Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.02.2015
Suchlauf-Zeit: 18:47:04
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.02.08.05
Rootkit Datenbank: v2015.02.03.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Karo
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363748
Verstrichene Zeit: 36 Min, 49 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 23
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [976e918bf694072f0bb3d664e41f9967],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [976e918bf694072f0bb3d664e41f9967],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, In Quarantäne, [ea1b61bbeaa00630d33113281ce704fc],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, In Quarantäne, [09fcb26a90facd6951b4c477df24a35d],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, In Quarantäne, [b84df428e4a604320d1371609f64ef11],
PUP.Optional.Delta.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\delta LTD, In Quarantäne, [ec197d9f5f2b11253a9203e4e71dc838],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, In Quarantäne, [fe078f8d73177fb7d64bf5dc887b8e72],
PUP.Optional.Softonic.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [d33297852e5cbb7bb0797a1643c054ac],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [976e46d60d7d2c0ab47dc10f60a36d93],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [d72ecf4d6426ac8a4ef67076a460d12f],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{c39d6d30-f9e1-4290-a731-c502fe173b39}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{4661ca16-9e6f-4c19-ba5d-32b5c57a8400}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{6543019F-C994-462D-8DFB-F9F82A1D685B}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9C7A8BEB-98E8-428A-A474-5E748CA93CAC}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{6543019F-C994-462D-8DFB-F9F82A1D685B}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9C7A8BEB-98E8-428A-A474-5E748CA93CAC}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{4661ca16-9e6f-4c19-ba5d-32b5c57a8400}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65Installer.Start.1, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\CLASSES\FromDocToPDF_65Installer.Start, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65Installer.Start, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\FromDocToPDF_65Installer.Start.1, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{C39D6D30-F9E1-4290-A731-C502FE173B39}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{C39D6D30-F9E1-4290-A731-C502FE173B39}, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
Registrierungswerte: 1
PUP.Optional.InstallCore.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, In Quarantäne, [d72ecf4d6426ac8a4ef67076a460d12f]
Registrierungsdaten: 1
PUP.Optional.Binkiland.A, HKU\S-1-5-21-4188268605-617450661-2314236916-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://binkiland.com/?f=1&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0AyCtAzy0EyD0CtAyEtCzyzytAyEyDtAtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1 L1Qzu2SyC0AyCyD0AzztBtBtG0ByBzyyEtGtD0CyBtCtG0F0DtByEtGtC0B0D0EtDtB0Fzy0DtCyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzztAtCzyyCyE0EtG0ByDzy0DtGyE0EtAtAtGzztCyBy BtG0A0ByDyCyCzztCyE0DtA0EyC2Q&cr=1617502873&ir=, Gut: (www.google.com), Schlecht: (hxxp://binkiland.com/?f=1&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0AyCtAzy0EyD0CtAyEtCzyzytAyEyDtAtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1 L1Qzu2SyC0AyCyD0AzztBtBtG0ByBzyyEtGtD0CyBtCtG0F0DtByEtGtC0B0D0EtDtB0Fzy0DtCyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzztAtCzyyCyE0EtG0ByDzy0DtGyE0EtAtAtGzztCyBy BtG0A0ByDyCyCzztCyE0DtA0EyC2Q&cr=1617502873&ir=),Ersetzt,[d43172aa206ac76f9d5a308824e1ee12]
Ordner: 9
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI\Installr, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI\Installr\setups, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Users\Karo\AppData\LocalLow\FromDocToPDF_65EI, In Quarantäne, [70952cf0573377bff95d85da659e14ec],
PUP.Optional.MindSpark.A, C:\Users\Karo\AppData\LocalLow\FromDocToPDF_65EI\Installr, In Quarantäne, [70952cf0573377bff95d85da659e14ec],
PUP.Optional.MindSpark.A, C:\Users\Karo\AppData\LocalLow\FromDocToPDF_65EI\Installr\Cache, In Quarantäne, [70952cf0573377bff95d85da659e14ec],
PUP.Optional.Binkiland.A, C:\Users\Karo\AppData\Roaming\Binkiland, In Quarantäne, [00059389ed9d50e64529cfb79e658f71],
PUP.Optional.Binkiland.A, C:\Users\Karo\AppData\Roaming\Binkiland\UpdateProc, In Quarantäne, [00059389ed9d50e64529cfb79e658f71],
Dateien: 13
PUP.Optional.DealPly.A, C:\Windows\System32\Tasks\DealPly, In Quarantäne, [ee1733e98ffb59dd28d58c21be4504fc],
PUP.Optional.Delta.A, C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\searchplugins\delta.xml, In Quarantäne, [fe072def95f5cb6b4c661fa647bc37c9],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\65EIPlug.dll, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\65EZSETP.dll, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISb.dll, In Quarantäne, [bf4620fcb6d438fe06d44d0aa2617b85],
PUP.Optional.MindSpark.A, C:\Users\Karo\AppData\LocalLow\FromDocToPDF_65EI\Installr\Cache\0132828D.exe, In Quarantäne, [70952cf0573377bff95d85da659e14ec],
PUP.Optional.MindSpark.A, C:\Users\Karo\AppData\LocalLow\FromDocToPDF_65EI\Installr\Cache\files.ini, In Quarantäne, [70952cf0573377bff95d85da659e14ec],
PUP.Optional.Binkiland.A, C:\Users\Karo\AppData\Roaming\Binkiland\UpdateProc\bkup.dat, In Quarantäne, [00059389ed9d50e64529cfb79e658f71],
PUP.Optional.Binkiland.A, C:\Users\Karo\AppData\Roaming\Binkiland\UpdateProc\config.dat, In Quarantäne, [00059389ed9d50e64529cfb79e658f71],
PUP.Optional.Binkiland.A, C:\Users\Karo\AppData\Roaming\Binkiland\UpdateProc\info.dat, In Quarantäne, [00059389ed9d50e64529cfb79e658f71],
PUP.Optional.Binkiland.A, C:\Users\Karo\AppData\Roaming\Binkiland\UpdateProc\UpdateTask.exe, In Quarantäne, [00059389ed9d50e64529cfb79e658f71],
PUP.Optional.Babylon.A, C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar_i.newTab", true);), Ersetzt,[09fc6cb01179ec4ae02a5b9815f0a060]
PUP.Optional.Babylon.A, C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the applicat), Ersetzt,[15f02fedd6b4cc6abc4eed06798c669a]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
AdwCleaner Logfile:
Code:
# AdwCleaner v4.110 - Bericht erstellt 08/02/2015 um 19:34:59
# Aktualisiert 05/02/2015 von Xplode
# Datenbank : 2015-02-08.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Karo - KARO-VAIO
# Gestarted von : C:\Users\Karo\Downloads\AdwCleaner_4.110.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\16972d6a000011f8
Ordner Gelöscht : C:\Program Files (x86)\SoftwareUpdater
Ordner Gelöscht : C:\Users\Karo\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Karo\AppData\Roaming\HoolappforAndroid
Datei Gelöscht : C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\user.js
Datei Gelöscht : C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\searchplugins\Binkiland.xml
***** [ Geplante Tasks ] *****
Task Gelöscht : Dealply
Task Gelöscht : Hoolapp For Android
Task Gelöscht : Hoolapp Init
Task Gelöscht : Optimizer Pro Schedule
Task Gelöscht : Software Updater Ui
Task Gelöscht : Software Updater
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D2CE3E00-F94A-4740-988E-03DC2F38C34F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8DCB7100-DF86-4384-8842-8FA844297B3F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{8DCB7100-DF86-4384-8842-8FA844297B3F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\Binkiland Browser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "Binkiland");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.delta-search.com/?affID=119370&tt=030213_de&babsrc=NT_ss&mntrId=7e6934530000000000009439e5c34199");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.admin", false);
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.aflt", "babsst");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.autoRvrt", "false");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.bbDpng", "5");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.cntry", "DE");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.dfltLng", "en");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.excTlbr", false);
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.hdrMd5", "5185150522B63EF25DBD134DA8F21890");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.id", "7e6934530000000000009439e5c34199");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlDay", "15741");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.instlRef", "sst");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.10.013:57:09");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.newTab", false);
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prdct", "delta");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.prtnrId", "delta");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.rvrt", "false");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.sg", "none");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.smplGrp", "none");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrId", "base");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsn", "1.8.10.0");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.10.013:57:09");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.delta.vrsni", "1.8.10.0");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.ROOTEXTENSION", "chrome://iminentwebbooster/content/minibar");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.ShowThankyouPixel", "0");
[ahw40jfo.default\prefs.js] - Zeile Gelöscht : user_pref("iminent.webbooster.scripts.minibar.registerToolbarEvent134", "1365295644490");
-\\ Google Chrome v40.0.2214.94
*************************
AdwCleaner[R0].txt - [17300 Bytes] - [08/02/2015 19:28:25]
AdwCleaner[S0].txt - [16990 Bytes] - [08/02/2015 19:34:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17050 Bytes] ##########
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by Karo on 08.02.2015 at 19:42:22,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{23C16B40-AC48-45C2-9EE6-C0218BDF8457}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{3C3D1186-1542-4505-83EB-816B7F878D40}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{614D8C9D-D894-48AC-9972-69FF129835A8}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{87FA3D7C-56EC-4A56-981D-F2419E19DEA4}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{B4F2B125-D1D5-49F2-BE94-634B4889867B}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{F2C4C043-F5E7-4B8C-9022-17CFE707DFB7}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{F8B7C8A5-807A-444B-9D1A-72B536FDDCCD}
Successfully deleted: [Empty Folder] C:\Users\Karo\appdata\local\{FC51F6BD-72F3-40AF-82DE-B5DE2C683607}
~~~ FireFox
Emptied folder: C:\Users\Karo\AppData\Roaming\mozilla\firefox\profiles\ahw40jfo.default\minidumps [302 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2015 at 19:52:17,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-02-2015
Ran by Karo (administrator) on KARO-VAIO on 08-02-2015 19:54:50
Running from C:\Users\Karo\Downloads
Loaded Profiles: Karo (Available profiles: Karo)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(LogMeIn, Inc.) C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
(LogMeIn Inc.) C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony of America Corporation) C:\Program Files\Sony\VAIO Care\listener.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [518784 2011-03-29] (Conexant Systems, Inc.)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [790688 2011-04-29] (Atheros Communications)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [657568 2011-04-29] (Atheros Commnucations)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-10-17] (Alps Electric Co., Ltd.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [648032 2010-11-27] (Sony Corporation)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [3977576 2015-01-20] (LogMeIn Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKU\S-1-5-21-4188268605-617450661-2314236916-1001\...\Run: [Google+ Auto Backup] => C:\Users\Karo\AppData\Local\Programs\Google\Google+ Auto Backup\Google+ Auto Backup.exe [3619096 2014-01-06] (Google Inc.)
HKU\S-1-5-21-4188268605-617450661-2314236916-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30877280 2014-12-11] (Skype Technologies S.A.)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4188268605-617450661-2314236916-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4188268605-617450661-2314236916-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-4188268605-617450661-2314236916-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com
HKU\S-1-5-21-4188268605-617450661-2314236916-1001\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
SearchScopes: HKLM -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-4188268605-617450661-2314236916-1001 -> {0b4d26f6-61a8-4463-99dd-5f2fe0400fa6} URL =
SearchScopes: HKU\S-1-5-21-4188268605-617450661-2314236916-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKU\S-1-5-21-4188268605-617450661-2314236916-1001 -> {E0BF05D4-9283-4E00-A973-1A7A3B141B22} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: af0.Adblock.BHO -> {90EFF544-3981-4d46-85C9-C0361D0931D6} -> C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default
FF Homepage: https://www.google.de/?gws_rd=ssl
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @ei.FromDocToPDF_65.com/Plugin -> C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll No File
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: YouTube Unblocker - C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\Extensions\youtubeunblocker@unblocker.yt [2015-01-13]
FF Extension: Web Install Updater Free - C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\Extensions\{2425e848-5529-4fb1-b7c8-7f5f49fe699d}.xpi [2013-11-05]
FF Extension: {48cba235-ddf1-439f-bd03-9789e74437d1} - C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\Extensions\{48cba235-ddf1-439f-bd03-9789e74437d1}.xpi [2013-10-31]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-01-11]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2014-06-05]
FF Extension: Adblock Plus - C:\Users\Karo\AppData\Roaming\Mozilla\Firefox\Profiles\ahw40jfo.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-05]
Chrome:
=======
CHR HomePage: Default -> https://www.google.de/webhp?tab=ww&ei=1xXVVJDjB4OpyQOM4IHoCQ&ved=0CAYQ1S4
CHR StartupUrls: Default -> "hxxp://binkiland.com/?f=7&a=bnk_fs_15_06&cd=2XzuyEtN2Y1L1Qzu0AyCtAzy0EyD0CtAyEtCzyzytAyEyDtAtN0D0Tzu0StCtCtAtDtN1L2XzutAtFyBtFyBtFyDtN1L1CzutCyEtBzytDyD1V1RtN1L1G1B1V1N2Y1L1Qzu2SyC0AyCyD0AzztBtBtG0ByBzyyEtGtD0CyBtCtG0F0DtByEtGtC0B0D0EtDtB0Fzy0DtCyDyE2QtN1M1F1B2Z1V1N2Y1L1Qzu2S0EzztAtCzyyCyE0EtG0ByDzy0DtGyE0EtAtAtGzztCyByBtG0A0ByDyCyCzztCyE0DtA0EyC2Q&cr=1617502873&ir=", "hxxp://www.google.com/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\40.0.2214.94\pdf.dll ()
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Adobe Acrobat) - c:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (FromDocToPDF Installer Plugin Stub) - C:\Program Files (x86)\FromDocToPDF_65EI\Installr\1.bin\NP65EISB.dll No File
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Profile: C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-14]
CHR Extension: (YouTube) - C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Google-Suche) - C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (AdBlock) - C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-12-03]
CHR Extension: (Google Wallet) - C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-31]
CHR Extension: (Google Mail) - C:\Users\Karo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]
StartMenuInternet: Google Chrome - chrome.exe
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [146592 2011-04-29] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [91296 2011-04-29] (Atheros Commnucations) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2361344 2011-03-29] (Realsil Microelectronics Inc.) [File not signed]
R2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [417552 2015-01-14] (LogMeIn, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [259192 2011-01-29] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Andbus; No ImagePath
S3 AndDiag; No ImagePath
S3 AndGps; No ImagePath
S3 ANDModem; No ImagePath
S3 andnetadb; C:\Windows\System32\Drivers\lgandnetadb.sys [31744 2012-07-03] (Google Inc)
S3 AndNetDiag; C:\Windows\System32\DRIVERS\lgandnetdiag64.sys [29184 2012-07-03] (LG Electronics Inc.)
S3 ANDNetModem; C:\Windows\System32\DRIVERS\lgandnetmodem64.sys [36352 2012-07-03] (LG Electronics Inc.)
S3 andnetndis; C:\Windows\System32\DRIVERS\lgandnetndis64.sys [93184 2012-07-04] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-08] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 DIRECTIO; \??\D:\test\final_test\test\PASSMARK\BurnInTest\DirectIo.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 19:52 - 2015-02-08 19:52 - 00001598 _____ () C:\Users\Karo\Desktop\JRT.txt
2015-02-08 19:40 - 2015-02-08 19:41 - 01388274 _____ (Thisisu) C:\Users\Karo\Downloads\JRT.exe
2015-02-08 19:36 - 2015-02-08 19:36 - 00006206 _____ () C:\Windows\PFRO.log
2015-02-08 19:36 - 2015-02-08 19:36 - 00000056 _____ () C:\Windows\setupact.log
2015-02-08 19:36 - 2015-02-08 19:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-02-08 19:28 - 2015-02-08 19:35 - 00000000 ____D () C:\AdwCleaner
2015-02-08 19:27 - 2015-02-08 19:27 - 02112512 _____ () C:\Users\Karo\Downloads\AdwCleaner_4.110.exe
2015-02-08 19:25 - 2015-02-08 19:25 - 00009457 _____ () C:\Users\Karo\Desktop\mbam.txt
2015-02-08 18:46 - 2015-02-08 19:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-08 18:45 - 2015-02-08 18:45 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-02-08 18:45 - 2015-02-08 18:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-02-08 18:45 - 2015-02-08 18:45 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-02-08 18:45 - 2015-02-08 18:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-08 18:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-08 18:45 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-08 18:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-08 18:44 - 2015-02-08 18:44 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Karo\Downloads\mbam-setup-2.0.4.1028.exe
2015-02-08 17:33 - 2015-02-08 17:33 - 00030248 _____ () C:\ComboFix.txt
2015-02-08 16:53 - 2015-02-08 17:34 - 00000000 ____D () C:\Qoobox
2015-02-08 16:53 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-08 16:53 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-08 16:53 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-08 16:53 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-08 16:53 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-08 16:53 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-08 16:53 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-08 16:53 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-08 16:52 - 2015-02-08 17:27 - 00000000 ____D () C:\Windows\erdnt
2015-02-08 16:49 - 2015-02-08 16:50 - 05609947 ____R (Swearware) C:\Users\Karo\Desktop\ComboFix.exe
2015-02-08 11:09 - 2015-02-08 11:10 - 00037116 _____ () C:\Users\Karo\Downloads\Addition.txt
2015-02-08 11:07 - 2015-02-08 19:54 - 00023346 _____ () C:\Users\Karo\Downloads\FRST.txt
2015-02-08 11:07 - 2015-02-08 19:54 - 00000000 ____D () C:\FRST
2015-02-08 11:06 - 2015-02-08 11:06 - 02132992 _____ (Farbar) C:\Users\Karo\Downloads\FRST64.exe
2015-02-08 09:54 - 2015-02-08 19:43 - 00082689 _____ () C:\Windows\WindowsUpdate.log
2015-02-04 16:57 - 2015-02-04 16:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
2015-02-04 16:57 - 2015-02-04 16:57 - 00000000 ____D () C:\ProgramData\MAGIX
2015-02-04 16:57 - 2015-02-04 16:57 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2015-02-04 16:48 - 2015-02-04 16:58 - 00000000 ____D () C:\Users\Karo\AppData\Roaming\MAGIX
2015-02-04 16:48 - 2015-02-04 16:48 - 00004098 _____ () C:\Windows\System32\Tasks\Binkiland nefa
2015-02-04 16:48 - 2015-02-04 16:48 - 00000000 ____D () C:\Users\Karo\.thumb
2015-02-04 16:47 - 2015-02-04 16:47 - 05716776 _____ () C:\Users\Karo\AppData\Local\12A4135D_stp.CIS
2015-02-04 16:47 - 2015-02-04 16:47 - 00187745 _____ () C:\Users\Karo\AppData\Local\37AFE03D_stp.CIS
2015-02-04 16:47 - 2015-02-04 16:47 - 00000312 _____ () C:\Users\Karo\AppData\Local\12A4135D_stp.CIS.part
2015-02-04 16:47 - 2015-02-04 16:47 - 00000230 _____ () C:\Users\Karo\AppData\Local\37AFE03D_stp.CIS.part
2015-02-04 16:47 - 2015-02-04 16:47 - 00000000 ____D () C:\Users\Karo\AppData\Local\37AFE03D_stp
2015-02-04 16:47 - 2015-02-04 16:47 - 00000000 ____D () C:\Users\Karo\AppData\Local\12A4135D_stp
2015-02-04 16:46 - 2015-02-04 16:46 - 01191200 _____ () C:\Users\Karo\Downloads\Vollversion Magix Slideshow Maker - CHIP-Installer.exe
2015-02-04 16:39 - 2015-02-04 16:39 - 01191200 _____ () C:\Users\Karo\Downloads\DVDStyler - CHIP-Installer.exe
2015-02-01 13:42 - 2015-02-01 13:42 - 00003342 _____ () C:\Users\Karo\AppData\Local\recently-used.xbel
2015-02-01 12:11 - 2015-02-01 12:11 - 00022996 _____ () C:\Users\Karo\Downloads\Studienkolleg.odt
2015-01-29 16:06 - 2015-01-29 16:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-28 18:37 - 2015-01-28 18:37 - 00001783 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-01-28 18:37 - 2015-01-28 18:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-01-28 18:36 - 2015-01-28 18:37 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-01-28 18:36 - 2015-01-28 18:37 - 00000000 ____D () C:\Program Files\iTunes
2015-01-28 18:36 - 2015-01-28 18:37 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-01-28 18:36 - 2015-01-28 18:36 - 00000000 ____D () C:\Program Files\iPod
2015-01-26 16:14 - 2015-01-26 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
2015-01-26 16:14 - 2015-01-26 16:14 - 00000000 ____D () C:\Program Files (x86)\LogMeIn Hamachi
2015-01-16 19:52 - 2015-01-16 19:52 - 00000000 ____D () C:\Users\Karo\AppData\Roaming\Freeplane
2015-01-16 19:52 - 2015-01-16 19:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeplane
2015-01-16 19:52 - 2015-01-16 19:52 - 00000000 ____D () C:\Program Files\Freeplane
2015-01-16 19:48 - 2015-01-16 19:48 - 01179936 _____ () C:\Users\Karo\Downloads\Freeplane - CHIP-Installer.exe
2015-01-13 21:50 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-13 21:50 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-13 21:50 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-13 21:50 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-13 21:50 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-13 21:50 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-13 21:50 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-13 21:50 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-13 21:50 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-13 21:50 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-13 21:50 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 21:50 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-13 21:50 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-12 15:36 - 2015-01-12 15:36 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-01-12 15:36 - 2015-01-12 15:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-08 19:50 - 2013-01-09 15:26 - 00000000 ____D () C:\Users\Karo\AppData\Roaming\Skype
2015-02-08 19:44 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-08 19:44 - 2009-07-14 05:45 - 00028848 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-08 19:37 - 2013-08-10 09:43 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 19:37 - 2013-05-06 23:47 - 00000000 ____D () C:\Users\Karo\AppData\Local\LogMeIn Hamachi
2015-02-08 19:37 - 2013-01-09 15:25 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{11F56770-4256-495C-A155-AD29D001D621}
2015-02-08 19:36 - 2013-01-07 10:33 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-08 19:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-08 19:24 - 2013-01-07 10:43 - 00000000 ____D () C:\Windows\PCHEALTH
2015-02-08 19:19 - 2013-08-10 09:43 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-08 18:58 - 2013-06-13 13:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-08 17:34 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-02-08 17:12 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-08 09:51 - 2013-04-29 15:49 - 00000000 ____D () C:\Users\Karo\AppData\Roaming\inkscape
2015-02-08 09:51 - 2013-01-16 20:42 - 00000000 ____D () C:\Users\Karo\AppData\Local\CrashDumps
2015-02-08 09:51 - 2011-02-10 23:48 - 00000000 ____D () C:\Windows\Panther
2015-02-08 09:41 - 2013-01-09 15:10 - 00000000 ____D () C:\Users\Karo
2015-02-08 09:31 - 2013-11-20 17:49 - 00000000 ____D () C:\Windows\Minidump
2015-02-07 20:59 - 2013-06-13 13:28 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-02-07 20:59 - 2013-01-11 15:39 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-07 20:59 - 2013-01-11 15:39 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-07 15:39 - 2013-01-07 10:51 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
2015-02-06 19:26 - 2013-01-11 15:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-05 08:09 - 2013-03-06 19:36 - 00051894 _____ () C:\test.xml
2015-02-05 07:17 - 2013-01-07 10:23 - 00000000 ____D () C:\ProgramData\Sony Corporation
2015-02-04 23:07 - 2013-09-01 16:34 - 00000000 ____D () C:\Users\Karo\AppData\Local\Windows Live
2015-02-02 07:12 - 2013-05-29 16:56 - 00000000 ____D () C:\Users\Karo\.gimp-2.8
2015-01-31 10:11 - 2013-01-07 10:15 - 02001362 _____ () C:\Windows\system32\perfh007.dat
2015-01-31 10:11 - 2013-01-07 10:15 - 00566542 _____ () C:\Windows\system32\perfc007.dat
2015-01-31 10:11 - 2009-07-14 06:13 - 00006256 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-29 22:23 - 2013-08-10 09:38 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-29 22:12 - 2013-04-12 21:13 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-28 18:36 - 2014-08-12 15:07 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-28 18:36 - 2013-01-17 15:45 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-01-19 06:17 - 2014-09-29 21:41 - 00000000 ____D () C:\Users\Karo\Documents\auslandsjahr
2015-01-18 22:15 - 2013-01-09 15:12 - 00000000 ____D () C:\Users\Karo\Documents\Bluetooth Folder
2015-01-18 15:26 - 2013-01-12 15:18 - 00000000 ____D () C:\Users\Karo\Documents\Schule
2015-01-14 11:32 - 2013-05-06 23:47 - 00033856 ____H (LogMeIn, Inc.) C:\Windows\system32\hamachi.sys
2015-01-12 15:36 - 2013-01-07 11:05 - 00000000 ____D () C:\ProgramData\Skype
==================== Files in the root of some directories =======
2015-02-04 16:47 - 2015-02-04 16:47 - 5716776 _____ () C:\Users\Karo\AppData\Local\12A4135D_stp.CIS
2015-02-04 16:47 - 2015-02-04 16:47 - 0000312 _____ () C:\Users\Karo\AppData\Local\12A4135D_stp.CIS.part
2015-02-04 16:47 - 2015-02-04 16:47 - 0187745 _____ () C:\Users\Karo\AppData\Local\37AFE03D_stp.CIS
2015-02-04 16:47 - 2015-02-04 16:47 - 0000230 _____ () C:\Users\Karo\AppData\Local\37AFE03D_stp.CIS.part
2014-11-14 23:05 - 2014-11-15 08:26 - 0004608 _____ () C:\Users\Karo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-01 13:42 - 2015-02-01 13:42 - 0003342 _____ () C:\Users\Karo\AppData\Local\recently-used.xbel
2013-01-09 15:28 - 2013-01-09 15:28 - 0000056 ____H () C:\ProgramData\ezsidmv.dat
Some content of TEMP:
====================
C:\Users\Karo\AppData\Local\Temp\Quarantine.exe
C:\Users\Karo\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-29 16:14
==================== End Of Log ============================
--- --- ---
--- --- ---
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
