| |
| |||||||
Log-Analyse und Auswertung: WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsamWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
31.05.2015, 12:27
| #16 |
| /// TB-Ausbilder   |  WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Servus, ok, dann bitte jetzt weiter mit den anderen Schritten. Du musst nicht nach jedem Schritt warten, bis das "ok" von mir kommt... außer es gäbe Probleme.  Geändert von M-K-D-B (31.05.2015 um 12:37 Uhr) |
|
31.05.2015, 13:40
| #17 |
 | WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Hallo,
__________________hier die restlichen Logfiles. Kurze Frage: Ist das ok, dass auf Filepony immer ein Popup aufgeht mit "Enfernen von Malware" oder "Computerabstürze fixen" von reimageplus.com. Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 31.05.2015 Suchlauf-Zeit: 13:26:24 Logdatei: mbam.txt Administrator: Ja Version: 2.01.6.1022 Malware Datenbank: v2015.05.30.06 Rootkit Datenbank: v2015.05.24.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Administrator Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 409834 Verstrichene Zeit: 34 Min, 8 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (Keine schädliche Elemente gefunden) Module: 0 (Keine schädliche Elemente gefunden) Registrierungsschlüssel: 13 PUP.Optional.AdTech.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [3a944c4de4a690a6bc9d6af29c679e62], PUP.Optional.AdTech.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{934B156A-3D17-3981-B78A-5C138F423AD6}, In Quarantäne, [3a944c4de4a690a6bc9d6af29c679e62], PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, In Quarantäne, [9d3199003456d462e3d32578bf44a060], PUP.Optional.Incredibar.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\dlnembnfbcpjnepmfjmngjenhhajpdfd, In Quarantäne, [6668e6b3eaa0de587d1bd7495aaac040], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [309ea4f5c1c9ce6873e1a8d6ee171ae6], PUP.Optional.MultiPlug.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{1146AC44-2F03-4431-B4FD-889BC837521F}{cae99edb}, In Quarantäne, [ce00aaef6822f93deeb705775ca941bf], PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE, In Quarantäne, [ab23eeab078345f155ffdba349bc8977], PUP.Optional.PlusHD.A, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\Plus-HD-5.5, In Quarantäne, [8c42afea66245ed85f0b0025c34151af], PUP.Optional.Shopperz.A, HKU\S-1-5-19\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [517dbfdabbcf57dfa8fab237857ee917], PUP.Optional.Shopperz.A, HKU\S-1-5-20\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, In Quarantäne, [725ce8b1dfaba195aff32bbe000327d9], PUP.Optional.SearchProtect.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, In Quarantäne, [2f9fb3e61d6d73c30e9252269a6bf30d], PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\OPTIMIZER PRO, In Quarantäne, [57771f7ac1c916201fbeb8c5a85dc43c], PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\SUPER OPTIMIZER, In Quarantäne, [ab2356435c2e290d6b69a6d56c992dd3], Registrierungswerte: 7 PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz, C:\Program Files\shopperz\wrex.exe, In Quarantäne, [bc1242574a409b9bc727bb3941c27f81] PUP.Optional.Shopperz.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|shopperz64, C:\Program Files\shopperz\wrex64.exe, In Quarantäne, [05c9f9a07e0c23139d52e50fe91a7a86] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [309ea4f5c1c9ce6873e1a8d6ee171ae6] PUP.Optional.SonicSearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}|URL, hxxp://feed.sonic-search.com/?p=mKO_AwFzXIpYRak5VLd2-qOELyVxZYVzEWTOSLvRC5kQFMUFB7HWxsC9qmgaEbtsWspeiXQk_8_R5znT6R1fDwhz3ZT22Ce-MfY_wYPvYB4AnBCxL1g_GQSduAYPn-8I3RnEZZS00xXKu2ObU3QI19LskZNnUYycjKHjOqjFsJR-kRbYXjgg&q={searchTerms}, In Quarantäne, [a7279405e9a11521ecfeda9c83825ea2] PUM.Security.Hijack.DisableChromeUpdates, HKLM\SOFTWARE\WOW6432NODE\POLICIES\GOOGLE\UPDATE|DisableAutoUpdateChecksCheckboxValue, 1, In Quarantäne, [ab23eeab078345f155ffdba349bc8977] PUP.Optional.OptimizerPro.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\OPTIMIZER PRO|AdsBuyNowURL, hxxp://www.safeshopgate.com/r?s=121000700&g=42457F94-7277-4D23-AF91-6A92F4C914B9, In Quarantäne, [57771f7ac1c916201fbeb8c5a85dc43c] PUP.Optional.SuperOptimizer.A, HKU\S-1-5-21-533800774-2781401254-862098746-1001\SOFTWARE\SUPER OPTIMIZER|AdsBuyNowURL, hxxp://supc6.superpctools.revenuewire.net/spu/register?221001702_6D64DB99-379B-496B-A4BC-51CD328B2B79, In Quarantäne, [ab2356435c2e290d6b69a6d56c992dd3] Registrierungsdaten: 0 (Keine schädliche Elemente gefunden) Ordner: 7 PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar, In Quarantäne, [01cd4752e5a51b1bf8bea440b15202fe], PUP.Optional.OptimizerPro.A, C:\Users\Va\Documents\Optimizer Pro, In Quarantäne, [9e30b3e61278f93d00dbe697ad58d729], PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro\Backup, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro\Log, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], PUP.Optional.OptimizerPro.A, C:\Users\Va\AppData\Roaming\Optimizer Pro\Undo, In Quarantäne, [a02ea6f3107a0b2b782a7f62887b6898], Dateien: 9 PUP.Optional.Multiplug.A, C:\Program Files (x86)\TrimModule\TrimModule.dll, In Quarantäne, [98369603addd82b4a4e10d410ff3659b], PUP.Optional.InstallCore.SID.C, C:\Users\Va\Downloads\Setup.exe, In Quarantäne, [46884c4dbad05fd7a606a7c41ceaae52], PUP.Optional.VeriStaff, C:\Windows\Installer\8be53.msi, In Quarantäne, [d1fda7f2098148ee3c22312e5da39070], PUP.Optional.SnapDo.A, C:\Windows\Installer\8be45.msi, In Quarantäne, [ffcfd6c33d4d6ec8f0d8aa0e758c40c0], PUP.Optional.WebBar.A, C:\Windows\System32\config\systemprofile\AppData\Local\WebBar\wb.log, In Quarantäne, [01cd4752e5a51b1bf8bea440b15202fe], PUP.Optional.OptimizerPro.A, C:\Users\Va\Documents\Optimizer Pro\CookiesException.txt, In Quarantäne, [9e30b3e61278f93d00dbe697ad58d729], PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Nach Updates suchen.lnk, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro entfernen.lnk, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], PUP.Optional.OptimizerPro.A, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Pro v3.2\Optimizer Pro.lnk, In Quarantäne, [01cdddbc7b0fad890a8832af5ea57090], Physische Sektoren: 0 (Keine schädliche Elemente gefunden) (end) Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.8.5 (05.30.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on 31.05.2015 at 14:17:40,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\DriverMgr
Successfully deleted: [Task] C:\Windows\system32\tasks\Winsta Update
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\searchURL\\Default
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440444904460}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\wbsvc
~~~ Files
Successfully deleted: [File] C:\Program Files (x86)\mozilla firefox\firefox.cfg
Successfully deleted: [File] C:\Windows\syswow64\sho50D4.tmp
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 31.05.2015 at 14:22:16,36
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Shortcut Cleaner 1.3.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2015 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 05/31/2015 02:23:18 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Administrator\Desktop\
Searching C:\Users\Public\Desktop\
0 bad shortcuts found.
Program finished at: 05/31/2015 02:23:20 PM
Execution time: 0 hours(s), 0 minute(s), and 1 seconds(s)
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 29-05-2015
Ran by Administrator (administrator) on VANESSA on 31-05-2015 14:25:09
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2226280 2011-07-11] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500208 2010-03-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2255360 2011-06-10] (ASUS)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [402432 2010-07-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [728312 2015-04-16] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: [AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll [2010-09-02] (eCareme Technologies, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-533800774-2781401254-862098746-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-01-17] (Skype Technologies S.A.)
Tcpip\Parameters: [DhcpNameServer] 192.168.11.1
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\dq67a9fw.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.9.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2012-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.9.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Users\Va\VLC\npvlc.dll [2012-03-17] (VideoLAN)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll [2010-01-23] (Zeon Corporation)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2015-05-15]
StartMenuInternet: FIREFOX.EXE - C:\Users\Administrator\Desktop\Firefox\firefox.exe
Chrome:
=======
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.) [File not signed]
S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [827640 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1185584 2015-04-16] (Avira Operations GmbH & Co. KG)
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S2 JetDrive WindowsClosingService; C:\Windows\System32\WindowsClosingService [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [152744 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-04-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-04-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-04-16] (Avira Operations GmbH & Co. KG)
S3 jetdrive; C:\Windows\System32\DRIVERS\jddrv.sys [37248 2012-05-22] (Abelssoft GmbH)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Va\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-31 14:25 - 2015-05-31 14:25 - 00010964 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-05-31 14:23 - 2015-05-31 14:23 - 00001922 _____ () C:\Users\Administrator\Desktop\sc-cleaner.txt
2015-05-31 14:22 - 2015-05-31 14:22 - 00001733 _____ () C:\Users\Administrator\Desktop\JRT.txt
2015-05-31 14:17 - 2015-05-31 14:17 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-VANESSA-Windows-7-Home-Premium-(64-bit).dat
2015-05-31 14:17 - 2015-05-31 14:17 - 00000000 ____D () C:\RegBackup
2015-05-31 14:14 - 2015-05-31 14:16 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Desktop\sc-cleaner.exe
2015-05-31 14:11 - 2015-05-31 14:11 - 02947635 _____ (Thisisu) C:\Users\Administrator\Desktop\JRT.exe
2015-05-31 12:25 - 2015-05-31 14:24 - 00000000 ____D () C:\Users\Administrator\Desktop\Logfiles_2015-05-31
2015-05-31 12:24 - 2015-05-31 12:24 - 02222592 _____ () C:\Users\Administrator\Desktop\AdwCleaner_4.205.exe
2015-05-31 00:15 - 2015-05-31 00:15 - 00028665 _____ () C:\ComboFix.txt
2015-05-30 23:56 - 2015-05-31 00:15 - 00000000 ____D () C:\Qoobox
2015-05-30 23:56 - 2015-05-31 00:12 - 00000000 ____D () C:\Windows\erdnt
2015-05-30 23:56 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-30 23:56 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-30 23:56 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-30 23:56 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-30 23:48 - 2015-05-30 23:48 - 05628678 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2015-05-30 12:05 - 2015-05-30 12:05 - 00001114 _____ () C:\Users\Administrator\Desktop\mbar.exe.lnk
2015-05-30 00:21 - 2015-05-30 00:21 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Macromedia
2015-05-30 00:12 - 2015-05-30 00:12 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Avira
2015-05-30 00:12 - 2015-05-30 00:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-05-30 00:10 - 2015-05-30 00:10 - 00000000 ____D () C:\ProgramData\Avira
2015-05-30 00:10 - 2015-05-30 00:10 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-05-30 00:10 - 2015-04-16 15:23 - 00152744 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-05-30 00:10 - 2015-04-16 15:23 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-05-30 00:10 - 2015-04-16 15:23 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-05-30 00:10 - 2015-04-16 15:23 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-05-30 00:03 - 2015-05-30 12:02 - 00000000 ____D () C:\Users\Administrator\Desktop\avira
2015-05-30 00:02 - 2015-05-30 00:02 - 02108928 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-05-29 23:47 - 2015-05-29 23:47 - 00000000 ____D () C:\Users\Administrator\Desktop\bitdefender_free
2015-05-29 22:09 - 2015-05-29 23:39 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-05-29 22:04 - 2015-05-29 22:57 - 00000000 ____D () C:\Users\Administrator\Desktop\mbar
2015-05-29 22:04 - 2015-05-29 22:04 - 00000000 ____D () C:\Users\Administrator\Desktop\Firefox
2015-05-29 22:00 - 2015-05-29 22:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Mozilla
2015-05-29 22:00 - 2015-05-29 22:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Mozilla
2015-05-28 22:25 - 2015-05-28 22:25 - 00000000 ____D () C:\Users\Va\AppData\Local\{D84737A7-566F-467F-AF2D-8B712DAC0561}
2015-05-28 21:25 - 2015-05-28 21:25 - 576024606 _____ () C:\Windows\MEMORY.DMP
2015-05-28 21:25 - 2015-05-28 21:25 - 00455656 _____ () C:\Windows\Minidump\052815-46254-01.dmp
2015-05-28 21:25 - 2015-05-28 21:25 - 00000000 ____D () C:\Windows\Minidump
2015-05-28 20:34 - 2015-05-31 14:25 - 00000000 ____D () C:\FRST
2015-05-28 20:31 - 2015-05-28 20:31 - 00000000 _____ () C:\Users\Administrator\defogger_reenable
2015-05-28 20:17 - 2015-05-28 20:17 - 00000000 ____D () C:\Users\Va\AppData\Local\{44EFFC24-9A11-456C-9B68-99F4DE8F578A}
2015-05-28 17:52 - 2015-05-28 17:52 - 00000000 ____D () C:\Users\Va\AppData\Local\{F4AD3D71-E05D-462F-82A8-8175F86F3613}
2015-05-27 21:55 - 2015-05-27 21:55 - 00000000 ____D () C:\Users\Va\AppData\Local\{226B8C84-8E97-4400-8B07-CA88C3F60E3F}
2015-05-20 21:16 - 2015-05-20 21:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{1432F450-032F-4DCA-A989-3212D395CE53}
2015-05-20 20:34 - 2015-05-20 20:34 - 00000000 ____D () C:\Users\Va\AppData\Local\{05E28185-CE2F-4D67-A3B9-969D18B71351}
2015-05-20 20:21 - 2015-05-20 20:21 - 00000000 ____D () C:\Users\Va\AppData\Local\{0B366F7F-19FB-4669-9467-4C433FEC4700}
2015-05-20 00:23 - 2015-05-31 14:05 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-20 00:23 - 2015-05-29 22:58 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-05-20 00:23 - 2015-05-20 00:23 - 00001100 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-05-20 00:23 - 2015-05-20 00:23 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2015-05-20 00:23 - 2015-04-14 09:37 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-05-20 00:23 - 2015-04-14 09:37 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-05-20 00:11 - 2015-05-20 00:11 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-05-19 23:32 - 2015-05-27 22:32 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-19 23:19 - 2015-05-31 12:30 - 00000000 ____D () C:\AdwCleaner
2015-05-19 17:08 - 2015-05-20 00:21 - 00058584 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00059088 _____ () C:\Windows\system32\GDIPFONTCACHEV1.DAT
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\Documents\FILSHtray
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\FILSH_Media_GmbH
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-19 17:08 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-19 17:07 - 2015-05-28 20:31 - 00000000 ____D () C:\Users\Administrator
2015-05-19 17:07 - 2015-05-19 17:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-05-19 17:07 - 2015-05-19 17:07 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Vorlagen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Startmenü
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Netzwerkumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Lokale Einstellungen
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Eigene Dateien
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Druckumgebung
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Musik
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Documents\Eigene Bilder
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Verlauf
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\AppData\Local\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 _SHDL () C:\Users\Administrator\Anwendungsdaten
2015-05-19 17:07 - 2015-05-19 17:07 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Power2Go
2015-05-19 17:07 - 2012-10-14 18:06 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-05-19 17:07 - 2012-10-11 09:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-05-19 17:07 - 2011-08-11 18:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-05-19 17:07 - 2009-07-14 06:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-19 17:07 - 2009-07-14 06:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-19 15:13 - 2015-05-19 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{2D494D01-B861-49E4-B3D9-355F35CB2E4E}
2015-05-16 22:25 - 2015-05-27 21:51 - 00000272 _____ () C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job
2015-05-16 22:21 - 2015-05-20 20:20 - 00058584 _____ () C:\Users\Va\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-16 22:20 - 2015-05-31 14:03 - 00002838 _____ () C:\Windows\setupact.log
2015-05-16 22:20 - 2015-05-16 22:20 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-16 22:19 - 2015-05-31 14:02 - 00211622 _____ () C:\Windows\PFRO.log
2015-05-16 22:19 - 2015-05-20 00:18 - 04822584 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-16 22:18 - 2015-05-16 22:18 - 00088172 _____ () C:\Users\Va\Documents\cc_20150516_221800.reg
2015-05-16 21:44 - 2015-05-16 21:44 - 00001142 _____ () C:\Users\Va\Desktop\ASUS Produktregistrierung.lnk
2015-05-16 21:26 - 2015-05-16 21:26 - 00000000 _____ () C:\Users\Va\AppData\Local\Temp.dat
2015-05-16 11:04 - 2015-05-16 11:05 - 00000000 ____D () C:\Users\Va\AppData\Local\{F001455B-59BE-4115-AE64-C165EFB84113}
2015-05-15 22:36 - 2015-05-31 14:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-15 17:24 - 2015-05-15 17:24 - 00000000 ____D () C:\Users\Va\AppData\Local\{7A20DB37-FBC4-4BCF-A0D4-EE44E831AD1F}
2015-05-15 00:33 - 2015-05-01 15:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-15 00:33 - 2015-05-01 15:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 18:18 - 2015-04-22 04:28 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-14 18:18 - 2015-04-22 03:48 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-14 18:18 - 2015-04-21 19:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-14 18:18 - 2015-04-21 18:51 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:50 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-14 18:18 - 2015-04-21 18:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 18:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-14 18:18 - 2015-04-21 18:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 18:31 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-14 18:18 - 2015-04-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-14 18:18 - 2015-04-21 18:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-14 18:18 - 2015-04-21 18:24 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-14 18:18 - 2015-04-21 18:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 18:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-14 18:18 - 2015-04-21 18:11 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-14 18:18 - 2015-04-21 18:10 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-14 18:18 - 2015-04-21 18:09 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-14 18:18 - 2015-04-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 18:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-14 18:18 - 2015-04-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 18:04 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-14 18:18 - 2015-04-21 18:03 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-14 18:18 - 2015-04-21 18:02 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-14 18:18 - 2015-04-21 18:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-14 18:18 - 2015-04-21 17:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-14 18:18 - 2015-04-21 17:57 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:49 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-14 18:18 - 2015-04-21 17:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-14 18:18 - 2015-04-21 17:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-14 18:18 - 2015-04-21 17:40 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:39 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-14 18:18 - 2015-04-21 17:38 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-14 18:18 - 2015-04-21 17:36 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-14 18:18 - 2015-04-21 17:31 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-14 18:18 - 2015-04-21 17:26 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-14 18:18 - 2015-04-21 17:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-14 18:18 - 2015-04-21 17:24 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-14 18:18 - 2015-04-21 17:17 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-14 18:18 - 2015-04-21 17:15 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-14 18:18 - 2015-04-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-14 18:18 - 2015-04-21 17:02 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-14 18:18 - 2015-04-21 16:58 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-14 18:18 - 2015-04-21 16:56 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-14 18:17 - 2015-04-21 19:14 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-14 18:17 - 2015-04-21 18:50 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-14 18:17 - 2015-04-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-14 18:17 - 2015-04-21 18:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-14 18:17 - 2015-04-21 17:27 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-14 16:49 - 2015-05-05 03:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 16:49 - 2015-05-05 03:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 16:49 - 2015-04-18 05:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 16:49 - 2015-04-18 04:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 16:49 - 2015-04-13 05:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 16:46 - 2015-04-27 21:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 16:46 - 2015-04-27 21:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 16:46 - 2015-04-27 21:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 16:46 - 2015-04-27 21:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 21:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 16:46 - 2015-04-27 21:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 16:46 - 2015-04-27 21:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 16:46 - 2015-04-27 21:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 16:46 - 2015-04-27 21:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 16:46 - 2015-04-27 21:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 16:46 - 2015-04-27 21:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 16:46 - 2015-04-27 21:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 16:46 - 2015-04-27 21:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 20:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 16:46 - 2015-04-27 19:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 16:46 - 2015-04-27 19:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 16:46 - 2015-04-27 19:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 16:46 - 2015-04-27 19:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 16:44 - 2015-04-20 05:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 16:44 - 2015-04-20 04:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 16:44 - 2015-04-20 04:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 16:44 - 2015-04-08 05:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 16:44 - 2015-04-08 05:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-14 16:44 - 2015-04-08 05:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-14 16:43 - 2015-03-04 06:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-14 16:43 - 2015-03-04 06:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-14 16:43 - 2015-03-04 06:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-14 16:43 - 2015-02-18 09:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 16:43 - 2015-02-18 09:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-14 16:43 - 2015-01-29 05:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-14 16:43 - 2015-01-29 05:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-14 15:14 - 2015-05-31 14:01 - 00000000 ____D () C:\Program Files (x86)\TrimModule
2015-05-14 15:13 - 2015-05-14 15:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{799E0E24-8409-4364-BAA9-CC81AB87C1DC}
2015-05-03 14:16 - 2015-05-03 14:16 - 00000000 ____D () C:\Users\Va\AppData\Local\{AB8A634F-5BD1-4B6B-BC2B-6BEB6328F204}
2015-05-03 12:13 - 2015-05-03 12:13 - 00000000 ____D () C:\Users\Va\AppData\Local\{CC9CB319-0D4D-4A95-8B0E-474F65A4F04D}
2015-05-03 12:12 - 2015-05-03 12:14 - 00000000 ____D () C:\Users\Va\Documents\Fax
2015-05-02 10:55 - 2015-05-02 10:55 - 00684184 _____ (Opera Software) C:\Users\Va\Downloads\Opera_NI_stable.exe
2015-05-02 09:58 - 2015-05-02 09:59 - 00000000 ____D () C:\Users\Va\AppData\Local\{D135E88E-4572-4C5E-A949-EB6173D0C63E}
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-05-31 14:11 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-31 14:11 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-31 14:08 - 2011-08-11 17:44 - 01122214 _____ () C:\Windows\WindowsUpdate.log
2015-05-31 14:05 - 2011-12-24 22:46 - 00001126 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job
2015-05-31 14:03 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-31 14:02 - 2012-04-24 22:53 - 00000000 ____D () C:\Windows\en
2015-05-31 13:59 - 2012-04-11 22:35 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-31 12:13 - 2011-02-19 06:24 - 00711530 _____ () C:\Windows\system32\perfh007.dat
2015-05-31 12:13 - 2011-02-19 06:24 - 00153720 _____ () C:\Windows\system32\perfc007.dat
2015-05-31 12:13 - 2009-07-14 07:13 - 01652988 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-31 11:51 - 2013-08-23 15:26 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-31 11:28 - 2015-04-04 20:58 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-31 11:28 - 2015-04-04 20:58 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-31 00:15 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-05-31 00:11 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-30 10:59 - 2011-08-11 18:12 - 00002640 _____ () C:\Windows\system32\AutoRunFilter.ini
2015-05-30 10:58 - 2011-08-11 18:12 - 00002128 _____ () C:\Windows\system32\ServiceFilter.ini
2015-05-30 10:57 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-30 00:08 - 2014-07-13 17:46 - 00001912 _____ () C:\Windows\epplauncher.mif
2015-05-29 21:48 - 2011-12-24 22:46 - 00001104 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job
2015-05-28 22:25 - 2011-12-24 23:50 - 00000000 ____D () C:\Users\Va\Tracing
2015-05-28 15:06 - 2014-12-03 20:03 - 00001312 _____ () C:\Users\Va\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome.lnk
2015-05-20 21:13 - 2015-04-21 17:35 - 00000000 ____D () C:\Users\Va\AppData\Roaming\jellylam
2015-05-20 21:13 - 2015-04-14 23:10 - 00000000 ____D () C:\Users\Va\AppData\Roaming\Winsta
2015-05-20 21:01 - 2011-04-13 04:47 - 00000000 ____D () C:\Program Files (x86)\ASUS
2015-05-20 21:00 - 2011-04-13 04:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-05-20 20:58 - 2011-08-11 18:14 - 00000000 ____D () C:\Windows\SysWOW64\ASUS_Screensaver dir
2015-05-20 20:57 - 2014-07-14 01:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JetDrive
2015-05-20 01:34 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2015-05-20 00:20 - 2009-07-29 08:03 - 00000000 ____D () C:\Windows\Panther
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files\Windows Sidebar
2015-05-20 00:16 - 2009-07-14 07:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-05-20 00:10 - 2009-07-14 06:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-19 23:41 - 2012-11-06 23:31 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-19 23:28 - 2011-12-24 07:02 - 00000000 ____D () C:\ASUS.DAT
2015-05-19 23:24 - 2011-12-24 07:01 - 00000000 ____D () C:\Users\Va
2015-05-19 18:06 - 2011-12-29 15:30 - 00000000 ____D () C:\Program Files (x86)\FILSHtray
2015-05-16 22:16 - 2015-04-14 23:13 - 00003836 _____ () C:\Windows\System32\Tasks\Opera scheduled Autoupdate 1429045976
2015-05-16 21:38 - 2009-07-14 07:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-05-15 17:14 - 2009-07-14 09:45 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-15 17:14 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-15 17:08 - 2011-04-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-15 00:47 - 2012-01-17 23:23 - 01680542 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-15 00:47 - 2012-01-17 23:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2015-05-15 00:33 - 2013-03-15 15:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-15 00:30 - 2013-03-15 14:53 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-14 19:42 - 2015-04-29 20:50 - 00003736 _____ () C:\Windows\System32\Tasks\keepup
2015-05-14 19:42 - 2015-04-21 17:35 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2015-05-14 19:41 - 2011-08-11 17:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-03 14:14 - 2013-10-03 19:05 - 00250368 ___SH () C:\Users\Va\Desktop\Thumbs.db
==================== Files in the root of some directories =======
2013-10-24 21:18 - 2013-10-24 21:18 - 50053120 _____ () C:\Program Files (x86)\GUTF19F.tmp
2014-01-10 19:50 - 2014-01-10 19:52 - 0003728 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2011-04-13 04:48 - 2010-07-07 01:10 - 0131472 _____ () C:\ProgramData\FullRemove.exe
2011-08-11 18:18 - 2011-08-11 18:20 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log
2011-08-11 18:17 - 2011-08-11 18:18 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\avgnt.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-05-28 21:55
==================== End of log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-05-31 14:26:44
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-533800774-2781401254-862098746-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-533800774-2781401254-862098746-501 - Limited - Disabled)
Va (S-1-5-21-533800774-2781401254-862098746-1001 - Limited - Enabled) => C:\Users\Va
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Antivirus (Disabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Disabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.7.1.19610 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.0.0.400 - Adobe Systems Incorporated)
Adobe Creative Suite 5 Design Premium (HKLM-x32\...\{02698606-3A21-489D-9D2A-75C9E8D3E5BD}) (Version: 5.0 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Media Player (HKLM-x32\...\com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.8 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{E17025A7-39B6-375E-8F1E-20637D19549C}) (Version: 3.0.838.0 - Advanced Micro Devices, Inc.)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0014 - ASUS)
ASUS FancyStart (HKLM-x32\...\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}) (Version: 1.1.1 - ASUSTeK Computer Inc.)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.21 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Client Installation Program (HKLM-x32\...\{D3694B69-6F8C-42D3-8A0A-EB2AB528C02C}) (Version: 7.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.10.434 - Avira Operations GmbH & Co. KG)
Complément Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Complemento Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.9 - ASUS)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
GeoGebra (HKLM-x32\...\GeoGebra) (Version: 4.0.41.0 - International GeoGebra Institute)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Messenger Companion (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Messenger 分享元件 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - Deutsch (HKLM-x32\...\{90140011-0066-0407-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft PowerPoint Viewer (HKLM-x32\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 38.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 38.0.1 (x86 de)) (Version: 38.0.1 - Mozilla)
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Raccolta foto di Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6403 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30127 - Realtek Semiconductor Corp.)
Search and Replace (HKLM-x32\...\{26453017-2C54-574B-7597-9EA6652686A6}) (Version: - "") <==== ATTENTION
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.9.9216 - Skype Technologies S.A.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.0.1 (HKLM-x32\...\VLC media player) (Version: 2.0.1 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen (HKLM-x32\...\{C32CE55C-12BA-4951-8797-0967FDEF556F}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.0 - ASUS)
Wireless Console 3 (HKLM-x32\...\{8150221C-8F7E-4997-AD4E-AFDEE7F4B410}) (Version: 3.0.21 - ASUS)
Συλλογή φωτογραφιών του Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Компаньон Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Основные компоненты Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Почта Windows Live (x32 Version: 15.4.3502.0922 - Корпорация Майкрософт) Hidden
Фотоальбом Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
גלריית התמונות של Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
מסייע Messenger (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
بريد Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
معرض صور Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Restore Points =========================
28-05-2015 22:02:22 Geplanter Prüfpunkt
29-05-2015 22:08:10 Windows Update
29-05-2015 22:49:47 Malwarebytes Anti-Rootkit Restore Point
31-05-2015 00:26:31 Windows Update
31-05-2015 11:37:28 Windows Update
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-05-31 00:11 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - \DriverMgr No Task File <==== ATTENTION
Task: {1ED7DB9C-9C9E-403A-8E88-D09EC3827B95} - System32\Tasks\Opera scheduled Autoupdate 1429045976 => C:\Program Files (x86)\Opera\launcher.exe
Task: {48E2E45C-642A-4ECD-BC69-EFB69714442D} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {49355D55-C6EC-4FCD-ADCC-124F7F643A4A} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {56F6D449-E585-438C-8A51-E64B9230733C} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - \Winsta Update No Task File <==== ATTENTION
Task: {69B328C2-3D26-455E-A5A8-9CCCB88CA324} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2012-10-14] (Microsoft Corporation)
Task: {727A5C42-AD25-48B6-BBC6-74F4DC93E0D7} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
Task: {A7EB7D78-5961-4558-9A23-752BA3062C97} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {BDD2569C-506C-4570-921A-144F215CF5CC} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2012-02-16] (ASUSTek Computer Inc.)
Task: {C7F92DC1-6EE9-43D7-95AC-812DD896364C} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-04-14] (Adobe Systems Incorporated)
Task: {CD261114-0A77-4821-BF44-202A1628E6D9} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17] (ASUS)
Task: {D4D32529-B039-4D5E-871A-DB6AD6F8AA06} - System32\Tasks\{F1E2C16D-7C1B-447B-89AF-DBE53988F55C} => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
Task: {E8C2F878-1D4C-4360-8446-67CEF041D04C} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
Task: {EAA7F83F-CA92-4C11-B08A-83FC3CA12A9E} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks
Task: {ED8BBEC9-7191-4B92-B1FD-65A54AEBFE91} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {F2BD4C9B-69AC-43FC-A620-B7C58FF2355E} - System32\Tasks\AdobeAAMUpdater-1.0-VANESSA-Va => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06] (Adobe Systems Incorporated)
Task: {F5070213-97F0-4233-AFB2-F44997F5EAA7} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F7A0A87A-1FD8-41EA-9942-FA91F2662CA5} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\ASUS SmartLogon Console Sensor.job => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001Core.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-533800774-2781401254-862098746-1001UA.job => C:\Users\Va\AppData\Local\Facebook\Update\FacebookUpdate.exe
==================== Loaded Modules (Whitelisted) ==============
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA
==================== Safe Mode (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-533800774-2781401254-862098746-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: Media is not connected to internet.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{50D76052-134E-46DB-AF8E-63827F883C0F}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{6D86BBA6-660B-4EA4-9C85-ADBCBF533D55}] => (Allow) LPort=2869
FirewallRules: [{B827E1C7-5A7A-484C-9653-2FE388A8B888}] => (Allow) LPort=1900
FirewallRules: [{25BDD843-A815-48A8-A216-66D065687049}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{8EF01BA1-D1F6-4D73-AADB-AB5E81F83EF1}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}] => (Allow) LPort=5353
FirewallRules: [{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}] => (Allow) LPort=8182
FirewallRules: [{D937DAF1-0E89-4549-8ADF-0103B21110E9}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{90B9A9CB-6E84-40C9-8639-F26816E9C8D9}] => (Allow) C:\Users\Va\AppData\Local\Facebook\Video\Skype\FacebookVideoCalling.exe
FirewallRules: [{1AE4FF3B-5152-4233-AE6C-83F30FCA38F0}] => (Allow) C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe
FirewallRules: [{BDC340A4-2739-48BB-AF06-5222C18E184D}] => (Allow) C:\Users\Administrator\Desktop\firefox.exe
FirewallRules: [{2205AE3F-F62B-48C6-82C0-443A5CE3CAC6}] => (Allow) C:\Users\Administrator\Desktop\Firefox\firefox.exe
FirewallRules: [{39731CCA-C09C-42BD-B934-3D355D028AB6}] => (Allow) C:\Users\Administrator\Desktop\Firefox\firefox.exe
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/31/2015 02:03:35 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/31/2015 00:33:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/31/2015 11:29:21 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/30/2015 10:57:44 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/29/2015 11:48:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: VANESSA)
Description: Product: BitDefender Free Edition v10 -- This BitDefender product is not compatible with your operating system. It can only be installed on Windows 98, ME, 2000, XP or Vista 32b. The installation is aborted.
Error: (05/29/2015 10:56:24 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/29/2015 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000374
Fehleroffset: 0x00000000000bfc22
ID des fehlerhaften Prozesses: 0xcc
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (05/29/2015 10:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: explorer.exe, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ASUSWSShellExt64.dll, Version: 1.1.0.27, Zeitstempel: 0x4c7f631d
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00000000000051da
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xexplorer.exe0
Pfad der fehlerhaften Anwendung: explorer.exe1
Pfad des fehlerhaften Moduls: explorer.exe2
Berichtskennung: explorer.exe3
Error: (05/29/2015 10:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7601.17567, Zeitstempel: 0x4d672ee4
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18839, Zeitstempel: 0x553e8bfa
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000005107c
ID des fehlerhaften Prozesses: 0x%9
Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0
Pfad der fehlerhaften Anwendung: Explorer.EXE1
Pfad des fehlerhaften Moduls: Explorer.EXE2
Berichtskennung: Explorer.EXE3
Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Nur zur Information.
(Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
System errors:
=============
Error: (05/31/2015 02:18:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Modules Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/31/2015 02:18:39 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/31/2015 02:18:37 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Client" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Virtualization Service Agent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Application Hosting service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 02:18:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AMD FUEL Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Druckwarteschlange" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ATKGFNEX Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "ASLDR Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (05/31/2015 02:18:35 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office:
=========================
Error: (05/31/2015 02:03:35 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/31/2015 00:33:11 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/31/2015 11:29:21 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/30/2015 10:57:44 AM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/29/2015 11:48:35 PM) (Source: MsiInstaller) (EventID: 10005) (User: VANESSA)
Description: Product: BitDefender Free Edition v10 -- This BitDefender product is not compatible with your operating system. It can only be installed on Windows 98, ME, 2000, XP or Vista 32b. The installation is aborted.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (05/29/2015 10:56:24 PM) (Source: Service1) (EventID: 0) (User: )
Description: Der Dienst kann nicht gestartet werden. Das Handle ist ungültig
Error: (05/29/2015 10:52:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac000037400000000000bfc22cc01d09a4a729400ffC:\Windows\explorer.exeC:\Windows\SYSTEM32\ntdll.dlla962ac11-0644-11e5-88e8-14dae9a3019b
Error: (05/29/2015 10:52:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: explorer.exe6.1.7601.175674d672ee4ASUSWSShellExt64.dll1.1.0.274c7f631dc000000500000000000051da
Error: (05/29/2015 10:00:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18839553e8bfac0000005000000000005107c
Error: (05/28/2015 10:52:14 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0407-0000-0000000FF1CE}): DownloadLatest Failed:
CodeIntegrity Errors:
===================================
Date: 2015-05-31 00:10:02.183
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-05-31 00:10:02.083
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-01 19:40:42.127
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:40:40.772
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:40:39.098
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:40:36.341
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_6.1.7600.16385_none_34b0fc0c53728e43\fveapibase.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:34:30.914
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:34:28.174
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:34:25.610
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-10-01 19:34:23.200
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Users\Va\Documents\boot\Windows\winsxs\x86_microsoft-windows-s..trics-sensoradapter_31bf3856ad364e35_6.1.7600.16385_none_13881e44d6ccca6b\winbiosensoradapter.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Processor: AMD E-350 Processor
Percentage of memory in use: 27%
Total physical RAM: 3691.71 MB
Available physical RAM: 2692.03 MB
Total Pagefile: 7381.64 MB
Available Pagefile: 6068.93 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:128.18 GB) (Free:57.41 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:144.91 GB) (Free:142.43 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: 0CD9B3F5)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=128.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=144.9 GB) - (Type=OF Extended)
==================== End of log ============================
|
|
01.06.2015, 16:16
| #18 |
| /// TB-Ausbilder | WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Servus,
__________________
|
|
01.06.2015, 17:28
| #19 |
| | heutiger frst Scan Hallo, hier die neuen Daten. Code:
ATTFilter Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-06-01 18:22:11
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
================== Search Registry: "Optimizer Pro;TrimModule;crossrider;mystartsearch;Winsta;Search and Replace;jellylam;shopperz" ===========
===================== Search result for "TrimModule" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_f0e9047b]
"svn"="TrimModule"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}\_f0e9047b]
"Install_Dir"="C:\Program Files (x86)\TrimModule"
===================== Search result for "crossrider" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160}\ProgID]
""="CrossriderApp0049060.BHO.1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}]
""="CrossriderApp0049060.Sandbox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}\VersionIndependentProgID]
""="CrossriderApp0049060.Sandbox"
===================== Search result for "mystartsearch" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY\shell\open\command]
""=""C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Clients\StartMenuInternet\Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY\shell\open\command]
""=""C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe" hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606"
===================== Search result for "Winsta" ==========
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..commandlinetoolsmqq_31bf3856ad364e35_6.1.7600.16385_none_851e6308c5b62529]
"f!qwinsta.exe"="0x7100770069006E007300740061002E00650078006500"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7600.16963_none_a77e2496eea5135b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.17514_none_a99b8db6eba2129b]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.18540_none_a9770602ebbe1ab3]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_6.1.7601.22750_none_a9f5d4c804e3d395]
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..es-commandlinetools_31bf3856ad364e35_6.1.7601.17514_none_42d65ed50fa3c682]
"f!rwinsta.exe"="0x7200770069006E007300740061002E00650078006500"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..linetools.resources_31bf3856ad364e35_6.1.7600.16385_de-de_cc53e808eda33786]
"f!rwinsta.exe.mui"="0x7200770069006E007300740061002E006500780065002E006D0075006900"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_3b05f4d3e2a0703c]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\amd64_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.22750_none_3b603be4fbe23136]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.17514_none_dee759502a42ff06]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"
[HKEY_LOCAL_MACHINE\COMPONENTS\DerivedData\Components\x86_microsoft-windows-t..nalservices-runtime_31bf3856ad364e35_6.1.7601.22750_none_df41a0614384c000]
"f!winsta.dll"="0x770069006E007300740061002E0064006C006C00"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\ComponentDetect\amd64_microsoft-windows-t..dp-winstationdriver_31bf3856ad364e35_0.0.0.0_none_cb6e1978d58a35c6]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD450BA768E04E63CA593238B0811FF4]
"C937315C61F55B73A9FC9929F51F1C3F"="C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SQL\de\SqlWorkflowInstanceStoreLogic.sql"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1DAC66B389FFFC478F646EBC0D681D8]
"6414876250E69FF3395387C6C7F05BEB"="C:\Windows\Microsoft.NET\Framework\v4.0.30319\SQL\en\SqlWorkflowInstanceStoreLogic.sql"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6}]
"Path"="\Winsta Update"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"WinStationsDisabled"="0"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\WinStations\RDP-Tcp]
"fEnableWinStation"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\WinStations\RDP-Tcp]
"fEnableWinStation"="1"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\WinStations\RDP-Tcp]
"fEnableWinStation"="1"
===================== Search result for "Search and Replace" ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}]
"ProductName"="Search and Replace"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}]
"UninstallString"=""C:\Program Files (x86)\Search and Replace\Search and Replace.exe" /s /n /i:"ExecuteCommands;UninstallCommands" """
===================== Search result for "shopperz" ==========
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-18\Software\shopperz]
====== End of Search ======
|
|
01.06.2015, 18:25
| #20 |
| /// TB-Ausbilder | WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Wir entfernen die letzten Reste und kontrollieren nochmal alles. ESET kann länger (> 2 h) dauern. Im Anschluss entfernen wir alle verwendeten Tools und ich gebe dir noch ein paar Tipps mit auf den Weg. Schritt 1 Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
C:\ProgramData\Application Hosting
C:\Program Files (x86)\TrimModule
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - \DriverMgr No Task File <==== ATTENTION
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - \Winsta Update No Task File <==== ATTENTION
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
C:\Users\Va\AppData\Roaming\jellylam
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA
C:\Users\Va\AppData\Roaming\Winsta
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}
RemoveProxy:
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte  SecurityCheck und:
Bitte poste mit deiner nächsten Antwort
|
|
01.06.2015, 21:25
| #21 |
| | Logfiles: FRST-Fix, ESET, SecurityCheck So, geschafft. Hier sind die Files. Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-06-01 19:42:17 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
S2 Application Hosting; C:\ProgramData\Application Hosting\Application Hosting.exe [34304 2015-04-14] () [File not signed]
C:\ProgramData\Application Hosting
C:\Program Files (x86)\TrimModule
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-533800774-2781401254-862098746-500 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
StartMenuInternet: Chrome.6GZLNA5C4J2QMH4JSOMW2BL5CY - C:\Users\Va\AppData\Local\Chrome\Application\chrome.exe hxxp://www.mystartsearch.com/?type=sc&ts=1429045915&from=ima&uid=WDCXWD3200BPVT-80ZEST0_WD-WXA1A41H0606H0606
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
Task: {18C88628-D204-4C08-8843-FC9C4CB67F50} - \DriverMgr No Task File <==== ATTENTION
Task: {5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6} - \Winsta Update No Task File <==== ATTENTION
Task: {9C70175E-20CF-4B61-BCC6-37D01DF88636} - System32\Tasks\keepup => C:\Users\Va\AppData\Roaming\jellylam\rinti.exe
C:\Users\Va\AppData\Roaming\jellylam
AlternateDataStreams: C:\ProgramData\Temp:5D458568
AlternateDataStreams: C:\ProgramData\Temp:981884E7
AlternateDataStreams: C:\ProgramData\Temp:D20FFA63
AlternateDataStreams: C:\Users\Va\Documents\boot:$WIMMOUNTDATA
C:\Users\Va\AppData\Roaming\Winsta
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260}
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6}
RemoveProxy:
EmptyTemp:
end
*****************
Processes closed successfully.
Application Hosting => Service Removed successfully
C:\ProgramData\Application Hosting => Moved successfully.
C:\Program Files (x86)\TrimModule => Moved successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
C:\Windows\SysWOW64\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => key Removed successfully
"HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}" => key Removed successfully
HKCR\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990} => key not found.
"HKCR\PROTOCOLS\Handler\linkscanner" => key Removed successfully
HKCR\CLSID\{F274614C-63F8-47D5-A4D1-FBDDE494F8D1} => key not found.
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{18C88628-D204-4C08-8843-FC9C4CB67F50}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{18C88628-D204-4C08-8843-FC9C4CB67F50}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DriverMgr" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E7710C1-4240-4B66-ADAC-D2C7B8DCEDF6}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Winsta Update" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C70175E-20CF-4B61-BCC6-37D01DF88636}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C70175E-20CF-4B61-BCC6-37D01DF88636}" => key Removed successfully
C:\Windows\System32\Tasks\keepup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\keepup" => key Removed successfully
C:\Users\Va\AppData\Roaming\jellylam => Moved successfully.
C:\ProgramData\Temp => ":5D458568" ADS Removed successfully.
C:\ProgramData\Temp => ":981884E7" ADS Removed successfully.
C:\ProgramData\Temp => ":D20FFA63" ADS Removed successfully.
C:\Users\Va\Documents\boot => ":$WIMMOUNTDATA" ADS Removed successfully.
C:\Users\Va\AppData\Roaming\Winsta => Moved successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110411901160} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260} => could not remove at first attempt (ErrorCode: C0000121), see next line.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220422902260} => key Removed successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{26453017-2C54-574B-7597-9EA6652686A6} => key Removed successfully
========= RemoveProxy: =========
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value Removed successfully
HKU\S-1-5-21-533800774-2781401254-862098746-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value Removed successfully
========= End of RemoveProxy: =========
EmptyTemp: => Removed 188.4 MB temporary data.
The system needed a reboot.
==== End of Fixlog 19:42:33 ====
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=200aad1942bdde4eab5d4bed40ae098b
# engine=24119
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-06-01 08:04:12
# local_time=2015-06-01 10:04:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 27924496 184818902 0 0
# scanned=208834
# found=142
# cleaned=0
# scan_time=6908
sh=984A756CCC52B4FB93431768C789239CC6CD5958 ft=1 fh=c71c001148eb71fa vn="Variante von Win32/Toolbar.Perion.J evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\DGChrome.exe.vir"
sh=775D36458D022E18DD83B8AFF3DC75F20DA0E38D ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\source.crx.vir"
sh=05F172E15709DB6378CA6C23C9EF970A58C6B0E4 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\main.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\Firefox\chrome\content\resources\localscript.js.vir"
sh=8C4EBEFA00C5146974AFA68BE39D3923D8453C20 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\resources\localscript.js.vir"
sh=A737CF026A21828C497230C26F723D3EF2C8FB6E ft=1 fh=3251843335aa1425 vn="Win32/Toolbar.Perion.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\csrcc.exe.vir"
sh=A3FA2A08C0993F0EB1864DDC769C1B07A4FE16F4 ft=1 fh=03a22e3198b025ca vn="Variante von Win32/Toolbar.Perion.Q evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\garrus.dll.vir"
sh=56AC31EBC54597C6E194D9B5ADDF6B29458245F9 ft=1 fh=5f3daecbd404e087 vn="Win32/Toolbar.Perion.L evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\grunt.exe.vir"
sh=66608BCB88F6457E34237167FA6FBC49DD251CED ft=1 fh=d4755eb64e31f0fe vn="Variante von Win32/Toolbar.BitCocktail.C evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi32.dll.vir"
sh=A2778D4B49DA215BBD11D9D8CF67F97DF9455757 ft=1 fh=ec14f6e921ad2e8b vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\kasumi64.dll.vir"
sh=B3B169E220BD591802B05759ADEE1C353E15B112 ft=1 fh=9d6c1fda665ceb54 vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios.dll.vir"
sh=014302BCFCE8E95F675D856ADC42614B6769BD78 ft=1 fh=d796cde0598a222b vn="Variante von Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\krios64.dll.vir"
sh=F5E9CFA83893B70D39165F042DBE6BBDC5BC9DF3 ft=1 fh=cef96969f9ed33f7 vn="Variante von Win64/Toolbar.Perion.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\liara64.dll.vir"
sh=F640C06B85B961C0E251E1302D2913EDD8B44292 ft=1 fh=f978b8eb4c0264ff vn="Variante von Win32/Toolbar.Perion.M evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\tsoni.dll.vir"
sh=2F4C208655A7EC2BA1D2EE29C6383AAC17948A9E ft=1 fh=e78b89200277aa28 vn="Win32/Toolbar.Perion.N evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\wrex.exe.vir"
sh=5A10F30C11DCE52228B78385750B0B8BC1ABC042 ft=0 fh=0000000000000000 vn="Win32/Toolbar.Perion.K evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\shopperz\Firefox\chrome\content\main.js.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.pif.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\asp-fixer.scr.vir"
sh=05BBF923EFFC0CEAC46F97D7A4338AE75A00C02D ft=1 fh=bf0cf04aa4aad68d vn="MSIL/AdvancedSystemProtector.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Advanced System Protector\Troubleshooter\firefox.com.vir"
sh=4E55C0EC79269F13F711A73D78FB83A64568F31A ft=1 fh=bb107bfadd65c8b9 vn="Variante von Win32/AdWare.EoRezo.AU Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\gmsd_de_419\gamesdesktop_widget.exe.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\ProxySettings.dll.vir"
sh=7A25525A155F22BF98F1E6E1D016A9812A117B18 ft=1 fh=b7fbaed19c0a7686 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Common.dll.vir"
sh=863FE39D295E1D7E96A7EE009B2C7456FED16449 ft=1 fh=18674c0a95b0173f vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Communication.dll.vir"
sh=56BD28D693AD3BC8FA79C638DDC4121AE4DA6B55 ft=1 fh=940d9f22e74044fa vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\srut.dll.vir"
sh=FB5B4A391B7324EB112F3FD7C9BD21639E72D6CA ft=1 fh=865f29a73454d98e vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_32.dll.vir"
sh=4BDFBD817FCB92C32C674BB1DFFBDC6B15A28A0E ft=1 fh=d7d963aa43b1729b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\LPT\Resources\ntdis_64.dll.vir"
sh=99269E8A756D170BC324090E431BFED6C919400D ft=1 fh=c71c00111e79b2cc vn="Variante von Win32/Adware.MultiPlug.IY Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\mozilla firefox\dbghelp.dll.vir"
sh=15F1E27ADBADAC6EE9A4A14E7C1A8D11AB3D7EBF ft=1 fh=e9bee964907e3b91 vn="Variante von Win32/MyPCBackup.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MPCBClient.dll.vir"
sh=9B28F35A352DE4C5512BC252EBC813DBEB26BC61 ft=1 fh=d37c366403454630 vn="MSIL/MyPCBackup.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MyPC Backup\DEL_MyPC Backup.exe.vir"
sh=4076B25C54DFB5A9D716D40C83C2A42666413471 ft=1 fh=d622c00b02cc5622 vn="Variante von Win32/OptimizerPro.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Optimizer Pro 3.79\OptProHelper.dll.vir"
sh=69E0FD6EE8D42ED64BEB68AD5EACB7D9C9365321 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\49060.crx.vir"
sh=FDAC8FF9733C76A92831E0D617792282C15D50EE ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\49060.xpi.vir"
sh=8C6C5A05E6178631081221F7255EF7B16413A491 ft=1 fh=eff2dd2b8c8aa5ae vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-bho64.dll.vir"
sh=263FED76DF59686B957050785B1E3F17E2F1DB57 ft=1 fh=63a402a635839bc5 vn="Variante von Win32/Toolbar.CrossRider.AZ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-buttonutil.dll.vir"
sh=2F35DC8FA0BCDD0F63B3DB0D56761D857DCD4F6C ft=1 fh=fce415159ec96148 vn="Variante von Win64/Toolbar.Crossrider.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-buttonutil64.dll.vir"
sh=0F67A64C5CEEE4D63D0DD4633AE7E8DF84C53EA7 ft=1 fh=107467f9a54705a0 vn="Variante von Win64/Toolbar.Crossrider.H evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-buttonutil64.exe.vir"
sh=88C2CBED99DC8D7B1B3A3D4BBF4A08F670391074 ft=1 fh=3085df0f90946eec vn="Win32/Toolbar.CrossRider.BQ evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Plus-HD-5.5-helper.exe.vir"
sh=8C485596C56C1F62B4818010A86A1CA70A494275 ft=1 fh=57df024c01627137 vn="Variante von Win32/Toolbar.CrossRider.BP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-5.5\Uninstall.exe.vir"
sh=5D628376391A827A818B0A079B64EE457AE9B82A ft=1 fh=c71c0011e2e7a7a5 vn="Variante von Win32/ELEX.DH evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\BrowserAction.dll.vir"
sh=0DCB6451E8AE2DC56847E34CF7F1A560E4C212F5 ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1028.xpi.vir"
sh=F63121CDD14D9BCFA93BB10AF315FB5FC0823C03 ft=1 fh=02dcb7dc424bbbda vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\HPNotify.exe.vir"
sh=15D0246DBDBC07ECFB0A33970BC2571EF50E40D0 ft=1 fh=5ff352995c132b5c vn="Win32/ELEX.BM evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\IeWatchDog.dll.vir"
sh=564160696ED3A767BEB3A5B77DA5107F05EBCBA4 ft=1 fh=62fd1985c73163e4 vn="Variante von Win32/Adware.Yontoo.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir"
sh=F3A14D61B71E61567F337192A9FA16E5C5BC30A0 ft=1 fh=4fda23faae2191a1 vn="Variante von Win32/Adware.CouponMarvel.D Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\LolliScan\RfndNSIS.dll.vir"
sh=B859E1E3C5F38DA8EA82D4940325EC60B19FF339 ft=1 fh=30f7fbf806dee4f1 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=48EF8B4E06E0F1D3C06C4D6E1EA2B6CE48AA5231 ft=1 fh=ac26df35aa8ade69 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{ED7702F7-093C-4968-8B84-3CF5D1A3F23D}\_Setupx.dll.vir"
sh=923F0F4E5840532B91715F7A286A95F98357E4BE ft=1 fh=79d0db80be7a90bf vn="Variante von Win32/Adware.SpeedingUpMyPC.AA Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\{98781c85-f0a2-8c2e-9878-81c85f0a7217}\hqghumeaylnlf.exe.vir"
sh=9CF018684393E69865300D99624C931E872A9F7B ft=1 fh=b12e741996076995 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\lrrot.dll.vir"
sh=71F62255522F1F32BB5FF63B9AE8F7A84617B37B ft=1 fh=9716dd8dca1bb304 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Newtonsoft.Json.dll.vir"
sh=896771FB238679DDE1023EB8AFE287E7BC783E23 ft=1 fh=597c7428fcc19575 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Proxy.Lib.dll.vir"
sh=BD7AB5939C43A8BE1524B7FD78118DA81C4BCAE1 ft=1 fh=c88f82e57ccd8c61 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\ProxySettings.dll.vir"
sh=7E47A57ED8B727A31476E461735B6D4382F52FC2 ft=1 fh=aee3bc185f460d7d vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Common.dll.vir"
sh=82D5BA9ED459A56889AB2F52A994E5D9A67280E6 ft=1 fh=1cc7a8b23dfb8150 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Communication.dll.vir"
sh=42DE5AC4ED9371EC4586F3707A9DBF08FEDE9F5F ft=1 fh=57f5791ff7e05ab3 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Communication.NamedPipe.dll.vir"
sh=37587615A4500A9EECBE9FBDF7BFCE0CA6D02B48 ft=1 fh=34f33309d22a4aff vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Infrastructure.Utilities.dll.vir"
sh=9B0F22B09A5ACDA53EDA76160013911918BC1486 ft=1 fh=01ec60b0a0ba7b18 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Monetization.Proxy.ProxyService.dll.vir"
sh=A8DC29F034558D1C70383D7CD14375B0AED94A7E ft=1 fh=d7e44ab44ab7ff2e vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Personalization.Common.dll.vir"
sh=7F2C55216BCA6940A351CDE50C911CF0B7651464 ft=1 fh=50fbeb6677732462 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=58F052110022BA25E5C9E869577B4305396228A9 ft=1 fh=3a0c3ae81814d05c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\sppsm.dll.vir"
sh=2927A2C78423767C3B96039927029E3A73B71BF5 ft=1 fh=46487f41c982834c vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\spusm.dll.vir"
sh=6218EB794854535C2FD36020D96E77E8634A70FD ft=1 fh=0875018d2826076d vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srbs.dll.vir"
sh=3BBC4A354F9E2B3F9BC9301D1EF19D7F04E6E1C6 ft=1 fh=522df960df61867e vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srbu.dll.vir"
sh=E9B6F5B64B77D49656BAA3217F0387A8945E4932 ft=1 fh=6eaebdec584573ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\sreu.dll.vir"
sh=7DF240F9FE38A5AD6FDC624FB022CEEF09CAE410 ft=1 fh=32dd00cb81e4e834 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srpdm.dll.vir"
sh=F5593CAA1EBF8D0B2BF25F36090487E49417D8AF ft=1 fh=03c41d3497d7f529 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srprl.dll.vir"
sh=A0A37F1C39EDAD40BB8EF1B0CDEB0E8BAB9BF441 ft=1 fh=84d285d19f31b8ae vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srpt.dll.vir"
sh=E4D8D4A8321C7B2585C1A8A6988676CD81EA0EBD ft=1 fh=5729fd530997fafe vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srptc.dll.vir"
sh=BD3C19B1522A7E341D4C6EB015D8A68F94F68B5C ft=1 fh=595fec7cd405d0d6 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\srut.dll.vir"
sh=FB5B4A391B7324EB112F3FD7C9BD21639E72D6CA ft=1 fh=865f29a73454d98e vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Resources\ntdis_32.dll.vir"
sh=4BDFBD817FCB92C32C674BB1DFFBDC6B15A28A0E ft=1 fh=d7d963aa43b1729b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\LPT\Resources\ntdis_64.dll.vir"
sh=3B0392ADB64821DAD5347AA89CA7ADA85D4AD5C9 ft=0 fh=0000000000000000 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie2.2.2.zip.vir"
sh=A2D473E09F7C019315030A2124DCED3B90CB4F87 ft=1 fh=37fc42c7c433ae0f vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir"
sh=5454230820B9172472548B91677FA99352A16A35 ft=1 fh=83c1a584ac14f3e4 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir"
sh=5BC0BBC3AC54D016E4C7878598350F9BE2A134F9 ft=0 fh=0000000000000000 vn="Variante von Android/Mobserv.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk.vir"
sh=04DF5DA720E5E531F57BD14454EAF99E750D8BED ft=1 fh=f3c242e732b4b342 vn="Variante von Win32/Mobogenie.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir"
sh=5E6B1EE002F2130A58AE5CCEC8D2E17D4DDC522D ft=1 fh=c71c00110ed4918b vn="Variante von Win64/Toolbar.Linkury.A.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\cjsu.dll.vir"
sh=740CBD99FEDB9C8BD394E07BDB48F07B82A1F492 ft=1 fh=c71c001184bb3793 vn="Variante von Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\fnqitf.dll.vir"
sh=BBD0B7F7445843568230A3C7CCABDF3B54349D1E ft=1 fh=3614f6bb1a5023c8 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\jsukwu.exe.vir"
sh=F6389A956DE9FD2471954F84EA6386CE6FAADC10 ft=1 fh=c71c0011af938b92 vn="Win32/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\mapebhok.dll.vir"
sh=65808029CAC0FB87549557D02F13FDE09C308187 ft=1 fh=f706438655ddba66 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\dbaqz\mfpono.exe.vir"
sh=DEF493B414D196E9819ED83C771DCB9F292B3D20 ft=1 fh=6bafd9f7d982dd86 vn="Variante von MSIL/Toolbar.Linkury.O evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\RGMService\RBS\ResetBrowserSettings.exe.vir"
sh=24D575C22C0C1FA57F2D2245DD918D18306645DF ft=1 fh=f1e72098b72e1248 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Lrcnta.exe.vir"
sh=7BDA27CCC99E1FE20EE3E942C5AE82E9FCE292D2 ft=1 fh=bff3daf48b331a65 vn="Variante von MSIL/Toolbar.Linkury.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SafeFinder.exe.vir"
sh=DA95D398B00B219310DDD1144A1FA51276AD9FE5 ft=1 fh=86416bd3734619a6 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll.vir"
sh=318465326EF6213765E8A0F287052F1DFF36399C ft=1 fh=ea5191c021a7d919 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.ChromeLocalPlugin.dll.vir"
sh=AFE7283469C8B808B5B7B3BF1800A0F4B7C13353 ft=1 fh=ae7c39f970e541cb vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.FireFoxLocalPlugin.dll.vir"
sh=07C83F77F5A05EC69BF0BA62927FC762CEA79881 ft=1 fh=6f7b42aa38161cb4 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll.vir"
sh=026EA40C81AE8292222C028D7089208F145CB7BE ft=1 fh=58693addbdf74244 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll.vir"
sh=CFB134DC5B3D59D91432CCC830108D24E65411DF ft=1 fh=325523c45a4e101c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO.dll.vir"
sh=CFB134DC5B3D59D91432CCC830108D24E65411DF ft=1 fh=325523c45a4e101c vn="Variante von MSIL/Toolbar.Linkury.E evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerBHO2.dll.vir"
sh=DF602B96F4BDA04EA9352C926DCB8F078363E434 ft=1 fh=b1f6dc399231e851 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension.dll.vir"
sh=DF602B96F4BDA04EA9352C926DCB8F078363E434 ft=1 fh=b1f6dc399231e851 vn="Variante von MSIL/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\SmartbarInternetExplorerExtension2.dll.vir"
sh=C71C710C1040A560B54C93A9510ABC7B91971A94 ft=1 fh=d5108a5ed53ddda7 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smia64.exe.vir"
sh=0DA7D61F40A8B4933710EFEFE30548D683A5CF0B ft=1 fh=b29b280f2f40be86 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smsp.dll.vir"
sh=B923997BBCBE56159609899B347B093958A7A1A7 ft=1 fh=563813c5ff239bb0 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smta.dll.vir"
sh=911641D491D5B4E43502AACBEC983F874388A776 ft=1 fh=b99bc1b220079c79 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\smtu.dll.vir"
sh=7C4F700CCD5CEDA9FBB58D61D9BF89EE4441A89E ft=1 fh=f7a4ed5e1e698c26 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\spbe.dll.vir"
sh=739CA8DC9E2E55936778AC68C9E509ACD91C8598 ft=1 fh=16a98f21b81a3037 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\spbl.dll.vir"
sh=2CB199FEC232033540D08747F20F82E472174DA4 ft=1 fh=7246b04e5129a9e1 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\sppsm.dll.vir"
sh=5FAF467F8E399C07CB2D70F32DA35A728EF39848 ft=1 fh=f10771e2b66702d4 vn="Variante von MSIL/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\spusm.dll.vir"
sh=5E126B25B2C9A4A8227988B2ADFED3596DE544B4 ft=1 fh=22930e547155467a vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srbs.dll.vir"
sh=0743EB9C6E585FB817668E30B03474AABF0919C4 ft=1 fh=0f5e6bb2c675d399 vn="Variante von MSIL/Toolbar.Linkury.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srbu.dll.vir"
sh=D6447454569EB94DD06200CCF37F12BD72771195 ft=1 fh=aebce48e0015d581 vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srpu.dll.vir"
sh=D175F5D0832FC14C5AAAB008AA0F994FC961FCF6 ft=1 fh=447b03d757fdad33 vn="Variante von MSIL/Toolbar.Linkury.M.gen evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\srut.dll.vir"
sh=7EF38DBE4E68777EF54E1DD7DA04C47534701F07 ft=1 fh=d3493b0d6ef7d73d vn="Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\amfclgbdpgndipgoegfpkkgobahigbcl\GoogleChromeRemotePlugin.dll.vir"
sh=C88DAF3FB5D3FEC090233FF251F7F0CFC73EF4CD ft=1 fh=b74c7f4df627386b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_25.dll.vir"
sh=4B9D59EFA89F628628CE74083961743D56E460C7 ft=1 fh=8e9074b2b2075a48 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_26.dll.vir"
sh=7490AEEF60C67035A17073C7E22948D780998B0E ft=1 fh=6af4360a4bb034a6 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_27.dll.vir"
sh=26082D5DB9B347F437494C4C653142E9955602C3 ft=1 fh=703cca51fc20c81a vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_28.dll.vir"
sh=9F0960865FDEF1980F6819E256EEB3D3B7D02509 ft=1 fh=7244fccad6277424 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_29.dll.vir"
sh=0D3F379B123A44B84640F39DEC0EF089AD09118C ft=1 fh=f95a2dc466a76cfe vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_30.dll.vir"
sh=6B8689ED74F52CF66DA70B37BAEB6774F3BD20A8 ft=1 fh=dc5c298251a2ce0b vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_31.dll.vir"
sh=9432F0B83856109CE9FB238A2F1625209D2E65AB ft=1 fh=1fe9360e40e47706 vn="Variante von Win32/Toolbar.Linkury.D evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Application\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_32.dll.vir"
sh=27CBDA09C882FE37209720D614AEB69E2721061B ft=1 fh=d1028eb61eb079bc vn="Variante von MSIL/Toolbar.Linkury.I evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Local\Smartbar\Common\ServicesPlugins\Smartbar.Personalization.ServicesPlugins.SafeMode.dll.vir"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Roaming\Convertor\Convertor.exe.vir"
sh=E463ACFE9829A72AB2E222BAFADB1C3F7BD6785B ft=1 fh=c71c001116150659 vn="Variante von Win32/ELEX.CP evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Roaming\mystartsearch\UninstallManager.exe.vir"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Va\AppData\Roaming\WinKit\Updater.exe.vir"
sh=61897FE467FE567D4E93C0E87AF1899DB5416CA2 ft=1 fh=2b4e98822df8a714 vn="Variante von Win64/Systweak.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir"
sh=AAA29097B1E5A7098E19A38F1200E636EE1C3A1E ft=1 fh=6b75069f13c3f94c vn="Win64/AdvancedSystemProtector.A evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\sasnative64.exe.vir"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\FRST\Quarantine\C\Users\Va\AppData\Roaming\Winsta\bin\Winsta.exe"
sh=1A385914BBAFBF82AE6A41A1342256FC0F801FF1 ft=1 fh=0ea20545276ada37 vn="Variante von Win32/Adware.Vonteera.L Anwendung" ac=I fn="C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe"
sh=C254B47D1546532D7343E96EC98D9EE640503175 ft=1 fh=df00c81c8225020a vn="Win32/Systweak.D evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Va\Downloads\rcp_de79_sec_pd.exe"
sh=4F6F2C3DB42C81F0BE514A212C91F6F7FC81F50B ft=1 fh=5e5bd5be8d7bbf63 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Va\Downloads\ReimageRepair (1).exe"
sh=4F6F2C3DB42C81F0BE514A212C91F6F7FC81F50B ft=1 fh=5e5bd5be8d7bbf63 vn="Variante von Win32/ReImageRepair.C evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Va\Downloads\ReimageRepair.exe"
sh=4E5D92595443236644E528632B6699C8A7EBE8D5 ft=1 fh=1eb7510ee00f9c58 vn="Variante von Win32/Toolbar.Linkury.G evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll"
Code:
ATTFilter Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Avira Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Adobe Flash Player 16.0.0.305 Flash Player out of Date!
Mozilla Firefox (38.0.1)
````````Process Check: objlist.exe by Laurent````````
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Avira Antivirus sched.exe
Avira Antivirus avshadow.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
02.06.2015, 12:13
| #22 | ||||||||||
| /// TB-Ausbilder | WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Reste entfernen Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter start
CloseProcesses:
C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe
C:\Users\Va\Downloads\rcp_de79_sec_pd.exe
C:\Users\Va\Downloads\ReimageRepa*.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
EmptyTemp:
end
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Die Fixlog von FRST gleich posten, da diese sonst mit DelFix (siehe weiter unten) automatisch entfernt wird! Wenn du keine Probleme mehr mit Malware hast, dann sind wir hier fertig. Deine Logdateien sind sauber.  Zum Schluss müssen wir noch ein paar abschließende Schritte unternehmen, um deinen Pc aufzuräumen und abzusichern.  Cleanup: (Die Reihenfolge ist hier entscheidend) Falls Defogger verwendet wurde: Erneut starten und auf Re-enable klicken. Falls Combofix verwendet wurde:  Combofix deinstallieren
Alle Logs gepostet? Dann lade Dir bitte  DelFix herunter.
Hinweis: DelFix entfernt u.a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst. Starte Deinen Rechner abschließend neu. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein, kannst Du diese bedenkenlos löschen. Wenn Du möchtest, kannst Du hier sagen, ob Du mit mir und meiner Hilfe zufrieden warst...  und/oder das Forum mit einer kleinen Spende  unterstützen.   Absicherung: Beim Betriebsystem Windows die automatischen Updates aktivieren. Auch die sicherheitsrelevante Software sollte immer nur in der aktuellsten Version vorliegen: Browser Java Flash-Player PDF-Reader Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim einfachen Besuch einer manipulierten Website per "Drive-by" Malware zu installieren. Ich empfehle z.B. die Verwendung von Mozilla Firefox statt des Internet Explorers. Zudem lassen sich mit dem Firefox auch PDF-Dokumente öffnen. Aktiviere eine Firewall. Die in Windows integrierte genügt im Normalfall völlig. Verwende ein einziges der folgenden Antivirusprogramme mit Echtzeitscanner und stets aktueller Signaturendatenbank:
Zusätzlich kannst Du Deinen PC regelmäßig mit Malwarebytes Anti-Malware und ESET scannen. Optional:  NoScript Verhindert das Ausführen von aktiven Inhalten (Java, JavaScript, Flash,...) für sämtliche Websites. Man kann aber nach dem Prinzip einer Whitelist festlegen, auf welchen Seiten Scripts erlaubt werden sollen. Ghostery Erkennt und blockiert Tracker, Web Bugs, Pixel und Beacons und weitere Scripte, die das Surfverhalten ausspähen/beobachten. Malwarebytes Anti Exploit: Schützt die Anwendungen des Computers vor der Ausnutzung bekannter Schwachstellen.Lade Software von einem sauberen Portal wie  .Wähle beim Installieren von Software immer die benutzerdefinierte Option und entferne den Haken bei allen optional angebotenen Toolbars oder sonstigen, fürs Programm, irrelevanten Ergänzungen. Um Adware wieder los zu werden, empfiehlt sich zunächst die Deinstallation sowie die anschließende Resteentfernung mit Adwcleaner . Abschließend noch ein paar grundsätzliche Bemerkungen: Ändere regelmäßig Deine wichtigen Online-Passwörter und erstelle regelmäßig Backups Deiner wichtigen Dateien oder des Systems. Der Nutzen von Registry-Cleanern, Optimizern usw. zur Performancesteigerung ist umstritten. Ich empfehle deshalb, die Finger von der Registry zu lassen und lieber die windowseigene Datenträgerbereinigung zu verwenden. Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so dass ich dieses Thema aus meinen Abos löschen kann. |
|
02.06.2015, 18:09
| #23 |
| | WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam Hallo, hier die neuste Fixlog. Code:
ATTFilter Fix result of Farbar Recovery Scan Tool (x64) Version: 29-05-2015
Ran by Administrator at 2015-06-02 17:09:29 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Va & Administrator)
Boot Mode: Normal
==============================================
fixlist content:
*****************
start
CloseProcesses:
C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe
C:\Users\Va\Downloads\rcp_de79_sec_pd.exe
C:\Users\Va\Downloads\ReimageRepa*.exe
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll
EmptyTemp:
end
*****************
Processes closed successfully.
C:\Users\Va\AppData\Roaming\PDFConvert\SWUpdate.exe => Moved successfully.
C:\Users\Va\Downloads\rcp_de79_sec_pd.exe => Moved successfully.
C:\Users\Va\Downloads\ReimageRepa*.exe => Moved successfully.
C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll => Moved successfully.
EmptyTemp: => Removed 20.9 MB temporary data.
The system needed a reboot.
==== End of Fixlog 17:09:35 ====
Hallo, hat alles super geklappt. Vielen Dank. Nur noch zwei kleine Probleme: Der Chrome Browser lässt sich nicht deinstallieren, auch nicht in der Systemsteuerung. Ich will aber keine zwei Browser auf dem Rechner haben, und ab jetzt wieder Firefox installieren. Kannst du mir da nochmal helfen? Das Zweite ist: Es taucht z.B. auf Filepony immer ein Popup auf (so ein Käfer-Verbotsschild und "Entfernen von Malware" kostenlos herunterladen, Winzip). Ist das irgendwie relevant, oder soll es ignoriert werden. LG vom armen Tor |
|
02.06.2015, 20:36
| #24 | ||
| /// TB-Ausbilder | WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsamZitat:
Lade Dir bitte von hier  Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
Zitat:
Du könntest für Firefox dann Adblock Plus verwenden, damit werden dir solche Werbungen gar nicht erst angezeigt. Ich bin froh, dass wir helfen konnten  In diesem Forum kannst du eine kurze Rückmeldung zur Bereinigung abgeben, sofern du das möchtest: Lob, Kritik und Wünsche Klicke dazu auf den Button "NEUES THEMA" und poste ein kleines Feedback. Vielen Dank! Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen, schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen. |
|
| Themen zu WIN7 Suchanfragen werden auf Werbesuchseiten umgeleitet, Laptop bootet extrem langsam |
| .com, browser, firefox, frage, google, helper, hintergrund, home, infiziert, internet explorer, kaspersky, langsam, logfile, löschen, malwarebytes, microsoft, mozilla, mp3, neu, neustart, popup, scan, schutz, software, virus alert- maleware, windows |
+ R Taste und schreibe Combofix /Uninstall in das 
dann auf 
und dann auf 
. 
Linear-Darstellung
