit Anleitungen aus dem Internet), als das Deinstallieren noch möglich war.
Diese Mal ist er zunächst gar nicht mehr greifbar.

Sobald ich ihn deinstallieren möchte erscheinen die beiden Fenster, die ich an diese Nachricht angehängt habe in der selbigen Reigenfolge.
Die Installationsquelle des vermeintlichen snap.do-Programmes ist laut dieser Anzeige nicht verfügbar.

Um jegliche Hilfe bin ich sehr dankbar!!

Lieben Gruß,
Sophus
Angehängte Grafiken
Dateityp: png Screenshot 2015-03-10 17.04.29.png (25,7 KB, 176x aufgerufen)
Dateityp: jpg Screenshot 2015-03-10 17.04.52.jpg (107,0 KB, 212x aufgerufen)

Alt 10.03.2015, 18:10   #2
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 10.03.2015, 23:17   #3
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren




FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 10-03-2015
Ran by Sophokles (administrator) on SOPHOKLES-PC on 10-03-2015 23:03:59
Running from C:\Users\Sophokles\Desktop
Loaded Profiles: Sophokles (Available profiles: Sophokles)
Platform: Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-

recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Flux Software LLC) C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be 

moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9755240 2010-10-19] (Realtek Semiconductor)
HKLM\...\Run: [QPilotClientGUI] => C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe [18442752 2010-04-21] 

(Schomäcker GmbH)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-01-20] 

(Apple Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, 

Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1593640 2015-03-03] (Sophos 

Limited)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure 

Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-01-27] (Apple Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] 

(Oracle Corporation)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [f.lux] => C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux

\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe 

[5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe 

[354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\MountPoints2: E - E:\SBLauncher.exe
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\MountPoints2: {5d6f3f61-d6db-11e3-89b1-f0def1d86fd1} - E:

\MotoCastSetup.exe -a
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\MountPoints2: {fe1621e9-afde-11e2-b537-f0def1d86fd1} - E:

\SBLauncher.exe
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => c:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll 

[275352 2015-01-13] (Sophos Limited)
Startup: C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft 

Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll 

[2015-03-02] (Oracle Corporation)
BHO: No Name -> {95A12F4E-76E9-48FC-8813-D8CA7928229C}} ->  No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin

\jp2ssv.dll [2015-03-02] (Oracle Corporation)
BHO: No Name -> {EDCFBF0B-D47D-460C-9000-FA74A8CD6F3C}} ->  No File
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information 

Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-

02] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll 

[2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA 

Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client

\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] 

(Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 21 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03

-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] 

(Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] 

( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] 

(Microsoft Corp.)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, 

Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: ProxTube - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-

1425421356005\Extensions\ich@maltegoetz.de.xpi [2015-03-03]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles

\6b5zntlu.default-1425421356005\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2015-03-03]
FF Extension: Adblock Plus - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-

1425421356005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-03]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect

\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi 

Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-14]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - 

C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-05-16]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sophokles

\AppData\Roaming\Mozilla\Firefox\Profiles\bffu3egs.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (getithd) - C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions

\jcejcjdkakbnmifgblkhmckcccjfeljg [2014-01-20]
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sophokles\AppData\LocalLow\proxtube\CHROME

\proxtube.crx [2012-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless 

listed separately.)

S3 ALG; C:\Windows\System32\alg.exe [59392 2014-09-05] (Microsoft Corporation) [File not signed]
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [30720 2014-09-05] (Microsoft Corporation) 

[File not signed]
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [60416 2014-09-05] (Microsoft 

Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [89600 2014-09-05] (Microsoft 

Corporation) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-02-23] (Connectify) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [270848 2014-09-05] (Intel Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2014-09-05] (Microsoft Corporation) [File not signed]
S2 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [872448 2014-09-05] 

(Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2014-09-05] (Microsoft Corporation) [File not signed]
S2 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [138240 2014-09-05] (Microsoft Corporation) 

[File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QPilotClientService; C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe [10706432 2010-04-21] (Schomäcker 

GmbH) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2014-09-05] (Microsoft Corporation) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-03] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] 

(Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos 

Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-01-13] (Sophos Limited)
S2 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vds; C:\Windows\System32\vds.exe [453632 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco 

Systems, Inc.)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2014-09-05] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1333760 2014-09-05] (Microsoft Corporation) [File not signed]
S2 wbengine; C:\Windows\system32\wbengine.exe [1203200 2014-09-05] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2014-09-05] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless 

listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2014-12-11] (Connectify)
S3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [31744 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-10-10] ()
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2014-05-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-05-20] (Sophos Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\SOPHOK~1\AppData\Local\Temp\catchme.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed 

separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 23:03 - 2015-03-10 23:05 - 00021401 _____ () C:\Users\Sophokles\Desktop\FRST.txt
2015-03-10 23:00 - 2015-03-10 23:00 - 01134592 _____ (Farbar) C:\Users\Sophokles\Desktop\FRST.exe
2015-03-10 12:18 - 2015-03-10 14:43 - 00000000 ____D () C:\Users\Sophokles\Desktop\Wohngeld
2015-03-09 00:45 - 2015-03-09 00:45 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\MBAMSwissArmy.sys
2015-03-09 00:45 - 2015-03-09 00:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes 

Anti-Malware
2015-03-09 00:44 - 2015-03-09 00:45 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-09 00:44 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers

\mbamchameleon.sys
2015-03-09 00:44 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-09 00:44 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-09 00:43 - 2015-03-09 00:43 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sophokles\Downloads\mbam-setup-

2.0.4.1028(1).exe
2015-03-09 00:15 - 2015-03-09 00:19 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\CrashDumps
2015-03-06 19:23 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-06 19:23 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-06 13:00 - 2015-03-10 15:53 - 00000336 _____ () C:\Windows\setupact.log
2015-03-06 13:00 - 2015-03-06 13:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 12:59 - 2015-03-09 01:09 - 00000714 _____ () C:\Windows\PFRO.log
2015-03-06 12:59 - 2015-03-06 13:00 - 00412656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 00:51 - 2015-03-06 00:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 22:54 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-04 22:54 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-04 22:53 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-04 22:53 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-04 22:53 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-04 22:53 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-04 22:53 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-04 22:53 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-04 22:53 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-04 22:53 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-04 22:53 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-04 22:53 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-04 22:53 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-04 22:53 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-04 22:53 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-04 22:53 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-04 22:53 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows

\system32\MsSpellCheckingFacility.exe
2015-03-04 22:53 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-04 22:53 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows

\system32\JavaScriptCollectionAgent.dll
2015-03-04 22:53 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-04 22:53 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-04 22:53 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-04 22:53 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-04 22:53 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-04 22:53 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-04 22:53 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-04 22:53 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-04 22:53 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-04 22:53 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-04 22:53 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-04 18:03 - 2015-03-04 18:04 - 06208736 _____ (Tim Kosse) C:\Users\Sophokles\Downloads\FileZilla_3.10.2_win32-

setup.exe
2015-03-04 16:33 - 2015-03-04 16:33 - 00000000 ____D () C:\ComboFix
2015-03-04 14:22 - 2015-03-04 14:22 - 00011645 _____ () C:\Users\Sophokles\Downloads\hijackthis.log
2015-03-04 14:04 - 2015-03-04 14:04 - 00388608 _____ (Trend Micro Inc.) C:\Users\Sophokles\Downloads\HijackThis.exe
2015-03-04 14:03 - 2015-03-04 14:04 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sophokles\Downloads\mbam-setup-

2.0.4.1028.exe
2015-03-04 12:28 - 2015-03-04 12:28 - 00111264 _____ () C:\Users\Sophokles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 12:15 - 2015-03-04 12:15 - 00309304 _____ () C:\Users\Sophokles\Documents\cc_20150304_121512.reg
2015-03-04 10:08 - 2015-03-04 10:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-04 09:24 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-04 09:18 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-04 09:18 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-04 09:18 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-04 09:18 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-04 09:18 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-04 09:18 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-04 09:18 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-04 09:18 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-04 09:18 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-04 09:18 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-04 09:18 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-04 09:18 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-04 09:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-04 09:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-04 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-04 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-04 09:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-04 09:16 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-04 09:16 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-04 09:15 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 09:15 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-04 09:15 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-04 09:14 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-04 09:14 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-04 09:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-04 09:09 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-04 09:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-04 09:08 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-04 09:08 - 2014-09-25 02:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-04 09:07 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-04 09:07 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-04 09:07 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-04 09:06 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-04 09:06 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-04 09:06 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-04 09:06 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-04 09:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-04 09:05 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-04 09:04 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-04 09:04 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-04 09:04 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-04 09:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-04 09:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-04 09:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-04 09:04 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-04 09:04 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-04 09:04 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-04 09:01 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-04 09:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-04 08:07 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-04 07:56 - 2015-03-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-04 07:55 - 2015-03-04 07:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 07:51 - 2015-03-04 07:52 - 05162080 _____ (Piriform Ltd) C:\Users\Sophokles\Downloads\ccsetup500.exe
2015-03-04 00:52 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-04 00:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-04 00:48 - 2015-03-04 00:48 - 00000000 ____D () C:\Users\Sophokles\Downloads\lang
2015-03-04 00:48 - 2013-01-08 06:04 - 00005535 _____ () C:\Users\Sophokles\Downloads\License.txt
2015-03-04 00:48 - 2009-11-26 13:02 - 00000010 _____ () C:\Users\Sophokles\Downloads\portable.dat
2015-03-04 00:32 - 2015-03-04 08:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 00:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-04 00:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-04 00:18 - 2015-03-04 00:27 - 00000000 ____D () C:\Qoobox
2015-03-04 00:17 - 2015-03-04 00:17 - 00000000 ____D () C:\Windows\erdnt
2015-03-03 23:58 - 2015-03-03 23:58 - 01388333 _____ (Thisisu) C:\Users\Sophokles\Downloads\JRT.exe
2015-03-03 23:39 - 2015-03-03 23:39 - 02126848 _____ () C:\Users\Sophokles\Downloads\AdwCleaner.exe
2015-03-02 10:37 - 2015-03-02 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 

2015
2015-02-25 20:41 - 2015-02-26 16:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-23 22:45 - 2015-02-23 22:45 - 00000355 _____ () C:\Users\Sophokles\Documents\Computer - Verknüpfung.lnk
2015-02-16 15:43 - 2015-02-16 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-02-16 15:42 - 2015-02-16 15:43 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-02-16 15:42 - 2015-02-16 15:43 - 00000000 ____D () C:\Program Files\iTunes
2015-02-16 15:42 - 2015-02-16 15:42 - 00000000 ____D () C:\Program Files\iPod
2015-02-13 00:21 - 2015-02-13 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-02-12 22:39 - 2015-03-10 14:43 - 00000000 ____D () C:\Users\Sophokles\Desktop\Kurse+Termine
2015-02-12 15:20 - 2015-03-04 10:42 - 00000000 ____D () C:\Users\Sophokles\Desktop\Masti

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-10 23:06 - 2013-04-24 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-10 23:04 - 2014-11-03 19:18 - 00000000 ____D () C:\FRST
2015-03-10 22:57 - 2013-04-24 11:49 - 01116055 _____ () C:\Windows\WindowsUpdate.log
2015-03-10 17:21 - 2013-04-24 17:04 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Skype
2015-03-09 23:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-09 21:56 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

1.C7483456-A289-439d-8115-601632D005A0
2015-03-09 21:56 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-

0.C7483456-A289-439d-8115-601632D005A0
2015-03-09 01:11 - 2013-08-16 06:49 - 00000000 ___RD () C:\Users\Sophokles\Dropbox
2015-03-09 01:11 - 2013-08-16 01:32 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Dropbox
2015-03-09 01:09 - 2014-12-07 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 01:09 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-09 01:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2015-03-08 23:27 - 2013-05-12 01:03 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\FileZilla
2015-03-08 23:23 - 2013-05-10 15:06 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Audacity
2015-03-06 12:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-05 00:03 - 2010-11-20 22:03 - 00006292 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP 

Client
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-04 14:30 - 2014-09-22 19:59 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\com
2015-03-04 10:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-04 10:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-03-04 10:08 - 2014-05-09 12:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-04 10:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-04 09:23 - 2013-04-26 20:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-04 08:25 - 2015-01-21 15:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-04 08:25 - 2014-12-11 21:35 - 00000000 ____D () C:\Program Files\Connectify
2015-03-04 08:22 - 2013-04-24 12:45 - 00000000 ____D () C:\Windows\Panther
2015-03-04 08:20 - 2013-07-28 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-03 23:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-03-03 23:50 - 2013-11-22 12:24 - 00000000 ____D () C:\AdwCleaner
2015-03-02 21:59 - 2013-10-16 19:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-02 21:56 - 2014-11-20 12:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-02 21:56 - 2013-04-26 09:39 - 00000000 ____D () C:\Program Files\Java
2015-02-26 14:27 - 2013-11-08 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
2015-02-24 22:12 - 2013-04-25 08:24 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\Adobe
2015-02-24 22:11 - 2013-04-24 17:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 22:11 - 2013-04-24 17:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 19:54 - 2013-04-25 18:23 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\vlc
2015-02-24 03:23 - 2013-04-24 14:59 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 14:34 - 2014-09-16 19:28 - 00000000 ___RD () C:\Program Files\Skype
2015-02-23 14:34 - 2013-04-24 17:04 - 00000000 ____D () C:\ProgramData\Skype
2015-02-17 21:48 - 2013-07-13 20:36 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-02-17 14:57 - 2014-04-14 20:53 - 00000000 ____D () C:\Users\Sophokles\Documents\Citavi 4
2015-02-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-16 15:42 - 2013-05-11 22:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-02-16 12:02 - 2013-08-16 01:34 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu

\Programs\Dropbox
2015-02-15 22:49 - 2015-01-22 10:31 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\PDFCreator
2015-02-13 00:21 - 2014-01-11 23:18 - 00000000 ____D () C:\Program Files\Cisco
2015-02-13 00:21 - 2014-01-11 23:17 - 00000000 ____D () C:\ProgramData\Cisco

==================== Files in the root of some directories =======

2014-11-20 12:04 - 2014-11-20 12:04 - 0000093 _____ () C:\Users\Sophokles\AppData\Roaming\ARCompanion.log
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\NTMXMN
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Sophokles\AppData\Roaming\VIWK
2014-12-26 12:21 - 2014-12-26 12:21 - 0000045 _____ () C:\Users\Sophokles\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\YRRKNG
2014-09-11 17:11 - 2014-12-26 18:08 - 0006268 _____ () C:\Users\Sophokles\AppData\Local\Citavi Picker Internet Explorer 

Protocol.txt
2013-07-22 14:48 - 2013-07-22 14:48 - 0004096 ____H () C:\Users\Sophokles\AppData\Local\keyfile3.drm
2013-07-18 21:30 - 2013-07-18 21:30 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp53c9ur.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-07 15:42

==================== End Of Log ============================
         
--- --- ---


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 10-03-2015
Ran by Sophokles at 2015-03-10 23:06:31
Running from C:\Users\Sophokles\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be 

uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems 

Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{28ED482A-56DB-47D9-8D9E-990FA8CD7D3D}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bass Station 1.6 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.6 - Novation Digital Music Systems Ltd.)
BitZipper 2013 (HKLM\...\BitZipper_is1) (Version: 2013.13.4.16 - Bitberry Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco 

Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - 

Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - 

Microsoft Corporation)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.0.3.34560 - Connectify)
Dropbox (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Dropbox) (Version: 3.2.6 - Dropbox, Inc.)
EPUB File Reader (HKLM\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
f.lux (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Flux) (Version:  - )
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Focusrite Plug-in Suite 1.0.2 (HKLM\...\{CF07B703-ACF2-4003-AF18-1EA840920D38}}_is1) (Version: 1.0.2 - Focusrite Audio 

Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.2 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.2 - Focusrite Audio 

Engineering Limited.)
Focusrite USB Audio Driver 1.8 (HKLM\...\Focusrite USB Audio Driver_is1) (Version: 1.8 - Focusrite Audio Engineering Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - 

DVDVideoSoft Ltd.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{B8032A6B-C4D0-4744-B75F-9DDCB56B5C6F}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
jMemorize (HKLM\...\jMemorize) (Version:  - )
Live 8.0.9 (HKLM\...\Live 8.0.9) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes 

Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - 

Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft 

Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - 

Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft 

Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - 

Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 

9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 

9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 

10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MyStudioPC 2.05.02.00 (HKLM\...\InstallShield_{E37404FC-DD7A-468B-8692-C4065B382D84}) (Version: 2.05.02.00 - Japanese 

Society for Rehabilitation of Persons with Disabilities)
MyStudioPC 2.05.02.00 (Version: 2.05.02.00 - Japanese Society for Rehabilitation of Persons with Disabilities) Hidden
ODF Add-in for Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF 

Translator Team)
Online Plug-in (Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PCFriendly (HKLM\...\PCFriendly) (Version:  - )
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
PhotoFiltre 7 (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\PhotoFiltre 7) (Version:  - )
Q-Pilot Client 4.0.0.5727 (HKLM\...\{870126DA-33D5-4DA8-BB6D-6E3A61969072}) (Version: 4.0.0.5727 - Schomäcker GmbH)
Q-Pilot: Konfiguration der Druck-Queues und -Treiber (HKLM\...\HRZQPilotQueues) (Version: 0.51 - Uni Marburg, HRZ)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek 

Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Saffire MixControl 3.2 (HKLM\...\Saffire PRO 40_is1) (Version: 3.2 - Focusrite Audio Engineering Ltd.)
Scarlett MixControl 1.3 (HKLM\...\Saffire USB 26_is1) (Version: 1.3 - Focusrite Audio Engineering Limited)
SciLor's grooveshark™.com Downloader 0.4.12 (HKLM\...\{DDEAE484-D5FB-49CB-BD47-9512E8ACCA65}_is1) (Version: 0.4.12 - 

SciLor)
Self-Service Plug-in (Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Snap.Do (HKLM\...\{FAC08B7A-F059-4FD6-ACA2-9C2FD0B5B241}) (Version: 11.75.1.17220 - ReSoft Ltd.) <==== ATTENTION
Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.12 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
TexMakerX 2.1 (HKLM\...\TexMakerX_is1) (Version: 2.1 - Benito van der Zander)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Winamp Detect) (Version: 1.0.0.1 - 

Nullsoft, Inc)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/27/2013 2.5.64.2) (HKLM\...

\33363B6D2E200ED19F75DDF6CC777BB5A1947A25) (Version: 03/27/2013 2.5.64.2 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (HKLM\...

\4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/22/2011 2.2.0.0) (HKLM\...

\54CB6483AA6621FEF67643C55EC698A0CF71605E) (Version: 09/22/2011 2.2.0.0 - Focusrite)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-

C0CE100EA736}\localserver32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-

CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

06-03-2015 00:30:22 Windows Update
06-03-2015 08:06:48 Windows Update
08-03-2015 20:36:15 Windows-Sicherung
09-03-2015 21:55:24 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately 

to be moved.)

Task: {01EF53E7-048B-4323-A594-1BC40BF06A66} - System32\Tasks\{3A2AC715-DABB-41D7-94E0-A6C823338DC0} => pcalua.exe -a C:

\Users\Sophokles\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {0AD06B14-0DA8-4C9C-84C9-33A8376665BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files

\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0DC70879-9A0A-431D-8E46-C8FB7D7324BD} - System32\Tasks\{F1D2DB9D-2E9C-4C3C-81DC-037C974D575F} => pcalua.exe -a E:

\Win7\Lenovo-B570(1068)-Treiber\IN1PCH32WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {17BB234E-1FC5-4029-AA02-9768526619B3} - System32\Tasks\{A7329049-A4A6-4784-A0CC-7FDC5A6DD1A8} => pcalua.exe -a E:

\Win7\Lenovo-B570(1068)-Treiber\IN1WLN113WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {2E1A84FC-64A3-4710-A43D-EBD8A7FAC83D} - System32\Tasks\{165C64A7-0882-48A2-931B-3FAB530E5096} => pcalua.exe -a C:

\Users\Sophokles\Downloads\wmp11-windowsxp-x86-DE-DE.exe -d C:\Users\Sophokles\Downloads
Task: {2FDC2965-CE6D-4D8C-B70F-4AD3CB3126AB} - System32\Tasks\{7B58BE47-E866-4787-BA41-5AAD7B96B5A4} => pcalua.exe -a "C:

\Drivers\Broadcom Bluetooth Driver\Win32\instmsiw.exe" -d "C:\Drivers\Broadcom Bluetooth Driver\Win32"
Task: {43F324C4-4FB3-492C-923F-0750D34E8EA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software 

Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CBE22AB-81C4-472E-99E7-6F5E9275829E} - System32\Tasks\{13D72250-A214-4368-B58E-811C74A8D71D} => pcalua.exe -a E:

\Win7\Lenovo-B570(1068)-Treiber\IN1CAM44WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {AF2A3A49-1B8C-4FD3-A7F3-920B780C9732} - System32\Tasks\{2E136FB4-049F-4914-A366-CDF43BB2EA2A} => pcalua.exe -a E:

\Win7\Lenovo-B570(1068)-Treiber\IN1WLN85WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {B4161777-2B30-4DA7-A47D-5A8CBE800B93} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java

\Java Update\jusched.exe [2014-12-17] (Oracle Corporation)
Task: {CB17EC52-0BB0-43CC-A777-34083D598289} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe 

[2014-11-21] (Piriform Ltd)
Task: {DE3100B3-8E87-4183-ADEC-3F8D241CB6C9} - System32\Tasks\{8D2DB329-90A3-434B-A72D-8657CAB1530B} => pcalua.exe -a E:

\Win7\Lenovo-B570(1068)-Treiber\IN3BTH49WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {F0C7303F-D12C-4F7E-9F4A-CAAF07851923} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files

\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F799CD3F-8A5B-47A9-8D6B-C39275BFF875} - System32\Tasks\{D487B9B6-BE51-42D5-ACFF-C98A6CE27803} => pcalua.exe -a "C:

\Drivers\Broadcom Bluetooth Driver\Win32\instmsia.exe" -d "C:\Drivers\Broadcom Bluetooth Driver\Win32"
Task: {F93F1FD5-A71F-4834-8E9B-5C61D9EE9C55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed

\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not 

be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\NTMXMN.job => C:\Users\Sophokles\AppData\Roaming\NTMXMN.exe <==== ATTENTION
Task: C:\Windows\Tasks\VIWK.job => C:\Users\Sophokles\AppData\Roaming\VIWK.exe <==== ATTENTION
Task: C:\Windows\Tasks\YRRKNG.job => C:\Users\Sophokles\AppData\Roaming\YRRKNG.exe <==== ATTENTION

==================== Loaded Modules (whitelisted) ==============

2015-03-02 21:30 - 2015-03-02 21:30 - 00039384 _____ () C:\Program Files\FileZilla FTP Client\fzshellext.dll
2003-07-11 01:09 - 2003-07-11 01:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders

\1031\nsextint.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client

\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support

\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support

\libxml2.dll
2009-12-12 16:40 - 2009-12-12 16:40 - 00020480 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\jetvm\jvm.dll
2009-12-12 16:40 - 2009-12-12 16:40 - 00069632 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\java.dll
2010-03-10 18:21 - 2010-03-10 18:21 - 00126976 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\zip.dll
2009-12-12 16:35 - 2009-12-12 16:35 - 00155648 _____ () C:\Program Files\Q-Pilot Client\Common\Java\jetrt\baseline700.dll
2014-12-11 21:35 - 2015-02-23 18:23 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2011-03-25 16:28 - 2011-03-25 16:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00750080 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-09 01:10 - 2015-03-09 01:10 - 00043008 _____ () c:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153

-5bce-5766-8f84-3e3e7ecf0d81}.tmp53c9ur.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00047616 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00865280 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\plugins\platforms

\qwindows.dll
2015-02-10 22:00 - 2015-02-10 22:00 - 00200704 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\plugins

\imageformats\qjpeg.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-14 12:33 - 2014-01-28 06:47 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox

\components\FirefoxPickerCommunication.dll
2015-02-05 07:28 - 2015-02-24 22:11 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophokles\AppData\Roaming

\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3804236533-1989176325-2614330732-500 - Administrator - Disabled)
Gast (S-1-5-21-3804236533-1989176325-2614330732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3804236533-1989176325-2614330732-1007 - Limited - Enabled)
Sophokles (S-1-5-21-3804236533-1989176325-2614330732-1000 - Administrator - Enabled) => C:\Users\Sophokles
SophosSAUSOPHOKLES-0 (S-1-5-21-3804236533-1989176325-2614330732-1001 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow 

the instructions.

Name: EgisTec_ES603
Description: EgisTec_ES603
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/10/2015 01:13:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für 

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung 

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" 

konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4477

Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4477

Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 11:51:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für 

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1".
Die abhängige Assemblierung 

"Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"" 

konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74356644

Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74356644

Error: (03/09/2015 09:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 01:11:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 

AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2015 01:11:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für 

"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"1". 

Fehler in Manifest- oder Richtliniendatei 

"Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"2" 

in Zeile  

Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"3.
Die im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente überein.
Verweis: 

Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0".
Definition: 

Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762".
Verwenden Sie das Programm "sxstrace.exe" für eine detaillierte Diagnose.


System errors:
=============
Error: (03/10/2015 01:47:49 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C8E51499-928D-

44F1-AE3E-34C4D03E972D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (03/09/2015 01:10:51 AM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (03/09/2015 01:07:06 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (03/08/2015 08:46:20 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 70. Der interne Fehlerstatus lautet: 105.

Error: (03/06/2015 07:09:39 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Heimnetzgruppen-Listener" wurde mit folgendem dienstspezifischem Fehler beendet: %%-2147023143.

Error: (03/06/2015 00:57:26 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {D085A4AB-CAB1-4729-9DF8-FCEEDDBD19E4}

Error: (03/06/2015 08:06:15 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C8E51499-928D-

44F1-AE3E-34C4D03E972D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (03/06/2015 00:46:24 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Update 

für Microsoft Office 2010 (KB2825635) 32-Bit-Edition

Error: (03/06/2015 00:36:55 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070652 fehlgeschlagen: Update 

für Office-Dateiüberprüfung 2010, 32-Bit-Edition (KB2553065)

Error: (03/06/2015 00:28:54 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{C8E51499-928D-

44F1-AE3E-34C4D03E972D} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (03/10/2015 01:13:08 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 

Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:

\program files\bitzipper\BZSHLEXTLOADER.EXE

Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4477

Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4477

Error: (03/10/2015 00:03:31 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 11:51:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 

Microsoft.VC80.CRT,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"c:

\program files\bitzipper\BZSHLEXTLOADER.EXE

Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 74356644

Error: (03/09/2015 09:54:37 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 74356644

Error: (03/09/2015 09:54:36 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/09/2015 01:11:11 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" 

AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/09/2015 01:11:02 AM) (Source: SideBySide) (EventID: 35) (User: )
Description: 

Microsoft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0"Micro

soft.VC80.MFCLOC,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:

\Program Files\Citrix\ICA Client\MFC80.DLLC:\Program Files\Citrix\ICA Client\Microsoft.VC80.MFCLOC.MANIFEST5


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 56%
Total physical RAM: 2988.14 MB
Available physical RAM: 1313.33 MB
Total Pagefile: 6274.57 MB
Available Pagefile: 3806.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1920.53 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:296.91 GB) (Free:204.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0BFE5315)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.1 GB) - (Type=12)

==================== End Of Log ============================
         
__________________

Geändert von Sophus (10.03.2015 um 23:22 Uhr)

Alt 11.03.2015, 12:12   #4
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    Snap.Do


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 11.03.2015, 13:48   #5
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Hi Schrauber,

ich habe Revo Uninstaller installiert, im Uninstallerfield snap.do ausgewählt, uninstall gedrückt und habe den Uninstall auf dem Modus "moderat" ausgeführt. Während des dritten Schrittes (Anzeige "starte den anwendungseigenen Uninstaller zum normalen Deinstallieren") erscheint das bekannte Problem wieder. Habe einen Screenshot gemacht und ihn angehangen.

Soll ich die weiteren Schritte noch ausführen? (Reste löschen, Combofix etc.)

Angehängte Grafiken
Dateityp: png Screenshot 2015-03-11 13.10.16.png (20,7 KB, 139x aufgerufen)

Alt 11.03.2015, 18:18   #6
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



AHA!
Das gehörte anscheinend dazu. Ich habe jetzt auch noch "Reste löschen" durchgeführt und snap.do ist nicht mehr in meinen Systemprogrammen zu sehen.

Combofix habe ich nun auch drüber laufen lassen und es ging alles ohne Meckern.
Hier die Log-Datei daraus:

Code:
ATTFilter
ComboFix 15-03-09.01 - Sophokles 11.03.2015  17:45:19.1.2 - x86
Microsoft Windows 7 Professional N   6.1.7601.1.1252.49.1031.18.2988.1509 [GMT 1:00]
ausgeführt von:: c:\users\Sophokles\Downloads\ComboFix.exe
AV: Sophos Anti-Virus *Disabled/Updated* {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
SP: Sophos Anti-Virus *Disabled/Updated* {D0CA1913-188C-B293-ABD7-B72CB1814094}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files\Internet Explorer\legnlqnc.tmp
c:\programdata\ntuser.pol
c:\windows\system32\drivers\etc\hosts.ics
.
.
(((((((((((((((((((((((   Dateien erstellt von 2015-02-11 bis 2015-03-11  ))))))))))))))))))))))))))))))
.
.
2015-03-11 16:55 . 2015-03-11 16:55	--------	d-----w-	c:\users\Default\AppData\Local\temp
2015-03-11 15:02 . 2015-03-11 15:02	--------	d-----w-	c:\program files\iPod
2015-03-11 15:02 . 2015-03-11 15:02	--------	d-----w-	c:\programdata\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-11 15:02 . 2015-03-11 15:02	--------	d-----w-	c:\program files\iTunes
2015-03-11 14:44 . 2015-03-11 14:44	62576	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{743C050B-7A14-41E6-947F-9F95157733F6}\offreg.dll
2015-03-11 12:01 . 2015-03-11 12:01	--------	d-----w-	c:\program files\VS Revo Group
2015-03-10 21:50 . 2015-02-16 03:21	9041640	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{743C050B-7A14-41E6-947F-9F95157733F6}\mpengine.dll
2015-03-08 23:45 . 2015-03-11 16:41	114904	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-03-08 23:44 . 2014-11-21 05:14	51928	----a-w-	c:\windows\system32\drivers\mwac.sys
2015-03-08 23:44 . 2014-11-21 05:14	75480	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2015-03-08 23:44 . 2014-11-21 05:14	23256	----a-w-	c:\windows\system32\drivers\mbam.sys
2015-03-08 23:44 . 2015-03-08 23:45	--------	d-----w-	c:\program files\ Malwarebytes Anti-Malware 
2015-03-08 23:15 . 2015-03-11 08:26	--------	d-----w-	c:\users\Sophokles\AppData\Local\CrashDumps
2015-03-06 18:23 . 2015-01-23 03:43	620032	----a-w-	c:\windows\system32\jscript9diag.dll
2015-03-06 18:23 . 2015-01-23 03:17	4300800	----a-w-	c:\windows\system32\jscript9.dll
2015-03-04 21:54 . 2015-01-10 06:27	248832	----a-w-	c:\windows\system32\schannel.dll
2015-03-04 21:54 . 2015-01-10 06:27	550912	----a-w-	c:\windows\system32\kerberos.dll
2015-03-04 21:54 . 2015-01-10 06:27	221184	----a-w-	c:\windows\system32\ncrypt.dll
2015-03-04 21:54 . 2015-01-10 06:27	259584	----a-w-	c:\windows\system32\msv1_0.dll
2015-03-04 21:54 . 2015-01-10 06:27	65536	----a-w-	c:\windows\system32\TSpkg.dll
2015-03-04 21:54 . 2015-01-10 06:27	172032	----a-w-	c:\windows\system32\wdigest.dll
2015-03-04 21:54 . 2015-01-10 06:27	17408	----a-w-	c:\windows\system32\credssp.dll
2015-03-04 09:08 . 2015-03-04 09:08	--------	d-----w-	c:\windows\system32\appraiser
2015-03-04 08:16 . 2015-01-14 05:44	3972544	----a-w-	c:\windows\system32\ntkrnlpa.exe
2015-03-04 08:16 . 2015-01-14 05:44	3917760	----a-w-	c:\windows\system32\ntoskrnl.exe
2015-03-04 08:15 . 2014-11-11 01:32	74752	----a-w-	c:\windows\system32\drivers\tdx.sys
2015-03-04 08:15 . 2015-01-09 01:45	2380288	----a-w-	c:\windows\system32\win32k.sys
2015-03-04 08:15 . 2015-01-09 02:48	76800	----a-w-	c:\windows\system32\wdi.dll
2015-03-04 08:15 . 2015-01-09 02:48	635904	----a-w-	c:\windows\system32\perftrack.dll
2015-03-04 08:15 . 2015-01-09 02:48	27136	----a-w-	c:\windows\system32\powertracker.dll
2015-03-04 08:14 . 2014-10-04 01:42	3221504	----a-w-	c:\windows\system32\mstscax.dll
2015-03-04 08:14 . 2014-10-04 01:42	131584	----a-w-	c:\windows\system32\aaclient.dll
2015-03-04 08:14 . 2014-09-04 05:04	372736	----a-w-	c:\windows\system32\rastls.dll
2015-03-04 08:09 . 2014-11-08 02:45	2048	----a-w-	c:\windows\system32\tzres.dll
2015-03-04 08:08 . 2014-10-03 01:44	442880	----a-w-	c:\windows\system32\AUDIOKSE.dll
2015-03-04 08:08 . 2014-10-03 01:44	275968	----a-w-	c:\windows\system32\EncDump.dll
2015-03-04 08:08 . 2014-10-03 01:44	475136	----a-w-	c:\windows\system32\audiosrv.dll
2015-03-04 08:08 . 2014-10-03 01:44	374784	----a-w-	c:\windows\system32\AudioEng.dll
2015-03-04 08:08 . 2014-10-03 01:44	195584	----a-w-	c:\windows\system32\AudioSes.dll
2015-03-04 08:08 . 2014-12-06 03:50	242688	----a-w-	c:\windows\system32\nlasvc.dll
2015-03-04 08:08 . 2014-09-25 01:40	519680	----a-w-	c:\windows\system32\qdvd.dll
2015-03-04 08:07 . 2015-02-04 02:54	482304	----a-w-	c:\windows\system32\generaltel.dll
2015-03-04 08:07 . 2015-01-27 23:36	1167520	----a-w-	c:\windows\system32\aitstatic.exe
2015-03-04 08:07 . 2015-02-04 02:53	621056	----a-w-	c:\windows\system32\invagent.dll
2015-03-04 08:07 . 2015-02-04 02:53	325632	----a-w-	c:\windows\system32\devinv.dll
2015-03-04 08:07 . 2015-02-04 02:53	159744	----a-w-	c:\windows\system32\aepic.dll
2015-03-04 08:07 . 2015-02-04 02:49	886784	----a-w-	c:\windows\system32\aeinv.dll
2015-03-04 08:07 . 2015-02-04 02:53	202752	----a-w-	c:\windows\system32\aepdu.dll
2015-03-04 08:06 . 2014-07-17 01:39	1051136	----a-w-	c:\windows\system32\mstsc.exe
2015-03-04 08:06 . 2014-07-17 01:40	157696	----a-w-	c:\windows\system32\winsta.dll
2015-03-04 08:06 . 2014-07-17 01:39	304128	----a-w-	c:\windows\system32\winlogon.exe
2015-03-04 08:06 . 2014-07-17 01:39	130048	----a-w-	c:\windows\system32\rdpcorekmts.dll
2015-03-04 08:06 . 2014-07-17 01:03	184320	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2015-03-04 08:06 . 2014-07-17 01:02	31232	----a-w-	c:\windows\system32\drivers\tssecsrv.sys
2015-03-04 08:05 . 2014-12-19 02:43	164864	----a-w-	c:\windows\system32\profsvc.dll
2015-03-04 08:05 . 2014-06-18 22:23	156824	----a-w-	c:\windows\system32\mscorier.dll
2015-03-04 08:05 . 2014-06-18 22:23	81560	----a-w-	c:\windows\system32\mscories.dll
2015-03-04 08:05 . 2014-06-18 22:23	1131664	----a-w-	c:\windows\system32\dfshim.dll
2015-03-04 08:05 . 2014-08-01 11:35	793600	----a-w-	c:\windows\system32\TSWorkspace.dll
2015-03-04 08:04 . 2014-06-24 02:59	1987584	----a-w-	c:\windows\system32\d3d10warp.dll
2015-03-04 08:04 . 2014-10-25 01:32	67584	----a-w-	c:\windows\system32\packager.dll
2015-03-04 08:04 . 2014-11-26 03:32	571904	----a-w-	c:\windows\system32\oleaut32.dll
2015-03-04 08:04 . 2014-12-11 17:47	46592	----a-w-	c:\windows\system32\TSWbPrxy.exe
2015-03-04 08:04 . 2014-10-30 01:45	155136	----a-w-	c:\windows\system32\charmap.exe
2015-03-04 08:04 . 2014-12-19 01:34	116224	----a-w-	c:\windows\system32\drivers\mrxdav.sys
2015-03-04 08:04 . 2014-12-12 05:07	1174528	----a-w-	c:\windows\system32\crypt32.dll
2015-03-04 08:04 . 2014-07-07 01:40	179200	----a-w-	c:\windows\system32\wintrust.dll
2015-03-04 08:04 . 2014-07-07 01:40	143872	----a-w-	c:\windows\system32\cryptsvc.dll
2015-03-04 08:01 . 2014-10-14 01:50	523776	----a-w-	c:\windows\system32\termsrv.dll
2015-03-04 08:00 . 2014-12-08 02:46	308224	----a-w-	c:\windows\system32\scesrv.dll
2015-03-04 07:07 . 2014-06-27 01:45	2285056	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2015-03-04 06:55 . 2015-03-04 06:56	--------	d-----w-	c:\program files\CCleaner
2015-03-03 23:52 . 2015-01-13 02:49	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2015-03-03 23:50 . 2014-10-03 01:45	248832	----a-w-	c:\windows\system32\WSManMigrationPlugin.dll
2015-03-03 23:50 . 2014-10-03 01:45	214016	----a-w-	c:\windows\system32\WsmWmiPl.dll
2015-03-03 23:50 . 2014-10-03 01:45	145920	----a-w-	c:\windows\system32\WsmAuto.dll
2015-03-03 23:50 . 2014-10-03 01:45	1177088	----a-w-	c:\windows\system32\WsmSvc.dll
2015-03-03 23:50 . 2014-10-03 01:44	198656	----a-w-	c:\windows\system32\WSManHTTPConfig.exe
2015-02-25 19:41 . 2015-02-26 15:34	--------	d-----w-	c:\program files\Mozilla Thunderbird
2015-02-23 17:41 . 2015-03-04 07:21	--------	dc----w-	c:\users\Sophokles\AppData\Local\MigWiz
2015-02-18 08:47 . 2015-02-18 08:47	17323192	----a-w-	c:\program files\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-03-02 20:56 . 2014-11-20 11:02	96680	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2015-02-24 21:11 . 2013-04-24 16:07	71344	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 21:11 . 2013-04-24 16:07	701616	----a-w-	c:\windows\system32\FlashPlayerApp.exe
2015-02-24 02:23 . 2013-04-24 13:59	246920	------w-	c:\windows\system32\MpSigStub.exe
2014-12-16 19:01 . 2015-01-21 14:52	98488	----a-w-	c:\windows\system32\pdfcmon.dll
2014-12-11 20:35 . 2014-12-11 20:35	36520	----a-w-	c:\windows\system32\drivers\cnnctfy3.sys
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner.exe" [2014-11-21 5282584]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-10-19 9755240]
"QPilotClientGUI"="c:\program files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe" [2010-04-21 18442752]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"PDFPrint"="c:\program files\PDF24\pdf24.exe" [2013-10-28 185896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-01-29 145880]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-01-29 181208]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-01-29 189912]
"ConnectionCenter"="c:\program files\Citrix\ICA Client\concentr.exe" [2014-09-03 395616]
"Redirector"="c:\program files\Citrix\ICA Client\redirector.exe" [2014-09-03 153952]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2014-10-02 421888]
"Sophos AutoUpdate Monitor"="c:\program files\Sophos\AutoUpdate\almon.exe" [2015-03-03 1593640]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2014-11-19 707984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2014-12-17 508800]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 157480]
.
c:\users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2015-2-11 42555824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Sophos\SOPHOS~1\sophos_detoured.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService]
@="service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SophosAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2015-01-12 102912]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2015-01-02 315488]
R2 swi_update;Sophos Web Intelligence Update;c:\programdata\Sophos\Web Intelligence\swi_update.exe [2015-01-13 1487144]
R2 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2014-09-05 1333760]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock.sys [2014-11-19 92528]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
R3 FFUsbAudio;Focusrite USB Audio Driver;c:\windows\system32\DRIVERS\ffusbaudio.sys [2010-03-05 31744]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2014-10-10 30976]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [x]
R3 sdcfilter;sdcfilter;c:\windows\system32\DRIVERS\sdcfilter.sys [2014-05-20 34560]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 27264]
R4 SophosBootDriver;SophosBootDriver;c:\windows\system32\DRIVERS\SophosBootDriver.sys [2014-05-20 23680]
S1 cnnctfy3;Connectify LightWeight Filter;c:\windows\system32\DRIVERS\cnnctfy3.sys [2014-12-11 36520]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys [2014-08-27 70008]
S1 SAVOnAccess;SAVOnAccess;c:\windows\system32\DRIVERS\savonaccess.sys [2014-05-20 134912]
S1 SKMScan;SKMScan;c:\windows\system32\DRIVERS\skmscan.sys [2014-05-20 33408]
S2 Connectify;Connectify;c:\program files\Connectify\ConnectifyService.exe [2015-02-23 217088]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [2013-04-08 1320496]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [2013-04-08 799280]
S2 QPilotClientService;Q-Pilot Client Service;c:\program files\Q-Pilot Client\Service\QPilot-Client-Service.exe [2010-04-21 10706432]
S2 SAVAdminService;Sophos Anti-Virus Statusreporter;c:\program files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [2014-05-21 288552]
S2 SAVService;Sophos Anti-Virus;c:\program files\Sophos\Sophos Anti-Virus\SavService.exe [2014-10-14 208168]
S2 Sophos Web Control Service;Sophos Web Control Service;c:\program files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [2014-10-14 341800]
S2 swi_service;Sophos Web Intelligence Service;c:\program files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [2015-01-13 3274536]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2014-11-19 562576]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2010-01-20 23136]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 269824]
S3 MEI;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECI.sys [2010-10-19 41088]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2011-06-10 394856]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc SensrSvc
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-24 21:11]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
IE: &Citavi Picker... - file://c:\program files\Internet Explorer\Citavi Picker\ShowContextMenu.html
IE: Free YouTube to MP3 Converter - c:\program files\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Mit Mipony herunterladen - file://c:\program files\MiPony\Browser\IEContext.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
LSP: c:\programdata\Sophos\Web Intelligence\swi_ifslsp.dll
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95A12F4E-76E9-48FC-8813-D8CA7928229C}} - (no file)
BHO-{EDCFBF0B-D47D-460C-9000-FA74A8CD6F3C}} - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
c:\program files\Sophos\AutoUpdate\ALsvc.exe
c:\windows\system32\UI0Detect.exe
c:\windows\System32\vds.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Citrix\ICA Client\wfcrun32.exe
c:\program files\Citrix\Receiver\Receiver.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
c:\program files\Connectify\ConnectifyD.exe
c:\windows\system32\conhost.exe
c:\program files\windows defender\MpCmdRun.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-11  18:07:07 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-11 17:07
.
Vor Suchlauf: 11 Verzeichnis(se), 218.336.354.304 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 218.223.525.888 Bytes frei
.
- - End Of File - - 1494CF7A4510FA505D21E9E013BD36B4
A36C5E4F47E84449FF07ED3517B43A31
         

Alt 12.03.2015, 09:24   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 12.03.2015, 12:08   #8
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Logfile MBAM
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Suchlauf Datum: 12.03.2015
Suchlauf-Zeit: 10:29:00
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.12.03
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sophokles

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 332690
Verstrichene Zeit: 28 Min, 38 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 0
(Keine schädliche Elemente erkannt)

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
         

Logfile AdwCleaner
Code:
ATTFilter
# AdwCleaner v4.112 - Bericht erstellt 12/03/2015 um 11:38:11
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-05.1 [Server]
# Betriebssystem : Windows 7 Professional N Service Pack 1 (x86)
# Benutzername : Sophokles - SOPHOKLES-PC
# Gestarted von : C:\Users\Sophokles\Desktop\adwcleaner_4.112.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gelöscht : C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\foxydeal.sqlite

***** [ Geplante Tasks ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17689


-\\ Mozilla Firefox v36.0.1 (x86 de)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [28764 Bytes] - [22/11/2013 12:24:37]
AdwCleaner[R1].txt - [17693 Bytes] - [02/06/2014 10:00:25]
AdwCleaner[R2].txt - [17754 Bytes] - [02/06/2014 10:06:57]
AdwCleaner[R3].txt - [3363 Bytes] - [29/06/2014 17:26:21]
AdwCleaner[R4].txt - [4778 Bytes] - [27/09/2014 12:05:23]
AdwCleaner[R5].txt - [5564 Bytes] - [10/10/2014 11:08:55]
AdwCleaner[R6].txt - [1766 Bytes] - [03/11/2014 18:48:01]
AdwCleaner[R7].txt - [1841 Bytes] - [20/11/2014 12:29:09]
AdwCleaner[R8].txt - [2997 Bytes] - [03/03/2015 23:40:18]
AdwCleaner[R9].txt - [1964 Bytes] - [12/03/2015 11:35:55]
AdwCleaner[S0].txt - [28608 Bytes] - [22/11/2013 12:27:38]
AdwCleaner[S1].txt - [15967 Bytes] - [02/06/2014 10:08:55]
AdwCleaner[S2].txt - [3436 Bytes] - [29/06/2014 17:27:29]
AdwCleaner[S3].txt - [4675 Bytes] - [27/09/2014 12:08:00]
AdwCleaner[S4].txt - [4485 Bytes] - [10/10/2014 11:15:45]
AdwCleaner[S5].txt - [1819 Bytes] - [03/11/2014 18:56:53]
AdwCleaner[S6].txt - [1902 Bytes] - [20/11/2014 12:39:03]
AdwCleaner[S7].txt - [2689 Bytes] - [03/03/2015 23:50:40]
AdwCleaner[S8].txt - [1886 Bytes] - [12/03/2015 11:38:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S8].txt - [1945  Bytes] ##########
         

Logfile JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Professional N x86
Ran by Sophokles on 12.03.2015 at 11:53:09,49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Sophokles\AppData\Roaming\mozilla\firefox\profiles\6b5zntlu.default-1425421356005\minidumps [27 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.03.2015 at 11:54:54,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Logfile FRST

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Sophokles (administrator) on SOPHOKLES-PC on 12-03-2015 11:57:31
Running from C:\Users\Sophokles\Desktop
Loaded Profiles: Sophokles (Available profiles: Sophokles)
Platform: Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9755240 2010-10-19] (Realtek Semiconductor)
HKLM\...\Run: [QPilotClientGUI] => C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe [18442752 2010-04-21] (Schomäcker GmbH)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1593640 2015-03-03] (Sophos Limited)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [f.lux] => C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => c:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-13] (Sophos Limited)
Startup: C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 21 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

FireFox:
========
FF ProfilePath: C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: ProxTube - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\Extensions\ich@maltegoetz.de.xpi [2015-03-03]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2015-03-03]
FF Extension: Adblock Plus - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-03]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-14]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-05-16]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\bffu3egs.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (getithd) - C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcejcjdkakbnmifgblkhmckcccjfeljg [2014-01-20]
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sophokles\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALG; C:\Windows\System32\alg.exe [59392 2014-09-05] (Microsoft Corporation) [File not signed]
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [30720 2014-09-05] (Microsoft Corporation) [File not signed]
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [60416 2014-09-05] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [89600 2014-09-05] (Microsoft Corporation) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-02-23] (Connectify) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [270848 2014-09-05] (Intel Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2014-09-05] (Microsoft Corporation) [File not signed]
R2 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [872448 2014-09-05] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2014-09-05] (Microsoft Corporation) [File not signed]
R2 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [138240 2014-09-05] (Microsoft Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QPilotClientService; C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe [10706432 2010-04-21] (Schomäcker GmbH) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2014-09-05] (Microsoft Corporation) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-03] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-01-13] (Sophos Limited)
R2 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vds; C:\Windows\System32\vds.exe [453632 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2014-09-05] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1333760 2014-09-05] (Microsoft Corporation) [File not signed]
S2 wbengine; C:\Windows\system32\wbengine.exe [1203200 2014-09-05] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2014-09-05] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2014-12-11] (Connectify)
S3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [31744 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-10-10] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2014-05-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-05-20] (Sophos Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\SOPHOK~1\AppData\Local\Temp\catchme.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:57 - 2015-03-12 11:58 - 00021012 _____ () C:\Users\Sophokles\Desktop\FRST.txt
2015-03-12 11:57 - 2015-03-12 11:57 - 00000000 ____D () C:\Users\Sophokles\Desktop\FRST-OlderVersion
2015-03-12 11:54 - 2015-03-12 11:54 - 00000781 _____ () C:\Users\Sophokles\Desktop\JRT.txt
2015-03-12 11:46 - 2015-03-12 11:46 - 01388333 _____ (Thisisu) C:\Users\Sophokles\Desktop\JRT.exe
2015-03-12 11:42 - 2015-03-12 11:42 - 00002025 _____ () C:\Users\Sophokles\Desktop\AdwCleaner[S8].txt
2015-03-12 11:33 - 2015-03-12 11:34 - 02171392 _____ () C:\Users\Sophokles\Desktop\adwcleaner_4.112.exe
2015-03-12 11:02 - 2015-03-12 11:02 - 00001207 _____ () C:\Users\Sophokles\Desktop\mbam.txt
2015-03-12 10:27 - 2015-03-12 10:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 10:27 - 2015-03-12 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-12 10:27 - 2015-03-12 10:27 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-12 10:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 10:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-12 10:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-12 10:24 - 2015-03-12 10:24 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Sophokles\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-11 18:07 - 2015-03-11 18:07 - 00018562 _____ () C:\ComboFix.txt
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\Program Files\iTunes
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\Program Files\iPod
2015-03-11 13:01 - 2015-03-11 18:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-10 23:00 - 2015-03-12 11:57 - 01135104 _____ (Farbar) C:\Users\Sophokles\Desktop\FRST.exe
2015-03-10 22:54 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:54 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:54 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:54 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 22:53 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:53 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:53 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:53 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:53 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:53 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:53 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:53 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:53 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:53 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:53 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:53 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:53 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:53 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:53 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:53 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:53 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:53 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:53 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:53 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:53 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:53 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:53 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:53 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:53 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:53 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:53 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:53 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:53 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:53 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:53 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:53 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:52 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:52 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:52 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:52 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:52 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:52 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:52 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:52 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:52 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 22:52 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 22:52 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:52 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:52 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:52 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:52 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:52 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:52 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:51 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:51 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:51 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:51 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:51 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:51 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:51 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:51 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:51 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 22:51 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 12:18 - 2015-03-12 10:41 - 00000000 ____D () C:\Users\Sophokles\Desktop\Wohngeld
2015-03-09 00:15 - 2015-03-11 17:59 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\CrashDumps
2015-03-06 13:00 - 2015-03-12 11:40 - 00000672 _____ () C:\Windows\setupact.log
2015-03-06 13:00 - 2015-03-06 13:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 12:59 - 2015-03-12 11:39 - 00002358 _____ () C:\Windows\PFRO.log
2015-03-06 12:59 - 2015-03-12 10:20 - 00412656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 00:51 - 2015-03-06 00:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 12:28 - 2015-03-04 12:28 - 00111264 _____ () C:\Users\Sophokles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 12:15 - 2015-03-04 12:15 - 00309304 _____ () C:\Users\Sophokles\Documents\cc_20150304_121512.reg
2015-03-04 10:08 - 2015-03-04 10:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-04 09:24 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-04 09:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-04 09:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-04 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-04 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-04 09:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-04 09:15 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 09:15 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-04 09:14 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-04 09:14 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-04 09:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-04 09:09 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-04 09:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-04 09:07 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-04 09:07 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-04 09:07 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-04 09:06 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-04 09:06 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-04 09:06 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-04 09:06 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-04 09:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-04 09:05 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-04 09:04 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-04 09:04 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-04 09:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-04 09:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-04 09:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-04 09:04 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-04 09:01 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-04 09:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-04 08:07 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-04 07:56 - 2015-03-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-04 07:55 - 2015-03-04 07:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 00:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-04 00:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-04 00:48 - 2015-03-04 00:48 - 00000000 ____D () C:\Users\Sophokles\Downloads\lang
2015-03-04 00:48 - 2013-01-08 06:04 - 00005535 _____ () C:\Users\Sophokles\Downloads\License.txt
2015-03-04 00:32 - 2015-03-04 08:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 00:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-04 00:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-04 00:18 - 2015-03-11 18:07 - 00000000 ____D () C:\Qoobox
2015-03-04 00:17 - 2015-03-11 18:04 - 00000000 ____D () C:\Windows\erdnt
2015-03-02 10:37 - 2015-03-02 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2015
2015-02-25 20:41 - 2015-02-26 16:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-23 22:45 - 2015-02-23 22:45 - 00000355 _____ () C:\Users\Sophokles\Documents\Computer - Verknüpfung.lnk
2015-02-13 00:21 - 2015-02-13 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco
2015-02-12 15:20 - 2015-03-04 10:42 - 00000000 ____D () C:\Users\Sophokles\Desktop\Masti

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-12 11:57 - 2014-11-03 19:18 - 00000000 ____D () C:\FRST
2015-03-12 11:48 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-12 11:48 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-12 11:45 - 2013-04-24 11:49 - 01412439 _____ () C:\Windows\WindowsUpdate.log
2015-03-12 11:42 - 2013-08-16 06:49 - 00000000 ___RD () C:\Users\Sophokles\Dropbox
2015-03-12 11:42 - 2013-08-16 01:32 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Dropbox
2015-03-12 11:40 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-12 11:38 - 2013-11-22 12:24 - 00000000 ____D () C:\AdwCleaner
2015-03-12 11:06 - 2013-04-24 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-12 03:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-11 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-03-11 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-11 18:02 - 2010-11-20 22:03 - 00006292 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-11 17:57 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-11 16:15 - 2013-05-10 15:06 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Audacity
2015-03-11 16:15 - 2013-04-25 18:23 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\vlc
2015-03-11 16:02 - 2013-05-11 22:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-11 09:17 - 2013-07-28 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 09:07 - 2013-04-28 20:56 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 17:21 - 2013-04-24 17:04 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Skype
2015-03-09 23:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-09 01:09 - 2014-12-07 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 01:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2015-03-08 23:27 - 2013-05-12 01:03 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\FileZilla
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-04 14:30 - 2014-09-22 19:59 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\com
2015-03-04 10:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-04 10:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-03-04 10:08 - 2014-05-09 12:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-04 10:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-04 09:23 - 2013-04-26 20:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-04 08:25 - 2015-01-21 15:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-04 08:25 - 2014-12-11 21:35 - 00000000 ____D () C:\Program Files\Connectify
2015-03-04 08:22 - 2013-04-24 12:45 - 00000000 ____D () C:\Windows\Panther
2015-03-03 23:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-03-02 21:59 - 2013-10-16 19:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-02 21:56 - 2014-11-20 12:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-02 21:56 - 2013-04-26 09:39 - 00000000 ____D () C:\Program Files\Java
2015-02-26 14:27 - 2013-11-08 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
2015-02-24 22:12 - 2013-04-25 08:24 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\Adobe
2015-02-24 22:11 - 2013-04-24 17:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 22:11 - 2013-04-24 17:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 - 2013-04-24 14:59 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 14:34 - 2014-09-16 19:28 - 00000000 ___RD () C:\Program Files\Skype
2015-02-23 14:34 - 2013-04-24 17:04 - 00000000 ____D () C:\ProgramData\Skype
2015-02-17 21:48 - 2013-07-13 20:36 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-02-17 14:57 - 2014-04-14 20:53 - 00000000 ____D () C:\Users\Sophokles\Documents\Citavi 4
2015-02-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-16 12:02 - 2013-08-16 01:34 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-02-15 22:49 - 2015-01-22 10:31 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\PDFCreator
2015-02-13 00:21 - 2014-01-11 23:18 - 00000000 ____D () C:\Program Files\Cisco
2015-02-13 00:21 - 2014-01-11 23:17 - 00000000 ____D () C:\ProgramData\Cisco

==================== Files in the root of some directories =======

2014-11-20 12:04 - 2014-11-20 12:04 - 0000093 _____ () C:\Users\Sophokles\AppData\Roaming\ARCompanion.log
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\NTMXMN
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Sophokles\AppData\Roaming\VIWK
2014-12-26 12:21 - 2014-12-26 12:21 - 0000045 _____ () C:\Users\Sophokles\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\YRRKNG
2014-09-11 17:11 - 2014-12-26 18:08 - 0006268 _____ () C:\Users\Sophokles\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-07-22 14:48 - 2013-07-22 14:48 - 0004096 ____H () C:\Users\Sophokles\AppData\Local\keyfile3.drm
2013-07-18 21:30 - 2013-07-18 21:30 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpfajpkm.dll
C:\Users\Sophokles\AppData\Local\Temp\Quarantine.exe
C:\Users\Sophokles\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-07 15:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---

Alt 12.03.2015, 21:02   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 15.03.2015, 16:23   #10
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



hi schrauber,

es wurden einige infizierte dateien erkannt, hier der log:

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=3b362049c5cfc54dba2d9873e82c0dec
# engine=22911
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-15 10:28:21
# local_time=2015-03-15 11:28:21 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 38689 178046492 0 0
# compatibility_mode_1='Sophos Anti-Virus'
# compatibility_mode=8450 16777213 100 99 39114 59603162 0 0
# scanned=162253
# found=118
# cleaned=0
# scan_time=37618
sh=E9636E72B4CDDA097B4045E3F89E5DB626E7A95F ft=0 fh=0000000000000000 vn="Win32/DealPly.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPly.crx.vir"
sh=7C92094B229FF4987F3B8D4370F383859BE445F6 ft=0 fh=0000000000000000 vn="Win32/DealPly.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPly.xpi.vir"
sh=A20741A3A8DD650875410A9F4C507232B53692B6 ft=1 fh=319a2a0a29d653d7 vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir"
sh=5C1C4011CE2CB47F45BACC2E6C7FECF73E5F09DE ft=1 fh=d861a4c832f6c374 vn="Win32/DealPly.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdate.exe.vir"
sh=D511C85A94649134C7BA8ECFD7876125A4C2F832 ft=1 fh=bdced5e2a18ee905 vn="Variante von Win32/DealPly.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateRun.exe.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateVer.exe.vir"
sh=09701018EF1E02FC2BB34DDF0A3A5586C929CDA1 ft=1 fh=0f29f1a0bcd9c16c vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\jZip\Helper.dll.vir"
sh=A2D4EAA0508D769A528ABB12DF8E817B44C50237 ft=1 fh=481aa1df56cccefd vn="Variante von Win32/Toolbar.SearchSuite.V evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\jZip\Uninstall.exe.vir"
sh=17587773B36FA3CD9E91B321E000CDE9E648FBB1 ft=1 fh=8b92853eb28b2ae0 vn="Variante von Win32/SpeedingUpMyPC.F Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\PCSpeedMaximizer.exe.vir"
sh=009C9F4599EFAE0A6026489C95724B249BAD8C43 ft=1 fh=4285fbb026762dc2 vn="Variante von Win32/Adware.SpeedingUpMyPC.C Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PC Speed Maximizer\SPMSmartScan.exe.vir"
sh=1E0714C421895244A47EA3D173275FF8AC86D912 ft=1 fh=be5fa053094c23d9 vn="Variante von Win32/Speedchecker.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\pc speed up\PCSUSD.exe.vir"
sh=6C1F9F75AE58C2430D268970372404005F26DF43 ft=1 fh=04c114ff5823987a vn="Variante von MSIL/Solimba.AC evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\pc speed up\Uninstall_PCSpeedUp.exe.vir"
sh=554F4F77164B0962DCEE14251424D362F661654E ft=1 fh=c71c0011318a4491 vn="Variante von Win32/AdWare.PricePeep.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\PricePeep\pricepeep.dll.vir"
sh=48418FBFEF40F234E6B508403FF4237DABFECA40 ft=1 fh=a6613b57b8c7e341 vn="Win32/Systweak.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\CleanSchedule.exe.vir"
sh=0E88CF03E7770CC7DCB56F0381D93A2896367786 ft=1 fh=d609ebf9480273df vn="Variante von Win32/Systweak.P evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RCPUninstall.exe.vir"
sh=923019F5FEC65F32D6498EE6E5EBD9B5F3DC08EA ft=1 fh=8b51e8f8162ec5ee vn="Variante von Win32/Systweak evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\RegClean Pro\RegCleanPro.exe.vir"
sh=AFB95723B245EB95106EC407D2443BE30426C079 ft=1 fh=045fdc84af3b3525 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\BHOEnabler.exe.vir"
sh=53F226B3D1D3828304E40C6C7A50667ADF23B42A ft=1 fh=e1ea10a5e9416a5c vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface32.dll.vir"
sh=0CB68F399D491465198E3E86F1D2923A211614E7 ft=1 fh=021f675753f993f2 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\DpInterface64.dll.vir"
sh=86EA851108D635D9ED47C01E86899845DFDA3EC7 ft=1 fh=90733a3b10b3e858 vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\HpUI.exe.vir"
sh=A8E3A9E6972C6F8B253EA0E1837AEEBF0A07B187 ft=1 fh=e2a5b168a3934371 vn="Win32/Thinknice.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir"
sh=30E2FB1C671B2808D2E80518D793575965AF2416 ft=1 fh=d06e6f3f3f60e357 vn="Variante von Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect32.dll.vir"
sh=AC11914CC02E023E2EF06A80DEE1701419A5473A ft=1 fh=4cb2d0bd10147652 vn="Win64/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SearchProtect64.dll.vir"
sh=D037F58CF4B36F3B437FAA0D9500720445B27D65 ft=1 fh=b07c7921935b766c vn="Win32/Thinknice.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir"
sh=4139F95644E13A650D4827C943BCC9F2F0F6AA93 ft=1 fh=3b96e1736604b8bc vn="Win32/Thinknice.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\uninstall.exe.vir"
sh=79C9BD304C93AB8FD0544108656A899993DB14EF ft=1 fh=e6f80544d6e8089f vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll32.dll.vir"
sh=96B85214CD9E4FF85AC6144E7EF3DDF9E0F215E6 ft=1 fh=098a6735f96a550a vn="Variante von Win32/Thinknice.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\SupTab\WindowsSupportDll64.dll.vir"
sh=6B8980C431C3DA0A9A7545BC34F38661E7449859 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\43610.crx.vir"
sh=59E1A412050BB2BFA019ECB1EE664179F96C430E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\43610.xpi.vir"
sh=9CEE1FAE08BCD4E520DF211CACEC65D7A4B16139 ft=1 fh=09c9105fe42dce90 vn="Win32/Packed.ScrambleWrapper.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\utils.exe.vir"
sh=47C1E58CD99EA82C2F34152E49900A8E078636BB ft=1 fh=97d439143ab78456 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-bg.exe.vir"
sh=C060629A2DCA2F7D7E70F15CE2BC81B96982D120 ft=1 fh=c71c00113eef2777 vn="Variante von Win32/Toolbar.CrossRider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-bho.dll.vir"
sh=96C2C5309691B56F363CA1800CB2CC8D7DC71DD9 ft=1 fh=c71c00113f60402f vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-buttonutil.dll.vir"
sh=C36BEC330D0B4DA2CE506C8047BDBDE14A3E8042 ft=1 fh=373b907fc5ecb309 vn="Variante von Win32/Toolbar.CrossRider.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-buttonutil.exe.vir"
sh=2A76BBA4D010E8260CA46914EFE13B183044A543 ft=1 fh=745f068a90318296 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-codedownloader.exe.vir"
sh=74B30D890D29959587EF1255DC0C33C6E3131B03 ft=1 fh=894b5d00b5743f53 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-enabler.exe.vir"
sh=05FE78BDC6E7A0C7A00AE84BD11B47023916E557 ft=1 fh=be726c70a13dbe46 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-firefoxinstaller.exe.vir"
sh=E74A0D7F7F20A8FA835271F385F92AB43FE613E4 ft=1 fh=d3800358d72a5d7f vn="Variante von Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-helper.exe.vir"
sh=A8215A3CB4F71FB0AFEC1FD61F03C8275BD039BC ft=1 fh=a10fb3e7fd8064b1 vn="Variante von Win32/Toolbar.CrossRider.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\Video-Saver-1\Video-Saver-1-updater.exe.vir"
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=8E404BAFA9CEAC0628F089B4F1AA879EB5A3404E ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\101_cortica_m.js.vir"
sh=957E505E027C2F899F844C27AC8B82EF94AEBB68 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\102_dealply_m.js.vir"
sh=17F6E2411B6C3A285257D050832B0890BBEC046F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\103_intext_5_m.js.vir"
sh=EB047CB7862459E0F74832AEF6A7954A3663373F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\104_jollywallet_m.js.vir"
sh=F2126D68553053F0A5A411866DEC205E27283EDA ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\105_corticas_m.js.vir"
sh=A69DBD3502EA9C4EDD7DEAFB23A8FC1C97BAB232 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\107_coupish_m.js.vir"
sh=DFB11E05B62F57EDA18112BC002C17EAFD79BEE7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\117_coupons_intext_ads_5_m.js.vir"
sh=9495814AE107F6739D62A09B1829E5A2DCDA1354 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\119_similar_web_m.js.vir"
sh=D10EA105AB5DB329186B0B6F10541DD58058AEB8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\120_luck_m.js.vir"
sh=B985E49C6E0E423954A36327BE2EA87F0F287145 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\123_intext_adv_m.js.vir"
sh=EAAF312959AC9CCF5138825927B5E2D38F57E2E1 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\124_superfish_no_search_no_coupons_m.js.vir"
sh=C6CAA395E5336BD40441D2C738BC46B7CCA2B6E7 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\126_revizer_ws_m.js.vir"
sh=FBCA935E295A6F9DD0A6118DAE63ADB15EC5F2DD ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\127_revizer_p_m.js.vir"
sh=D9E89F57D3A13498640961F3B9954D67D7EA1039 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\129_widdit_m.js.vir"
sh=17483832BF1FA23335B7C1E04A0530AB60CBEDC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\138_getdeal_m.js.vir"
sh=90A4F559561CF603A203F93D56C80B17B8152325 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\141_corticas_ru_m.js.js.vir"
sh=8395A2B6D59D2F3EDDCFC863DDA2F674396DC74C ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\142_intext_fa_m.js.vir"
sh=81C3B657563171D65FE42C52872ECF8EB7924C86 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\171_arcadi2_sourceID_m.js.vir"
sh=93022F69189E8D2F1B4B8717522CA1AFFA59F708 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\92_superfish_m.js.vir"
sh=AFD9829F5C599DA11A6F662604DFB5A53FA88B08 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\mnljlkmkpkhabpdphkcobpnkpdadpjga\1.25.6_0\extensionData\plugins\93_superfish_no_coupons_m.js.vir"
sh=0BE515D981A9DF579DCDB4E5A3EDF8612CABD3ED ft=1 fh=616b3680ba25f774 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A9D3C280CBA66C03790DA07D245BA712E0E7B586 ft=1 fh=a45fa859a7cf42f5 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=45368AE136844A91A743E4F4B08DEB10EA29CD46 ft=1 fh=abb04ec34a72d28a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\sppsm.dll.vir"
sh=83BED53ECA9D40D4B3FEE6CA0A4C287C9F2D3E20 ft=1 fh=6ed60305ff2e1fc4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\spusm.dll.vir"
sh=2BCB218A435F04C6BDA05FF029AE682FF5146DED ft=1 fh=53c08219b54deb49 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\srbs.dll.vir"
sh=7DC46328F710C76F8A93536BA3E7EE21B78D0F31 ft=1 fh=9fb39255f6efd8dd vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\srbu.dll.vir"
sh=BDC7299229A5C91569B937EA6B05DFCF3507DFE3 ft=1 fh=386dbc327014d77a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\srpt.dll.vir"
sh=F77FE39D6C3F3A3DBDAB065042D0D9661DF38F2A ft=1 fh=2f176df30733106d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\srptc.dll.vir"
sh=93ADB6471F65D79BDA04FA9B05217A0787EA30C1 ft=1 fh=b49c0ca9d66ba4b4 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\Resources\ntdis_32.dll.vir"
sh=BE5B11CD438F1E6050BE2AE49EA40D122A79AEEA ft=1 fh=2dacc72bc94d7dbd vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\LPT\Resources\ntdis_64.dll.vir"
sh=2D3BDDC407B3FF4AE8DF623DC4972935FEDDD248 ft=0 fh=0000000000000000 vn="Variante von Win32/Speedchecker.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Microsoft\Silverlight\OutOfBrowser\Speedchecker.PCSpeedUp\application.xap.vir"
sh=9004E960B194FB48BAE40FA755CCA2FA6EA8CC21 ft=1 fh=d13f6dd260913431 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll.vir"
sh=678C93D82B2689A4BBA8FF5058CBB425D43A54C7 ft=1 fh=ec7b898ef9f9a51d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=1BF1E3DFCFC158087E5F1E687F1209728B1D6BC9 ft=1 fh=54e46aae0d0597b1 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=1C76C7EDA209AB2E63C7BAA88FECC086A0818A95 ft=1 fh=f7868cb9d5275140 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=E471F04B8CE9DB37F90290B24B7C75A7693D5137 ft=1 fh=2c3314d1e8cc7f00 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=0BE515D981A9DF579DCDB4E5A3EDF8612CABD3ED ft=1 fh=616b3680ba25f774 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A9D3C280CBA66C03790DA07D245BA712E0E7B586 ft=1 fh=a45fa859a7cf42f5 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=4BC016242DD820F1303C7D3F3FC668C416E4E421 ft=1 fh=579cc8715c85d8f2 vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=C988985F6B122EA61FD67B4D5A5E12CF69E45A9F ft=1 fh=d8b3cd26266138d4 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=FBA867B092E75371FB9516B2A8B86890A88EB9BC ft=1 fh=e8c99910974e855c vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=E6A8699EF5184D23FA574EEC403FA5D4CE2A1388 ft=1 fh=d55def3e39bc6878 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=AE2B5693A056FB23CF0C8543C566C20F7B033D31 ft=1 fh=8ce8267f5f2278d7 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\SnapDo.exe.unused.vir"
sh=D6F56DBB017233F8A41FD5E1E00DD5513855A758 ft=1 fh=9de4c92c515cf7e9 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=4742F0DC58E0109EFEFEF83EEA7FF337B04EC62C ft=1 fh=e92a340158a9c82d vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=45368AE136844A91A743E4F4B08DEB10EA29CD46 ft=1 fh=abb04ec34a72d28a vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=83BED53ECA9D40D4B3FEE6CA0A4C287C9F2D3E20 ft=1 fh=6ed60305ff2e1fc4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=0E8276045E8F5FE7756F8370218FB9236C8579DD ft=1 fh=b750edb1e7e9f570 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\srau.dll.vir"
sh=2BCB218A435F04C6BDA05FF029AE682FF5146DED ft=1 fh=53c08219b54deb49 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=7DC46328F710C76F8A93536BA3E7EE21B78D0F31 ft=1 fh=9fb39255f6efd8dd vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=75D30BF1B96884E148597A16B7291C3A99047787 ft=1 fh=8f7657adeff969d7 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=ECFE4C339056F1B4D545D60D2572D2BC8B14F057 ft=1 fh=e2a6650a8913958f vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=CDBF09F91BE22ACE7B6DB0A043EEDFB31F12FE45 ft=1 fh=0d1ceb38e453a91a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_24.dll.vir"
sh=A0F16D586DE4A39693F9EDCEEDE27E2EB1FD6B2D ft=1 fh=bf81848f21378f19 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=B0F7178D99D6FDF966F7688892C1226A7A585FC6 ft=1 fh=dcf1ada9f331ad98 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=804B96552EC2F2F3D7E0AE28B7D15FE970C1EE3D ft=1 fh=9a0b618ec8318022 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=46F037F0B9844DE9DA4580CFA97226057D87E73B ft=1 fh=c1db539af01d85d1 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=6A5BF3C1DDB75A5E1CB027897E52F91736C689AE ft=1 fh=3092fa5ad2bafa7f vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=DABC08BDF0203F5946101A0EEA51D494E87F67B9 ft=1 fh=7788df8e5b966f5d vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Temp\OCS\ocs_v71.exe.vir"
sh=08A0C25B0BF40535697C1C584ACCDA490D6BC882 ft=1 fh=dbe7f66a50ce49ed vn="Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Temp\OCS\ocs_v71b.exe.vir"
sh=2100C6646BF9D4FCA41DB630C175FEB45E9E94E7 ft=1 fh=7ff22a9e1e42463f vn="Mehrere Bedrohungen" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Local\Temp\VeriBrowse\File Open Error.exe.vir"
sh=143416AAC4F6000C3A3235EB4EC955B4D0B6955E ft=1 fh=b68409d87b15670c vn="Win32/DealPly.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=9F82BB5DC8D4EC6B8B2BB47CB6C329B8AF1C14CE ft=1 fh=c92ed1f3ca58c043 vn="Win32/InstallCore.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Roaming\Mipony Download Manager Packages\uninstaller.exe.vir"
sh=FD93B99EA823374C39DDBC779DEA9C89E9228FC6 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\bffu3egs.default\Extensions\2c00d621-d4ea-4a60-9955-d7c1bbfdbd41@fc3a5676-852f-49e9-9e67-915ddf82ce52.com\extensionData\plugins\91_monetizationLoader.js.js.vir"
sh=19DC837674578FA95327EE2C06C906BDFB64C440 ft=1 fh=84d2bf3110b45a14 vn="Variante von Win32/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Sophokles\AppData\Roaming\OpenCandy\4528632B9B7A4B3ABC653DD64E30A179\Installer.exe.vir"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sophokles\AppData\Roaming\NTMXMN"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sophokles\AppData\Roaming\VIWK"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Sophokles\AppData\Roaming\YRRKNG"
sh=BA114B5367FC1FAECEFA6E8C2AD3BA48DDF4ED6E ft=1 fh=1ee0cb93acc3c685 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\Smartbar.Resources.HistoryAndStatsWrapper.dll"
sh=A73ED04B80A73BC57B3C5159B8DD6F7B9912C85B ft=1 fh=d533229126aeee8c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\Smartbar.Resources.LanguageSettings.resources.dll"
sh=768F7F788A5ECC2BD2286688757A3A036C772AE4 ft=1 fh=c33abae690c084d5 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\spbe.dll"
sh=A36F3E4324804FFA61D43A7D9EC8443D884F08EE ft=1 fh=adf44990dfaaf6c5 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\spbl.dll"
sh=DC38B807BB1D2EF80DAF3A9C290F42F7B8669DD2 ft=1 fh=a661763030207be3 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\sppsm.dll"
sh=23679407BCBC6A10D526A82610EC6E2229DC4417 ft=1 fh=249168098290c5bb vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\spusm.dll"
sh=525C11526797775AEA5073A956B6FEE1D3DD8218 ft=1 fh=a0b25a769d71ef0f vn="Variante von MSIL/Toolbar.Linkury.C evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\srbs.dll"
sh=0A6872983FFBA9D04EFB93F5EDFB69A43DA8C892 ft=1 fh=3fe325a05ea6a1fd vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\srbu.dll"
sh=263B3384E9CDBBE6F016ED58AFD0177C1870BEF6 ft=1 fh=4ad1c55cef5c6bd5 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\srpt.dll"
sh=402D07A609B87A7423519CF5E92EFABD680E25C1 ft=1 fh=975ca40ab2a2c634 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\MSIFDC0.tmp-\srpu.dll"
         
der Security Check ergab folgendes:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.97  
 Windows 7 Service Pack 1 x86 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
Sophos Anti-Virus   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 CCleaner     
 Java 8 Update 31  
 Java version 32-bit out of Date! 
  Java 64-bit 8 Update 31  
 Adobe Flash Player 	16.0.0.305  
 Adobe Reader XI  
 Mozilla Firefox (36.0.1) 
 Mozilla Thunderbird (31.5.0) 
````````Process Check: objlist.exe by Laurent````````  
 Sophos Sophos Anti-Virus SavService.exe  
 Sophos Sophos Anti-Virus SAVAdminService.exe  
 Sophos Sophos Anti-Virus Web Control swc_service.exe 
 Sophos Sophos Anti-Virus Web Intelligence swi_service.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
und ..

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 11-03-2015
Ran by Sophokles (administrator) on SOPHOKLES-PC on 15-03-2015 11:47:20
Running from C:\Users\Sophokles\Desktop
Loaded Profiles: Sophokles (Available profiles: Sophokles)
Platform: Microsoft Windows 7 Professional N  Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(pdfforge GmbH) C:\Program Files\PDF Architect\HelperService.exe
(pdfforge GmbH) C:\Program Files\PDF Architect\ConversionService.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe
(Sophos Limited) C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Connectify) C:\Program Files\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files\Connectify\Connectifyd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Schomäcker GmbH) C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\concentr.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\redirector.exe
(Sophos Limited) C:\Program Files\Sophos\AutoUpdate\ALMon.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\Receiver\Receiver.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\ICA Client\wfcrun32.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfServicePlugin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Dropbox, Inc.) C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Citrix Systems, Inc.) C:\Program Files\Citrix\SelfServicePlugin\SelfService.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [9755240 2010-10-19] (Realtek Semiconductor)
HKLM\...\Run: [QPilotClientGUI] => C:\Program Files\Q-Pilot Client\GUI\QPilot-Client-GUI.exe [18442752 2010-04-21] (Schomäcker GmbH)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [185896 2013-10-28] (Geek Software GmbH)
HKLM\...\Run: [ConnectionCenter] => C:\Program Files\Citrix\ICA Client\concentr.exe [395616 2014-09-03] (Citrix Systems, Inc.)
HKLM\...\Run: [Redirector] => C:\Program Files\Citrix\ICA Client\redirector.exe [153952 2014-09-03] (Citrix Systems, Inc.)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Program Files\Sophos\AutoUpdate\almon.exe [1593640 2015-03-03] (Sophos Limited)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707984 2014-11-19] (Cisco Systems, Inc.)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [157480 2015-02-13] (Apple Inc.)
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [f.lux] => C:\Users\Sophokles\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5282584 2014-11-21] (Piriform Ltd)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [354304 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> 
AppInit_DLLs: c:\PROGRA~1\Sophos\SOPHOS~1\sophos_detoured.dll => c:\Program Files\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2015-01-13] (Sophos Limited)
Startup: C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Citavi Picker -> {609D670F-B735-4da7-AC6D-F3BD358E325E} -> C:\Windows\system32\mscoree.dll [2010-11-20] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-03-02] (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-03-02] (Oracle Corporation)
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL [2000-04-19] (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll [2014-09-03] (Citrix Systems, Inc.)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Winsock: Catalog9 01 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 02 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 03 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 04 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 05 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 06 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 07 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 08 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Winsock: Catalog9 21 C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll [126760] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-24] ()
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin: @Citrix.com/npican -> C:\Program Files\Citrix\ICA Client\npicaN.dll [2014-09-03] (Citrix Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-03-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-03-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @nullsoft.com/winampDetector;version=1 -> C:\Program Files\Winamp Detect\npwachk.dll [2013-12-13] (Nullsoft, Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2013-04-11] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: ProxTube - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\Extensions\ich@maltegoetz.de.xpi [2015-03-03]
FF Extension: SciLor's Grooveshark(tm) Unlocker for Germany - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\Extensions\SciLorsGrooveUnlocker@scilor.com.xpi [2015-03-03]
FF Extension: Adblock Plus - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\6b5zntlu.default-1425421356005\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-03]
FF HKLM\...\Firefox\Extensions: [FFPDFArchitectConverter@pdfarchitect.com] - C:\Program Files\PDF Architect\FFPDFArchitectExt
FF Extension: PDF Architect Converter For Firefox - C:\Program Files\PDF Architect\FFPDFArchitectExt [2013-06-17]
FF HKLM\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2014-04-14]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff [2014-05-16]
FF HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Profiles\bffu3egs.default\extensions\cliqz@cliqz.com

Chrome: 
=======
CHR Profile: C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (getithd) - C:\Users\Sophokles\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcejcjdkakbnmifgblkhmckcccjfeljg [2014-01-20]
CHR HKLM\...\Chrome\Extension: [aakchaleigkohafkfjfjbblobjifikek] - C:\Users\Sophokles\AppData\LocalLow\proxtube\CHROME\proxtube.crx [2012-04-19]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 ALG; C:\Windows\System32\alg.exe [59392 2014-09-05] (Microsoft Corporation) [File not signed]
S4 aspnet_state; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [30720 2014-09-05] (Microsoft Corporation) [File not signed]
S4 clr_optimization_v2.0.50727_32; C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [60416 2014-09-05] (Microsoft Corporation) [File not signed]
S2 clr_optimization_v4.0.30319_32; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [89600 2014-09-05] (Microsoft Corporation) [File not signed]
R2 Connectify; C:\Program Files\Connectify\ConnectifyService.exe [217088 2015-02-23] (Connectify) [File not signed]
S3 cphs; C:\Windows\system32\IntelCpHeciSvc.exe [270848 2014-09-05] (Intel Corporation) [File not signed]
S3 Fax; C:\Windows\system32\fxssvc.exe [523264 2014-09-05] (Microsoft Corporation) [File not signed]
S2 idsvc; C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [872448 2014-09-05] (Microsoft Corporation) [File not signed]
S3 MSDTC; C:\Windows\System32\msdtc.exe [134144 2014-09-05] (Microsoft Corporation) [File not signed]
S2 ose; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [138240 2014-09-05] (Microsoft Corporation) [File not signed]
R2 PDF Architect Helper Service; C:\Program Files\PDF Architect\HelperService.exe [1320496 2013-04-08] (pdfforge GmbH)
R2 PDF Architect Service; C:\Program Files\PDF Architect\ConversionService.exe [799280 2013-04-08] (pdfforge GmbH)
R2 QPilotClientService; C:\Program Files\Q-Pilot Client\Service\QPilot-Client-Service.exe [10706432 2010-04-21] (Schomäcker GmbH) [File not signed]
R2 SAVAdminService; C:\Program Files\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-05-21] (Sophos Limited)
R2 SAVService; C:\Program Files\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-10-14] (Sophos Limited)
S3 SNMPTRAP; C:\Windows\System32\snmptrap.exe [12800 2014-09-05] (Microsoft Corporation) [File not signed]
R2 Sophos AutoUpdate Service; C:\Program Files\Sophos\AutoUpdate\ALsvc.exe [340776 2015-03-03] (Sophos Limited)
R2 Sophos Web Control Service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe [341800 2014-10-14] (Sophos Limited)
R2 swi_service; C:\Program Files\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2015-01-13] (Sophos Limited)
S2 swi_update; C:\ProgramData\Sophos\Web Intelligence\swi_update.exe [1487144 2015-01-13] (Sophos Limited)
S2 UI0Detect; C:\Windows\system32\UI0Detect.exe [35840 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vds; C:\Windows\System32\vds.exe [453632 2014-09-05] (Microsoft Corporation) [File not signed]
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [562576 2014-11-19] (Cisco Systems, Inc.)
S3 VSS; C:\Windows\system32\vssvc.exe [1025536 2014-09-05] (Microsoft Corporation) [File not signed]
S2 WatAdminSvc; C:\Windows\system32\Wat\WatAdminSvc.exe [1333760 2014-09-05] (Microsoft Corporation) [File not signed]
S2 wbengine; C:\Windows\system32\wbengine.exe [1203200 2014-09-05] (Microsoft Corporation) [File not signed]
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
R2 wmiApSrv; C:\Windows\system32\wbem\WmiApSrv.exe [136192 2014-09-05] (Microsoft Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ACPIVPC; C:\Windows\System32\DRIVERS\AcpiVpc.sys [23136 2010-01-20] (Lenovo Corporation)
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92528 2014-11-19] (Cisco Systems, Inc.)
R1 cnnctfy3; C:\Windows\System32\DRIVERS\cnnctfy3.sys [36520 2014-12-11] (Connectify)
S3 FFUsbAudio; C:\Windows\System32\DRIVERS\ffusbaudio.sys [31744 2010-03-05] (Focusrite Audio Engineering Ltd.)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [30976 2014-10-10] ()
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-03-12] (Malwarebytes Corporation)
R3 MEI; C:\Windows\System32\DRIVERS\HECI.sys [41088 2010-10-19] (Intel Corporation)
R1 SAVOnAccess; C:\Windows\System32\DRIVERS\savonaccess.sys [134912 2014-05-20] (Sophos Limited)
S3 sdcfilter; C:\Windows\System32\DRIVERS\sdcfilter.sys [34560 2014-05-20] (Sophos Limited)
R1 SKMScan; C:\Windows\System32\DRIVERS\skmscan.sys [33408 2014-05-20] (Sophos Limited)
S4 SophosBootDriver; C:\Windows\System32\DRIVERS\SophosBootDriver.sys [23680 2014-05-20] (Sophos Limited)
S3 vpnva; C:\Windows\System32\DRIVERS\vpnva-6.sys [43888 2014-03-12] (Cisco Systems, Inc.)
S3 catchme; \??\C:\Users\SOPHOK~1\AppData\Local\Temp\catchme.sys [X]
S3 RSUSBVSTOR; System32\Drivers\RtsUVStor.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 11:47 - 2015-03-15 11:48 - 00022033 _____ () C:\Users\Sophokles\Desktop\FRST.txt
2015-03-15 00:42 - 2015-03-15 00:42 - 00000000 ____D () C:\Program Files\ESET
2015-03-15 00:39 - 2015-03-15 00:39 - 02347384 _____ (ESET) C:\Users\Sophokles\Downloads\esetsmartinstaller_deu.exe
2015-03-15 00:10 - 2015-03-15 00:11 - 00852604 _____ () C:\Users\Sophokles\Desktop\SecurityCheck.exe
2015-03-12 11:46 - 2015-03-12 11:46 - 01388333 _____ (Thisisu) C:\Users\Sophokles\Desktop\JRT.exe
2015-03-12 11:33 - 2015-03-12 11:34 - 02171392 _____ () C:\Users\Sophokles\Desktop\adwcleaner_4.112.exe
2015-03-12 10:27 - 2015-03-12 10:28 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-12 10:27 - 2015-03-12 10:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
2015-03-12 10:27 - 2015-03-12 10:27 - 00000000 ____D () C:\Program Files\ Malwarebytes Anti-Malware 
2015-03-12 10:27 - 2014-11-21 06:14 - 00075480 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-12 10:27 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-12 10:27 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-11 18:07 - 2015-03-11 18:07 - 00018562 _____ () C:\ComboFix.txt
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\ProgramData\B0FFCDD9-5261-4e59-B29A-17A4FABDEBAB
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\Program Files\iTunes
2015-03-11 16:02 - 2015-03-11 16:02 - 00000000 ____D () C:\Program Files\iPod
2015-03-11 13:01 - 2015-03-11 18:22 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-10 23:00 - 2015-03-12 11:57 - 01135104 _____ (Farbar) C:\Users\Sophokles\Desktop\FRST.exe
2015-03-10 22:54 - 2015-02-26 04:11 - 02381312 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-10 22:54 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-10 22:54 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-10 22:54 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-10 22:53 - 2015-03-06 06:15 - 00137656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-10 22:53 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-10 22:53 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-10 22:53 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-10 22:53 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-10 22:53 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-10 22:53 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-10 22:53 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-10 22:53 - 2015-02-20 03:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-10 22:53 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-10 22:53 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-10 22:53 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-10 22:53 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-10 22:53 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-10 22:53 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-10 22:53 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-10 22:53 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-10 22:53 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-10 22:53 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-10 22:53 - 2015-02-20 02:56 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-10 22:53 - 2015-02-20 02:50 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-10 22:53 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-10 22:53 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-10 22:53 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-10 22:53 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-10 22:53 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-10 22:53 - 2015-02-20 02:24 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-10 22:53 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-10 22:53 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-10 22:53 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-10 22:53 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-10 22:53 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-10 22:52 - 2015-03-06 06:15 - 00067512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-10 22:52 - 2015-03-06 06:10 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-10 22:52 - 2015-03-06 06:10 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-10 22:52 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-10 22:52 - 2015-03-06 06:09 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-10 22:52 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-10 22:52 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-10 22:52 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-10 22:52 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-10 22:52 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-10 22:52 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-10 22:52 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-03-10 22:52 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-10 22:52 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-10 22:52 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-10 22:52 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-10 22:52 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-10 22:52 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-10 22:52 - 2015-01-31 00:56 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-10 22:51 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-10 22:51 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-10 22:51 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-10 22:51 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-10 22:51 - 2015-02-03 04:11 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-10 22:51 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-10 22:51 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-10 22:51 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-10 22:51 - 2015-02-03 03:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-10 22:51 - 2014-10-31 23:22 - 00521384 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-10 22:51 - 2014-06-28 01:21 - 00455752 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-03-10 22:51 - 2014-06-28 01:21 - 00409272 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-10 12:18 - 2015-03-12 10:41 - 00000000 ____D () C:\Users\Sophokles\Desktop\Wohngeld
2015-03-09 00:15 - 2015-03-11 17:59 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\CrashDumps
2015-03-06 13:00 - 2015-03-15 00:27 - 00000728 _____ () C:\Windows\setupact.log
2015-03-06 13:00 - 2015-03-06 13:00 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-06 12:59 - 2015-03-12 11:39 - 00002358 _____ () C:\Windows\PFRO.log
2015-03-06 12:59 - 2015-03-12 10:20 - 00412656 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-06 00:51 - 2015-03-06 00:51 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-03-04 12:28 - 2015-03-04 12:28 - 00111264 _____ () C:\Users\Sophokles\AppData\Local\GDIPFONTCACHEV1.DAT
2015-03-04 12:15 - 2015-03-04 12:15 - 00309304 _____ () C:\Users\Sophokles\Documents\cc_20150304_121512.reg
2015-03-04 10:08 - 2015-03-04 10:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-04 09:24 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-03-04 09:18 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-04 09:18 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-03-04 09:18 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-03-04 09:18 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-03-04 09:18 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-03-04 09:15 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-03-04 09:15 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-03-04 09:15 - 2014-11-11 02:32 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-03-04 09:14 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-03-04 09:14 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-03-04 09:14 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-03-04 09:09 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-03-04 09:08 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-04 09:07 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-04 09:07 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-04 09:07 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-04 09:07 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-03-04 09:06 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-03-04 09:06 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-03-04 09:06 - 2014-07-17 02:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-03-04 09:06 - 2014-07-17 02:03 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-03-04 09:06 - 2014-07-17 02:02 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-03-04 09:05 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-04 09:05 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-03-04 09:05 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-03-04 09:04 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-04 09:04 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-04 09:04 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-04 09:04 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-03-04 09:04 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-03-04 09:04 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-03-04 09:01 - 2014-10-14 02:50 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-03-04 09:00 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-04 08:07 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-03-04 07:56 - 2015-03-04 07:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-03-04 07:55 - 2015-03-04 07:56 - 00000000 ____D () C:\Program Files\CCleaner
2015-03-04 00:50 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-03-04 00:50 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-03-04 00:50 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-03-04 00:48 - 2015-03-04 00:48 - 00000000 ____D () C:\Users\Sophokles\Downloads\lang
2015-03-04 00:48 - 2013-01-08 06:04 - 00005535 _____ () C:\Users\Sophokles\Downloads\License.txt
2015-03-04 00:32 - 2015-03-04 08:20 - 00000000 ____D () C:\Windows\Minidump
2015-03-04 00:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-03-04 00:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-03-04 00:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-03-04 00:18 - 2015-03-11 18:07 - 00000000 ____D () C:\Qoobox
2015-03-04 00:17 - 2015-03-11 18:04 - 00000000 ____D () C:\Windows\erdnt
2015-03-02 10:37 - 2015-03-02 10:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2015
2015-02-25 20:41 - 2015-02-26 16:34 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2015-02-23 22:45 - 2015-02-23 22:45 - 00000355 _____ () C:\Users\Sophokles\Documents\Computer - Verknüpfung.lnk
2015-02-13 00:21 - 2015-02-13 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-15 11:47 - 2014-11-03 19:18 - 00000000 ____D () C:\FRST
2015-03-15 11:44 - 2013-04-24 11:49 - 01563461 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 11:21 - 2013-04-24 17:07 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-15 00:36 - 2013-08-16 06:49 - 00000000 ___RD () C:\Users\Sophokles\Dropbox
2015-03-15 00:36 - 2013-08-16 01:32 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Dropbox
2015-03-15 00:35 - 2013-08-16 01:34 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-03-15 00:35 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 00:35 - 2009-07-14 05:02 - 00028368 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 00:31 - 2013-12-25 11:11 - 00000000 ____D () C:\Program Files\Recuva
2015-03-15 00:27 - 2009-07-14 05:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-14 21:33 - 2013-04-24 17:04 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Skype
2015-03-14 17:26 - 2010-11-20 22:03 - 00006292 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-12 11:38 - 2013-11-22 12:24 - 00000000 ____D () C:\AdwCleaner
2015-03-12 03:29 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-03-11 18:07 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-03-11 18:07 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-03-11 17:57 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-03-11 16:15 - 2013-05-10 15:06 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\Audacity
2015-03-11 16:15 - 2013-04-25 18:23 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\vlc
2015-03-11 16:02 - 2013-05-11 22:20 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-11 09:17 - 2013-07-28 19:05 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 09:07 - 2013-04-28 20:56 - 119837696 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 23:57 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-03-09 01:09 - 2014-12-07 18:26 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-03-09 01:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Help
2015-03-08 23:27 - 2013-05-12 01:03 - 00000000 ____D () C:\Users\Sophokles\AppData\Roaming\FileZilla
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-03-04 18:51 - 2013-05-12 01:03 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-03-04 14:30 - 2014-09-22 19:59 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\com
2015-03-04 10:42 - 2015-02-12 15:20 - 00000000 ____D () C:\Users\Sophokles\Desktop\Masti
2015-03-04 10:30 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2015-03-04 10:09 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-03-04 10:08 - 2014-05-09 12:23 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-04 10:08 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\AppCompat
2015-03-04 09:23 - 2013-04-26 20:09 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-04 08:25 - 2015-01-21 15:52 - 00000000 ____D () C:\Program Files\PDFCreator
2015-03-04 08:25 - 2014-12-11 21:35 - 00000000 ____D () C:\Program Files\Connectify
2015-03-04 08:22 - 2013-04-24 12:45 - 00000000 ____D () C:\Windows\Panther
2015-03-03 23:54 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Registration
2015-03-02 21:59 - 2013-10-16 19:54 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-02 21:56 - 2014-11-20 12:02 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-03-02 21:56 - 2013-04-26 09:39 - 00000000 ____D () C:\Program Files\Java
2015-02-26 14:27 - 2013-11-08 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitZipper
2015-02-24 22:12 - 2013-04-25 08:24 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\Adobe
2015-02-24 22:11 - 2013-04-24 17:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-02-24 22:11 - 2013-04-24 17:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-02-24 03:23 - 2013-04-24 14:59 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-02-23 14:34 - 2014-09-16 19:28 - 00000000 ___RD () C:\Program Files\Skype
2015-02-23 14:34 - 2013-04-24 17:04 - 00000000 ____D () C:\ProgramData\Skype
2015-02-17 21:48 - 2013-07-13 20:36 - 00000000 _____ () C:\Windows\system32\vireng.log
2015-02-17 14:57 - 2014-04-14 20:53 - 00000000 ____D () C:\Users\Sophokles\Documents\Citavi 4
2015-02-17 13:53 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-15 22:49 - 2015-01-22 10:31 - 00000000 ____D () C:\Users\Sophokles\AppData\Local\PDFCreator
2015-02-13 00:21 - 2014-01-11 23:18 - 00000000 ____D () C:\Program Files\Cisco
2015-02-13 00:21 - 2014-01-11 23:17 - 00000000 ____D () C:\ProgramData\Cisco

==================== Files in the root of some directories =======

2014-11-20 12:04 - 2014-11-20 12:04 - 0000093 _____ () C:\Users\Sophokles\AppData\Roaming\ARCompanion.log
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\NTMXMN
2014-09-01 09:18 - 2014-09-01 09:18 - 0002086 _____ () C:\Users\Sophokles\AppData\Roaming\VIWK
2014-12-26 12:21 - 2014-12-26 12:21 - 0000045 _____ () C:\Users\Sophokles\AppData\Roaming\WB.CFG
2014-09-01 09:18 - 2014-09-01 09:18 - 0001248 _____ () C:\Users\Sophokles\AppData\Roaming\YRRKNG
2014-09-11 17:11 - 2014-12-26 18:08 - 0006268 _____ () C:\Users\Sophokles\AppData\Local\Citavi Picker Internet Explorer Protocol.txt
2013-07-22 14:48 - 2013-07-22 14:48 - 0004096 ____H () C:\Users\Sophokles\AppData\Local\keyfile3.drm
2013-07-18 21:30 - 2013-07-18 21:30 - 0005033 _____ () C:\ProgramData\mtbjfghn.xbe

Some content of TEMP:
====================
C:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxuayni.dll
C:\Users\Sophokles\AppData\Local\Temp\Quarantine.exe
C:\Users\Sophokles\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Sophokles\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-07 15:42

==================== End Of Log ============================
         
--- --- ---

--- --- ---

--- --- ---

--- --- ---


was passiert mit den infizierten dateien?

die vorherigen probleme (bsp. videos laufen nicht) sind nicht mehr da.
vielen dank für die hilfe an dieser stelle nochmal!!

Fehler, die gerade noch auftreten und möglicherweise damit in Verbindung stehen:

1. beim ersten Öffnen einer Microsoft Word-Datei kommt immer die Meldung "Bei der Weitergabe des Befehls ist ein Fehler aufgetreten", der zweite Öffnungsversuch gelingt meist problemlos.

2. Ich musste ESET zwei Mal durchlaufen lassen, da ich beim ersten Durchlauf den log-Eintrag zwar schon als Antwort in den Post kopiert hatte (ohne abzuschicken), er aber sonst nirgends mehr gespeichert war (da ESET schon deinstalliert war) und die Seite sich irgendwann neu geladen hatte.
Daraufhin musste ich ESET noch einmal durchlaufen lassen, um den log-Eintrag hier posten zu können. Auch den Security Check habe ich zwei mal durchlaufen lassen und beim ersten security check ist ein anderer log-Eintrag entstanden:
Code:
ATTFilter
 UNSUPPORTED OPERATING SYSTEM! ABORTED!
         
den zweiten Security Check-Log habe ich oben bereits gepostet.
Dazu muss ich noch erwähnen, dass ich ständig Meldungen bekomme, dass mein Windows keine Originalkopie sei, was nicht der Fall ist. Habe eine Lizens an der Uni erhalten.

Geändert von Sophus (15.03.2015 um 17:21 Uhr)

Alt 15.03.2015, 20:15   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Java updaten.

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Users\Sophokles\AppData\Roaming\NTMXMN

C:\Users\Sophokles\AppData\Roaming\VIWK

C:\Users\Sophokles\AppData\Roaming\YRRKNG

C:\Windows\Installer\MSIFDC0.tmp-
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: C:\Windows\Tasks\NTMXMN.job => C:\Users\Sophokles\AppData\Roaming\NTMXMN.exe <==== ATTENTION

Task: C:\Windows\Tasks\VIWK.job => C:\Users\Sophokles\AppData\Roaming\VIWK.exe <==== ATTENTION

Task: C:\Windows\Tasks\YRRKNG.job => C:\Users\Sophokles\AppData\Roaming\YRRKNG.exe <==== ATTENTION
Emptytemp:
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.





  • Lade Dir bitte Windows Repair - All in one von tweaking.com hier herunter und installiere es.
  • Deaktiviere bitte (wenn möglich) Dein Antivirusprogramm.
  • Bedenke, dass die einzelnen Reparaturen einige Zeit benötigen. Starte keine anderen Anwendungen in dieser Zeit.
  • Starte das Programm und führe die Punkte 1-5 durch. (Siehe Bildanleitung)
  • Achte darauf, dass bei Dir die Häkchen so gesetzt sind wie unter Punkt 4.
  • Setze auch ein Häkchen bei "Restart/Shutdown System" und klicke "Restart System" an bevor Du Punkt 5 durchführst.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.03.2015, 11:11   #12
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



ok, alles gemacht. hier der fixlog:

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 11-03-2015
Ran by Sophokles at 2015-03-15 22:43:36 Run:3
Running from C:\Users\Sophokles\Desktop
Loaded Profiles: Sophokles (Available profiles: Sophokles)
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\Users\Sophokles\AppData\Roaming\NTMXMN

C:\Users\Sophokles\AppData\Roaming\VIWK

C:\Users\Sophokles\AppData\Roaming\YRRKNG

C:\Windows\Installer\MSIFDC0.tmp-
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

Task: C:\Windows\Tasks\NTMXMN.job => C:\Users\Sophokles\AppData\Roaming\NTMXMN.exe <==== ATTENTION

Task: C:\Windows\Tasks\VIWK.job => C:\Users\Sophokles\AppData\Roaming\VIWK.exe <==== ATTENTION

Task: C:\Windows\Tasks\YRRKNG.job => C:\Users\Sophokles\AppData\Roaming\YRRKNG.exe <==== ATTENTION
Emptytemp:
         
*****************

"C:\Users\Sophokles\AppData\Roaming\NTMXMN" => File/Directory not found.
"C:\Users\Sophokles\AppData\Roaming\VIWK" => File/Directory not found.
"C:\Users\Sophokles\AppData\Roaming\YRRKNG" => File/Directory not found.
"C:\Windows\Installer\MSIFDC0.tmp-" => File/Directory not found.
"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
HKLM\SOFTWARE\Policies\Google => Key not found. 
HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\SOFTWARE\Policies\Google => Key not found. 
C:\Windows\Tasks\NTMXMN.job not found.
C:\Windows\Tasks\VIWK.job not found.
C:\Windows\Tasks\YRRKNG.job not found.
EmptyTemp: => Removed 14.9 MB temporary data.


The system needed a reboot. 

==== End of Fixlog 22:43:41 ====
         

Alt 16.03.2015, 17:06   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



Frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 16.03.2015, 18:26   #14
Sophus
 
Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



das snap.do problem ist behoben. danke dafür
dass ich keine originalkopie von windows habe,
wird mir immer noch angezeigt.


Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 11-03-2015
Ran by Sophokles at 2015-03-16 18:20:21
Running from C:\Users\Sophokles\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Sophos Anti-Virus (Enabled - Up to date) {6BABF8F7-3EB6-BD1D-9167-8C5ECA060A29}
AS: Sophos Anti-Virus (Enabled - Up to date) {D0CA1913-188C-B293-ABD7-B72CB1814094}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Apple Application Support (32-Bit) (HKLM\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{E1DB0812-2D60-43DB-AE09-6C7027D93B28}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Client Installation Program (HKLM\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
Audacity 2.0.3 (HKLM\...\Audacity_is1) (Version: 2.0.3 - Audacity Team)
Bass Station 1.6 (HKLM\...\{ABAF1232-6213-4062-9D52-04E04A730CEA}_is1) (Version: 1.6 - Novation Digital Music Systems Ltd.)
BitZipper 2013 (HKLM\...\BitZipper_is1) (Version: 2013.13.4.16 - Bitberry Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.00 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.06073 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.06073 - Cisco Systems, Inc.) Hidden
Citavi 4 (HKLM\...\{CC0A85B2-734A-45B3-B678-05F6A6499AC7}) (Version: 4.3.0.15 - Swiss Academic Software)
Citrix Receiver (HKLM\...\CitrixOnlinePluginPackWeb) (Version: 14.1.200.13 - Citrix Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
Connectify 2015 (HKLM\...\Connectify) (Version: 2015.0.3.34560 - Connectify)
Dropbox (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Dropbox) (Version: 3.2.9 - Dropbox, Inc.)
EPUB File Reader (HKLM\...\{818C5857-5C74-4CAC-9F43-E5597086852D}_is1) (Version:  - epubfilereader.com)
f.lux (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Flux) (Version:  - )
FileZilla Client 3.10.2 (HKLM\...\FileZilla Client) (Version: 3.10.2 - Tim Kosse)
Focusrite Plug-in Suite 1.0.2 (HKLM\...\{CF07B703-ACF2-4003-AF18-1EA840920D38}}_is1) (Version: 1.0.2 - Focusrite Audio Engineering Ltd.)
Focusrite USB 2.0 Audio Driver 2.2 (HKLM\...\Focusrite USB 2.0 Audio Driver_is1) (Version: 2.2 - Focusrite Audio Engineering Limited.)
Focusrite USB Audio Driver 1.8 (HKLM\...\Focusrite USB Audio Driver_is1) (Version: 1.8 - Focusrite Audio Engineering Ltd.)
Free PDF to Word Doc Converter v1.1 (HKLM\...\Free PDF to Word Doc Converter_is1) (Version: 1.1 - www.hellopdf.com)
Free YouTube to MP3 Converter version 3.12.35.514 (HKLM\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.35.514 - DVDVideoSoft Ltd.)
Intel(R) Processor Graphics (HKLM\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
iTunes (HKLM\...\{3A9FE6B1-EE7F-40AC-B831-AC7C9ABB58A0}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
jMemorize (HKLM\...\jMemorize) (Version:  - )
Live 8.0.9 (HKLM\...\Live 8.0.9) (Version:  - )
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Text-to-Speech Engine 4.0 (English) (HKLM\...\MSTTS) (Version:  - )
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Mozilla Firefox 36.0.1 (x86 de) (HKLM\...\Mozilla Firefox 36.0.1 (x86 de)) (Version: 36.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Mozilla Thunderbird 31.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 31.5.0 (x86 de)) (Version: 31.5.0 - Mozilla)
MyStudioPC 2.05.02.00 (HKLM\...\InstallShield_{E37404FC-DD7A-468B-8692-C4065B382D84}) (Version: 2.05.02.00 - Japanese Society for Rehabilitation of Persons with Disabilities)
MyStudioPC 2.05.02.00 (Version: 2.05.02.00 - Japanese Society for Rehabilitation of Persons with Disabilities) Hidden
ODF Add-in for Microsoft Office (HKLM\...\{2BC21CD2-8053-406A-80F6-9AB61717B49D}) (Version: 4.0.5309.0 - OpenXML/ODF Translator Team)
Online Plug-in (Version: 14.1.200.13 - Citrix Systems, Inc.) Hidden
PCFriendly (HKLM\...\PCFriendly) (Version:  - )
PDF Architect (HKLM\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF24 Creator 6.0.1 (HKLM\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version:  - PDF24.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 2.0.1 - pdfforge)
PhotoFiltre 7 (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\PhotoFiltre 7) (Version:  - )
Q-Pilot Client 4.0.0.5727 (HKLM\...\{870126DA-33D5-4DA8-BB6D-6E3A61969072}) (Version: 4.0.0.5727 - Schomäcker GmbH)
Q-Pilot: Konfiguration der Druck-Queues und -Treiber (HKLM\...\HRZQPilotQueues) (Version: 0.51 - Uni Marburg, HRZ)
QuickTime 7 (HKLM\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6225 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
Saffire MixControl 3.2 (HKLM\...\Saffire PRO 40_is1) (Version: 3.2 - Focusrite Audio Engineering Ltd.)
Scarlett MixControl 1.3 (HKLM\...\Saffire USB 26_is1) (Version: 1.3 - Focusrite Audio Engineering Limited)
SciLor's grooveshark™.com Downloader 0.4.12 (HKLM\...\{DDEAE484-D5FB-49CB-BD47-9512E8ACCA65}_is1) (Version: 0.4.12 - SciLor)
Self-Service Plug-in (Version: 4.1.200.588 - Citrix Systems, Inc.) Hidden
Skype™ 7.1 (HKLM\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.1.105 - Skype Technologies S.A.)
Sophos Anti-Virus (HKLM\...\{D929B3B5-56C6-46CC-B3A3-A1A784CBB8E4}) (Version: 10.3.12 - Sophos Limited)
Sophos AutoUpdate (HKLM\...\{7CD26A0C-9B59-4E84-B5EE-B386B2F7AA16}) (Version: 4.1.0.273 - Sophos Limited)
Sophos Virus Removal Tool (HKLM\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.3 - Sophos Limited)
TexMakerX 2.1 (HKLM\...\TexMakerX_is1) (Version: 2.1 - Benito van der Zander)
Tweaking.com - Windows Repair (All in One) (HKLM\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.11.2 - Tweaking.com)
VLC media player 2.0.6 (HKLM\...\VLC media player) (Version: 2.0.6 - VideoLAN)
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (03/27/2013 2.5.64.2) (HKLM\...\33363B6D2E200ED19F75DDF6CC777BB5A1947A25) (Version: 03/27/2013 2.5.64.2 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/10/2012 2.4.128.0) (HKLM\...\4214A1CFC1A368A5078729BFD4B211F0CDB5CEC5) (Version: 09/10/2012 2.4.128.0 - Focusrite)
Windows-Treiberpaket - Focusrite USB 2.0 Audio Driver (09/22/2011 2.2.0.0) (HKLM\...\54CB6483AA6621FEF67643C55EC698A0CF71605E) (Version: 09/22/2011 2.2.0.0 - Focusrite)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3804236533-1989176325-2614330732-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)

==================== Restore Points  =========================

16-03-2015 13:11:48 Removed Java 8 Update 40

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:04 - 2015-03-16 11:07 - 00000893 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {01EF53E7-048B-4323-A594-1BC40BF06A66} - System32\Tasks\{3A2AC715-DABB-41D7-94E0-A6C823338DC0} => pcalua.exe -a C:\Users\Sophokles\AppData\Roaming\omiga-plus\UninstallManager.exe -c  -ptid=tugs <==== ATTENTION
Task: {0AD06B14-0DA8-4C9C-84C9-33A8376665BE} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {0DC70879-9A0A-431D-8E46-C8FB7D7324BD} - System32\Tasks\{F1D2DB9D-2E9C-4C3C-81DC-037C974D575F} => pcalua.exe -a E:\Win7\Lenovo-B570(1068)-Treiber\IN1PCH32WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {17BB234E-1FC5-4029-AA02-9768526619B3} - System32\Tasks\{A7329049-A4A6-4784-A0CC-7FDC5A6DD1A8} => pcalua.exe -a E:\Win7\Lenovo-B570(1068)-Treiber\IN1WLN113WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {2E1A84FC-64A3-4710-A43D-EBD8A7FAC83D} - System32\Tasks\{165C64A7-0882-48A2-931B-3FAB530E5096} => pcalua.exe -a C:\Users\Sophokles\Downloads\wmp11-windowsxp-x86-DE-DE.exe -d C:\Users\Sophokles\Downloads
Task: {2FDC2965-CE6D-4D8C-B70F-4AD3CB3126AB} - System32\Tasks\{7B58BE47-E866-4787-BA41-5AAD7B96B5A4} => pcalua.exe -a "C:\Drivers\Broadcom Bluetooth Driver\Win32\instmsiw.exe" -d "C:\Drivers\Broadcom Bluetooth Driver\Win32"
Task: {43F324C4-4FB3-492C-923F-0750D34E8EA7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CBE22AB-81C4-472E-99E7-6F5E9275829E} - System32\Tasks\{13D72250-A214-4368-B58E-811C74A8D71D} => pcalua.exe -a E:\Win7\Lenovo-B570(1068)-Treiber\IN1CAM44WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {AF2A3A49-1B8C-4FD3-A7F3-920B780C9732} - System32\Tasks\{2E136FB4-049F-4914-A366-CDF43BB2EA2A} => pcalua.exe -a E:\Win7\Lenovo-B570(1068)-Treiber\IN1WLN85WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {B4161777-2B30-4DA7-A47D-5A8CBE800B93} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2015-03-07] (Oracle Corporation)
Task: {CB17EC52-0BB0-43CC-A777-34083D598289} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-11-21] (Piriform Ltd)
Task: {DE3100B3-8E87-4183-ADEC-3F8D241CB6C9} - System32\Tasks\{8D2DB329-90A3-434B-A72D-8657CAB1530B} => pcalua.exe -a E:\Win7\Lenovo-B570(1068)-Treiber\IN3BTH49WW5.exe -d E:\Win7\Lenovo-B570(1068)-Treiber
Task: {F0C7303F-D12C-4F7E-9F4A-CAAF07851923} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {F799CD3F-8A5B-47A9-8D6B-C39275BFF875} - System32\Tasks\{D487B9B6-BE51-42D5-ACFF-C98A6CE27803} => pcalua.exe -a "C:\Drivers\Broadcom Bluetooth Driver\Win32\instmsia.exe" -d "C:\Drivers\Broadcom Bluetooth Driver\Win32"
Task: {F93F1FD5-A71F-4834-8E9B-5C61D9EE9C55} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-24] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2003-07-11 01:09 - 2003-07-11 01:09 - 00048192 _____ () C:\Program Files\Common Files\Microsoft Shared\Web Folders\1031\nsextint.dll
2014-11-19 16:36 - 2014-11-19 16:36 - 00063376 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2014-02-12 20:58 - 2014-02-12 20:58 - 00073544 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2009-12-12 16:40 - 2009-12-12 16:40 - 00020480 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\jetvm\jvm.dll
2009-12-12 16:40 - 2009-12-12 16:40 - 00069632 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\java.dll
2010-03-10 18:21 - 2010-03-10 18:21 - 00126976 _____ () C:\Program Files\Q-Pilot Client\Common\Java\bin\zip.dll
2009-12-12 16:35 - 2009-12-12 16:35 - 00155648 _____ () C:\Program Files\Q-Pilot Client\Common\Java\jetrt\baseline700.dll
2011-03-25 16:28 - 2011-03-25 16:28 - 00094208 _____ () C:\Windows\System32\IccLibDll.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00750080 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-03-16 11:07 - 2015-03-16 11:07 - 00043008 _____ () c:\Users\Sophokles\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp__3qbx.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00047616 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\libEGL.dll
2015-03-04 23:08 - 2015-03-04 23:08 - 00865280 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2015-03-04 23:07 - 2015-03-04 23:07 - 00200704 _____ () C:\Users\Sophokles\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-22 01:03 - 2014-11-22 01:03 - 00053248 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2014-12-11 21:35 - 2015-02-23 18:23 - 00715000 _____ () C:\Program Files\Connectify\log4cplus.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 03348080 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2015-02-25 20:41 - 2015-02-25 20:41 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-04-14 12:33 - 2014-01-28 06:47 - 00430080 _____ () C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox\components\FirefoxPickerCommunication.dll
2015-03-16 13:13 - 2015-03-16 13:13 - 00019368 _____ () C:\Program Files\Java\jre1.8.0_40\bin\jp2native.dll
2015-02-05 07:28 - 2015-02-24 22:11 - 16852144 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_305.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SAVService => ""="service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3804236533-1989176325-2614330732-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sophokles\AppData\Roaming\Mozilla\Firefox\Desktop-Hintergrund.bmp
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-3804236533-1989176325-2614330732-500 - Administrator - Disabled)
Gast (S-1-5-21-3804236533-1989176325-2614330732-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3804236533-1989176325-2614330732-1007 - Limited - Enabled)
Sophokles (S-1-5-21-3804236533-1989176325-2614330732-1000 - Administrator - Enabled) => C:\Users\Sophokles
SophosSAUSOPHOKLES-0 (S-1-5-21-3804236533-1989176325-2614330732-1001 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: EgisTec_ES603
Description: EgisTec_ES603
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: SM-Bus-Controller
Description: SM-Bus-Controller
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: USB2.0-CRW
Description: USB2.0-CRW
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 06:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3177335

Error: (03/16/2015 06:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3177335

Error: (03/16/2015 06:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 06:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3176337

Error: (03/16/2015 06:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3176337

Error: (03/16/2015 06:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 06:17:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3175338

Error: (03/16/2015 06:17:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3175338

Error: (03/16/2015 06:17:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 06:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3174340


System errors:
=============
Error: (03/16/2015 11:05:26 AM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: Dieser Computer ist als Mitglied einer Arbeitsgruppe konfiguriert, nicht als
Mitglied einer Domäne. Der Anmeldedienst braucht bei dieser
Konfiguration nicht gestartet zu sein.

Error: (03/16/2015 02:37:18 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (03/16/2015 02:34:41 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (03/16/2015 02:34:31 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/16/2015 02:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/16/2015 02:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/16/2015 02:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/16/2015 02:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/16/2015 02:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068

Error: (03/16/2015 02:33:56 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (03/16/2015 06:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3177335

Error: (03/16/2015 06:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3177335

Error: (03/16/2015 06:17:53 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 06:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3176337

Error: (03/16/2015 06:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3176337

Error: (03/16/2015 06:17:52 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 06:17:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3175338

Error: (03/16/2015 06:17:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3175338

Error: (03/16/2015 06:17:51 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/16/2015 06:17:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3174340


==================== Memory info =========================== 

Processor: Intel(R) Pentium(R) CPU B960 @ 2.20GHz
Percentage of memory in use: 66%
Total physical RAM: 2988.14 MB
Available physical RAM: 1010.34 MB
Total Pagefile: 6274.57 MB
Available Pagefile: 3946.03 MB
Total Virtual: 2047.88 MB
Available Virtual: 1910.13 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:296.91 GB) (Free:205.18 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0BFE5315)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=296.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=1.1 GB) - (Type=12)

==================== End Of Log ============================
         

Alt 17.03.2015, 07:32   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Standard

Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren



FRST.txt bitte, keine Addition.txt
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren
angehängt, anleitungen, dankbar, deinstalliere, deinstallieren, erschein, erscheine, erscheinen, erscheint, fenster, gelöscht, gen, inter, interne, internet, jegliche, laptop, nachricht, nicht mehr, selbige, snap.do, taucht, torjaner, troja, zunächst



Ähnliche Themen: Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren


  1. Kann Snap.do & Snap.do engine gar nicht deinstallieren?
    Plagegeister aller Art und deren Bekämpfung - 12.09.2015 (3)
  2. Snap.do lässt sich nicht deinstallieren - taucht immer wieder in allen Browsern auf - Win 8.1 x64
    Log-Analyse und Auswertung - 23.10.2014 (15)
  3. Snap.Do Engine lässt sich unter Systemsteuerung nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 03.09.2014 (9)
  4. Laptop ruckelt nur noch, Iminent lässt sich nicht löschen und Radio schaltet sich alleine an und aus und lässt sich ebenfalls nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 27.06.2014 (3)
  5. Firefox lässt sich nicht öffnen, stattdessen machen sich andere Browser wie Snap do auf.
    Log-Analyse und Auswertung - 08.03.2014 (8)
  6. Snap.do lässt sich nicht aus Systemsteuerung entfernen
    Log-Analyse und Auswertung - 10.02.2014 (9)
  7. Snap.do lässt sich nicht entfernen
    Log-Analyse und Auswertung - 01.02.2014 (3)
  8. Snap.Do Engine läßt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (19)
  9. Windows 8 u. IE: snap.do engine lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 27.10.2013 (13)
  10. snap.do lässt sich GAR NICHT deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 24.10.2013 (13)
  11. snap.do engine lässt sich nicht aus der Programmliste entfernen
    Log-Analyse und Auswertung - 20.10.2013 (19)
  12. Snap.do Engine lässt sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 16.10.2013 (23)
  13. Quick Share und Snap.do lassen sich nicht deinstallieren
    Plagegeister aller Art und deren Bekämpfung - 20.09.2013 (13)
  14. Windows 7: Snap.do lässt sich nicht entfernen
    Log-Analyse und Auswertung - 27.08.2013 (13)
  15. Snap.Do lässt sich nicht aus Systemsteuerung deinstallieren...
    Plagegeister aller Art und deren Bekämpfung - 23.08.2013 (36)
  16. Windows 7: Snap.do lässt sich nicht aus der Systemsteuerung entfernen.
    Log-Analyse und Auswertung - 16.08.2013 (4)
  17. Schadprogramm: System Care Antivirus - Win 7 - Laptop fährt hoch, es lässt sich jedoch nichs öffnen
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (19)

Zum Thema Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren - Liebes Trojaner-Board Team, seit geraumer Zeit taucht snap.do in meinen Systemprogrammen auf und lässt sich nicht deinstallieren. Ich habe diesen Torjaner schon einmal gelöscht (mit Anleitungen aus dem Internet), als - Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren...
Archiv
Du betrachtest: Snap.do auf Laptop: erscheint in Systemprogramme, lässt sich jedoch nicht deinstallieren auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.