defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:23 on 24/02/2015 (HansRaab)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST Logfile:
Code:
ATTFilter
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-02-2015 01
Ran by HansRaab (administrator) on HANSRAAB-PC on 24-02-2015 12:33:54
Running from D:\Download
Loaded Profiles: HansRaab (Available profiles: HansRaab & Gast)
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Atheros Commnucations) C:\Program Files\Bluetooth Suite\AdminService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Malwarebytes Corporation) C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe
(Deutsche Telekom AG) C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Star Finanz-Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
() C:\Program Files\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(S3 Graphics, Inc.) C:\Windows\System32\VTTimer.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Teleca AB) C:\Program Files\Common Files\Teleca Shared\Generic.exe
(Sony Ericsson Mobile Communications AB) C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\Plugin.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5\Plugin.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8\Plugin.exe
() C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\Plugin.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [VTTimer] => C:\Windows\system32\VTTimer.exe [53248 2006-06-16] (S3 Graphics, Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-27] (AVAST Software)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap.dll,ShadowPlayOnSystemStart
HKU\S-1-5-21-3631909480-931278838-2696860033-1002\...\Run: [] => [X]
HKU\S-1-5-21-3631909480-931278838-2696860033-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [GDriveSharedOverlay] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44} => No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKU\S-1-5-21-3631909480-931278838-2696860033-1002\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = Google
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Google
HKU\S-1-5-21-3631909480-931278838-2696860033-1002\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.psd-nuernberg.de/
HKU\S-1-5-21-3631909480-931278838-2696860033-1002\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d
SearchScopes: HKLM -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3631909480-931278838-2696860033-1002 -> DefaultScope {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3631909480-931278838-2696860033-1002 -> {43683598-82DA-4F6D-8A81-F7DB71C02640} URL = hxxp://ecosia.org/search.php?q={searchTerms}&addon=opensearch
SearchScopes: HKU\S-1-5-21-3631909480-931278838-2696860033-1002 -> {721061fb-eb79-4568-a03c-3ce26d68dae9} URL =
SearchScopes: HKU\S-1-5-21-3631909480-931278838-2696860033-1002 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll (Oracle Corporation)
BHO: Roll Around -> {83c0e288-8fa0-43d3-acc7-c1e839d85abc} -> C:\Program Files\Roll Around\Extensions\83c0e288-8fa0-43d3-acc7-c1e839d85abc.dll ()
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll (Oracle Corporation)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\HansRaab\AppData\Roaming\Mozilla\Firefox\Profiles\k5i4b7st.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine:
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nokia.com/EnablerPlugin -> C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF Plugin: @real.com/nppl3260;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin: @real.com/nprpplugin;version=16.0.0.282 -> C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\HansRaab\AppData\Roaming\Mozilla\Firefox\Profiles\k5i4b7st.default\user.js
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\.xml
FF Extension: QuickFox Notes - C:\Users\HansRaab\AppData\Roaming\Mozilla\Firefox\Profiles\k5i4b7st.default\Extensions\amin.eft_bmnotes@gmail.com [2015-01-17]
FF Extension: Lightbeam - C:\Users\HansRaab\AppData\Roaming\Mozilla\Firefox\Profiles\k5i4b7st.default\Extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2015-01-21]
FF Extension: Roll Around - C:\Users\HansRaab\AppData\Roaming\Mozilla\Firefox\Profiles\k5i4b7st.default\Extensions\{bec0d06e-c92d-48a7-bc8b-4f7ee342b2ad}.xpi [2015-02-24]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-02-06]
FF HKLM\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-05]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-28]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AtherosSvc; C:\Program Files\Bluetooth Suite\adminservice.exe [72864 2011-03-01] (Atheros Commnucations) [File not signed]
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-28] (AVAST Software)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [915600 2014-12-13] (NVIDIA Corporation)
R2 MBAMScheduler; C:\Program Files\ Malwarebytes Anti-Malware \mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\ Malwarebytes Anti-Malware \mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
S3 MZCCntrl; C:\Program Files\Common Files\Marmiko Shared\MZCCntrl.exe [61440 2007-01-09] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [File not signed]
R2 Netzmanager Service; C:\Program Files\Netzmanager\NMInfraIS2\Netzmanager_Service.exe [2635776 2012-07-20] (Deutsche Telekom AG) [File not signed]
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-13] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18186896 2014-12-13] (NVIDIA Corporation)
R2 Service Mgr RollAround; C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe [577264 2015-02-24] ()
S3 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StarMoney 9.0 OnlineUpdate; C:\Program Files\StarMoney 9.0\ouservice\StarMoneyOnlineUpdate.exe [697488 2014-07-04] (Star Finanz-Software Entwicklung und Vertriebs GmbH)
R2 Update Mgr RollAround; C:\Program Files\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe [384752 2015-02-24] ()
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 ALCXWDM; C:\Windows\System32\drivers\RTKVAC.SYS [4172832 2009-06-18] (Realtek Semiconductor Corp.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-11-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2014-11-28] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-11-28] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-11-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [787800 2014-11-28] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [423784 2014-11-28] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [91496 2014-11-28] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [206248 2014-11-28] ()
S3 AthBTPort; C:\Windows\System32\DRIVERS\btath_flt.sys [34976 2011-03-01] (Atheros)
S3 ATHDFU; C:\Windows\System32\Drivers\AthDfu.sys [43680 2011-03-01] (Windows (R) Win 7 DDK provider)
S3 BTATH_A2DP; C:\Windows\System32\drivers\btath_a2dp.sys [259232 2011-03-01] (Atheros)
R3 BTATH_BUS; C:\Windows\System32\DRIVERS\btath_bus.sys [24736 2011-03-01] (Atheros)
S3 BTATH_HCRP; C:\Windows\System32\DRIVERS\btath_hcrp.sys [175776 2011-03-01] (Atheros)
S3 BTATH_LWFLT; C:\Windows\System32\DRIVERS\btath_lwflt.sys [49312 2011-03-01] (Atheros)
S3 BTATH_RCP; C:\Windows\System32\DRIVERS\btath_rcp.sys [141088 2011-03-01] (Atheros)
S3 BtFilter; C:\Windows\System32\DRIVERS\btfilter.sys [242336 2011-03-01] (Atheros)
S3 BthAvrcp; C:\Windows\System32\DRIVERS\BthAvrcp.sys [22528 2009-08-13] (CSR, plc)
S3 hxctlflt; C:\Windows\System32\Drivers\hxctlflt.sys [99968 2009-02-08] (Guillemot Corporation)
S3 MACNDIS5; C:\Program Files\Common Files\Marmiko Shared\MAcNdis5.sys [17280 2006-10-04] (Marmiko IT-Solutions GmbH) [File not signed]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-11-21] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [114904 2015-02-24] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2014-11-21] (Malwarebytes Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [18576 2014-12-13] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [32912 2014-11-22] (NVIDIA Corporation)
S3 S3GIGP; C:\Windows\System32\DRIVERS\S3gIGPm.sys [808448 2006-06-23] (S3 Graphics Co., Ltd.)
S3 s716bus; C:\Windows\System32\DRIVERS\s716bus.sys [83208 2007-04-04] (MCCI Corporation)
S3 s716mdfl; C:\Windows\System32\DRIVERS\s716mdfl.sys [15112 2007-04-04] (MCCI Corporation)
S3 s716mdm; C:\Windows\System32\DRIVERS\s716mdm.sys [108552 2007-04-04] (MCCI Corporation)
S3 s716mgmt; C:\Windows\System32\DRIVERS\s716mgmt.sys [100360 2007-04-04] (MCCI Corporation)
S3 s716nd5; C:\Windows\System32\DRIVERS\s716nd5.sys [23176 2007-04-04] (MCCI Corporation)
S3 s716obex; C:\Windows\System32\DRIVERS\s716obex.sys [98568 2007-04-04] (MCCI Corporation)
S3 s716unic; C:\Windows\System32\DRIVERS\s716unic.sys [98952 2007-04-04] (MCCI Corporation)
S3 SNP2UVC; C:\Windows\System32\DRIVERS\snp2uvc.sys [3482112 2009-04-22] ()
S3 TelekomNM3; C:\Program Files\Netzmanager\NMInfraIS2\Driver\TelekomNM3.sys [35040 2010-09-16] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
S3 MIINPazX; \??\C:\PROGRA~2\COMMON~1\MARMIK~1\MInfraIS\MIINPazX.SYS [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 12:33 - 2015-02-24 12:34 - 00000000 ____D () C:\FRST
2015-02-24 12:23 - 2015-02-24 12:23 - 00000000 _____ () C:\Users\HansRaab\defogger_reenable
2015-02-24 08:44 - 2015-02-24 08:44 - 00000838 _____ () C:\Windows\PFRO.log
2015-02-23 13:00 - 2015-02-24 12:02 - 00000000 ____D () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf
2015-02-23 13:00 - 2015-02-24 12:00 - 00000000 ____D () C:\Program Files\Common Files\2a617352-d396-46a3-a71b-5d89535356cf
2015-02-23 13:00 - 2015-02-23 13:01 - 00000000 ____D () C:\Program Files\CrystalDiskInfo
2015-02-23 13:00 - 2015-02-23 13:00 - 00001892 _____ () C:\Users\HansRaab\Desktop\CrystalDiskInfo.lnk
2015-02-23 13:00 - 2015-02-23 13:00 - 00000000 ____D () C:\Users\HansRaab\AppData\Roaming\OpenCandy
2015-02-23 13:00 - 2015-02-23 13:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CrystalDiskInfo
2015-02-23 13:00 - 2015-02-23 13:00 - 00000000 ____D () C:\Program Files\Roll Around
2015-02-18 12:39 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-18 12:39 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-17 17:44 - 2015-01-09 03:48 - 00635904 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-17 17:44 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-17 17:44 - 2015-01-09 03:48 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-17 14:45 - 2015-01-15 08:46 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-17 14:45 - 2015-01-15 08:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-17 14:45 - 2015-01-15 08:43 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-17 14:45 - 2015-01-15 08:43 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-17 14:45 - 2015-01-15 08:42 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-17 14:45 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-17 14:45 - 2015-01-15 08:42 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-17 14:45 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-17 14:45 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-17 14:45 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-17 14:45 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-17 14:45 - 2015-01-15 05:21 - 00369968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-17 14:45 - 2015-01-09 02:45 - 02380288 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-17 14:44 - 2015-02-04 03:54 - 00482304 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-17 14:44 - 2015-02-04 03:53 - 00767488 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-17 14:44 - 2015-02-04 03:53 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-17 14:44 - 2015-02-04 03:53 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-17 14:44 - 2015-02-04 03:53 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-17 14:44 - 2015-02-04 03:53 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-17 14:44 - 2015-02-04 03:49 - 00886784 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-17 14:44 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-17 14:44 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-02-17 14:44 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-17 14:44 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-17 14:44 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-17 14:44 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-17 14:44 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-17 14:44 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-17 14:44 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-17 14:44 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-17 14:44 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-17 14:44 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-17 14:44 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-17 14:43 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-17 14:43 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-17 14:43 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-17 14:43 - 2015-01-12 03:21 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-17 14:43 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-17 14:43 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-17 14:43 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-17 14:43 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-17 14:43 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-17 14:43 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-17 14:43 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-17 14:43 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-17 14:43 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-17 14:43 - 2015-01-12 02:55 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-17 14:43 - 2015-01-12 02:48 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-17 14:43 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-17 14:43 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-17 14:43 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-17 14:43 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-17 14:43 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-17 14:43 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-17 14:43 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-17 14:43 - 2015-01-12 02:23 - 00684544 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-17 14:43 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-17 14:43 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-17 14:43 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-17 14:43 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-17 14:43 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-17 14:42 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-17 14:42 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-17 14:42 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-09 15:53 - 2015-02-09 15:55 - 00014848 ___SH () C:\Users\Public\Thumbs.db
2015-01-30 09:22 - 2015-02-24 11:59 - 00002688 _____ () C:\Windows\setupact.log
2015-01-30 09:22 - 2015-01-30 09:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-28 22:01 - 2015-01-28 22:00 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-01-28 22:01 - 2015-01-28 22:00 - 00176552 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-01-28 22:01 - 2015-01-28 22:00 - 00096680 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2015-01-28 22:00 - 2015-01-28 22:00 - 00000000 ____D () C:\Program Files\Common Files\Java
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-24 12:23 - 2013-02-06 10:43 - 00000000 ____D () C:\Users\HansRaab
2015-02-24 12:07 - 2009-07-14 05:34 - 00032960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-24 12:07 - 2009-07-14 05:34 - 00032960 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-24 12:03 - 2013-02-06 10:25 - 02023559 _____ () C:\Windows\WindowsUpdate.log
2015-02-24 11:59 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-24 09:57 - 2015-01-09 20:17 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-24 08:49 - 2013-10-15 07:49 - 00000000 ____D () C:\Program Files\StarMoney 9.0
2015-02-23 12:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\rescache
2015-02-18 12:31 - 2009-07-14 05:33 - 00304352 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-18 12:28 - 2014-12-12 11:34 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-18 12:28 - 2014-05-06 22:06 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-18 12:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\tracing
2015-02-18 12:28 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\de-DE
2015-02-17 18:12 - 2013-08-15 08:08 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-17 17:59 - 2013-02-10 19:10 - 113756392 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-09 15:53 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-02-09 10:56 - 2015-01-05 09:38 - 00000000 ____D () C:\AdwCleaner
2015-02-09 10:51 - 2013-05-08 09:00 - 00000000 ___RD () C:\Users\HansRaab\Desktop\PC-Tools
2015-02-06 19:49 - 2013-08-09 18:47 - 00000000 ____D () C:\Users\HansRaab\AppData\Local\CrashDumps
2015-01-29 17:26 - 2013-02-06 13:01 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-28 22:15 - 2014-12-10 15:01 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-28 22:14 - 2014-01-09 23:17 - 00035328 ___SH () C:\Users\HansRaab\Documents\Thumbs.db
2015-01-28 22:02 - 2013-09-27 15:14 - 00000000 ____D () C:\ProgramData\Oracle
2015-01-28 22:01 - 2014-09-03 21:30 - 00000000 ____D () C:\Program Files\Java
2015-01-28 22:00 - 2014-10-20 13:10 - 00272296 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-01-28 22:00 - 2014-10-20 13:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-25 17:57 - 2013-03-02 20:41 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-25 13:27 - 2013-02-06 12:08 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-25 13:27 - 2013-02-06 12:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
==================== Files in the root of some directories =======
2012-08-13 10:11 - 2012-08-13 10:11 - 141421187 _____ () C:\Program Files\openofficeorg1.cab
2012-08-13 10:09 - 2012-08-13 10:09 - 3166208 _____ () C:\Program Files\openofficeorg341.msi
2012-08-13 10:09 - 2012-08-13 10:09 - 0473600 _____ () C:\Program Files\setup.exe
2012-08-13 10:09 - 2012-08-13 10:09 - 0000294 _____ () C:\Program Files\setup.ini
2013-03-12 21:16 - 2013-03-12 21:16 - 0108219 _____ () C:\Users\HansRaab\AppData\Local\ars.cache
2013-03-12 21:16 - 2013-03-12 21:16 - 0277510 _____ () C:\Users\HansRaab\AppData\Local\census.cache
2013-03-12 20:56 - 2013-03-12 20:56 - 0000036 _____ () C:\Users\HansRaab\AppData\Local\housecall.guid.cache
2013-02-10 20:09 - 2014-12-12 16:13 - 0007618 _____ () C:\Users\HansRaab\AppData\Local\resmon.resmoncfg
Files to move or delete:
====================
C:\Users\HansRaab\cc_20140708_203523.reg
C:\Users\HansRaab\cc_20140830_125115.reg
C:\Users\HansRaab\cc_20140921_200454.reg
C:\Users\HansRaab\cc_20141128_202258.reg
C:\Users\HansRaab\cc_20150105_112801.reg
C:\Users\HansRaab\cc_20150105_123510.reg
C:\Users\HansRaab\cc_20150105_142335.reg
C:\Users\HansRaab\cc_20150105_203031.reg
C:\Users\Public\AlexaNSISPlugin.908.dll
Some content of TEMP:
====================
C:\Users\HansRaab\AppData\Local\Temp\Quarantine.exe
C:\Users\HansRaab\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-23 12:05
==================== End Of Log ============================
--- --- ---
--- --- ---
Code:
ATTFilterFRST Additions Logfile:
Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 23-02-2015 01
Ran by HansRaab at 2015-02-24 12:35:56
Running from D:\Download
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Adobe Flash Player 16 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 16.0.0.296 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
ASUS Bluetooth Suite (HKLM\...\{101A497C-7EF6-4001-834D-E5FA1C70FEFA}) (Version: 7.02.000.60 - ASUS Communications)
Avast Free Antivirus (HKLM\...\avast) (Version: 10.0.2208 - AVAST Software)
Banking Software (HKLM\...\{00277C92-28A4-4A4F-828C-3C7C15732E9E}) (Version: 7.03.0004 - Deutsche Telekom)
Brother MFL-Pro Suite DCP-135C (HKLM\...\{A3FEC306-FBFF-4B0D-95B9-F9C67C65079E}) (Version: 1.0.2.0 - Brother Industries, Ltd.)
Carom3D (HKLM\...\Carom3D) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4478 - CDBurnerXP)
CrystalDiskInfo 6.3.0 (HKLM\...\CrystalDiskInfo_is1) (Version: 6.3.0 - Crystal Dew World)
D3DX10 (Version: 15.4.2368.0902 - Microsoft) Hidden
DirSync 2.96 (HKLM\...\DirSync) (Version: - Stephen Kalisch)
DriveImage XML (Private Edition) (HKLM\...\{F7E1CA14-B39D-452A-960B-39423DDDD933}) (Version: 2.44.000 - Runtime Software)
Dropbox (HKU\S-1-5-21-3631909480-931278838-2696860033-1002\...\Dropbox) (Version: 2.6.24 - Dropbox, Inc.)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.1.13904 - Landesfinanzdirektion Thüringen)
FaceFilter Studio Brother Edition (HKLM\...\{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}) (Version: 1.0 - )
Fotogalerie (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Geogrid® DynPerspView (HKLM\...\Geogrid_DynPerspView) (Version: - )
Google Earth (HKLM\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Java 8 Update 31 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Junk Mail filter update (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 97, Professional Edition (HKLM\...\Office8.0) (Version: - )
Microsoft PowerPoint Viewer (HKLM\...\{95140000-00AF-0407-0000-0000000FF1CE}) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
Movie Maker (Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 35.0.1 (x86 de) (HKLM\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzmanager (HKLM\...\Netzmanager) (Version: 1.081 - Deutsche Telekom AG)
Netzmanager (Version: 1.081 - Deutsche Telekom AG, Marmiko IT-Solutions GmbH) Hidden
Nokia Connectivity Cable Driver (HKLM\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia)
Nokia Suite (HKLM\...\Nokia Suite) (Version: 3.8.54.0 - Nokia)
Nokia Suite (Version: 3.8.54.0 - Nokia) Hidden
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
OpenOffice.org 3.4.1 (HKLM\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Paint.NET v3.5.10 (HKLM\...\{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}) (Version: 3.60.0 - dotPDN LLC)
PC Connectivity Solution (HKLM\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia)
RealNetworks - Microsoft Visual C++ 2008 Runtime (Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM\...\RealPlayer 16.0) (Version: 16.0.0 - RealNetworks)
Realtek AC'97 Audio (HKLM\...\{FB08F381-6533-4108-B7DD-039E11FBC27E}) (Version: - )
RealUpgrade 1.1 (Version: 1.1.0 - RealNetworks, Inc.) Hidden
Roll Around (HKLM\...\Roll Around) (Version: 2.0.5531.31607 - Roll Around)
ScanSoft PaperPort 11 (HKLM\...\{B6C89654-A6A2-477C-873B-724EC1C56407}) (Version: 11.1.0000 - Nuance Communications, Inc.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
Sony Ericsson Device Data (Version: 1.0.25 - Sony Ericsson) Hidden
Sony Ericsson Drivers (Version: 1.0.25 - Sony Ericsson) Hidden
Sony Ericsson PC Suite (HKLM\...\{D6BF6477-8369-489F-8DE6-3731F4B88560}) (Version: 2.10.34 - )
Sony Ericsson PC Suite (Version: 2.10.25 - Sony Ericsson) Hidden
StarMoney (Version: 3.0.5.8 - StarFinanz) Hidden
StarMoney (Version: 4.0.0.203 - StarFinanz) Hidden
StarMoney 8.0 (HKLM\...\{85931B5D-EDEB-4DA7-80B4-EE2653C8E02A}) (Version: 8.0 - Star Finanz GmbH)
StarMoney 9.0 (HKLM\...\{DFD4785E-A8A3-420E-8CEC-39988F6270D5}) (Version: 9.0 - Star Finanz GmbH)
T-Online WLAN-Access Finder (HKLM\...\{295C31E5-3F91-498E-9623-DA24D2FA2B6A}) (Version: - )
Top50 Viewer basierend auf Geogrid®-Viewer Version 2.1 (HKLM\...\DeInst_d2vexcrd C:/Program Files/Top50 V4) (Version: - )
VIA/S3G Display Driver (HKLM\...\VIA Chrome9 HC IGP Display) (Version: - )
Windows Live Essentials (HKLM\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) (HKLM\...\17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382) (Version: 05/31/2012 7.1.2.0 - Nokia)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-3631909480-931278838-2696860033-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3631909480-931278838-2696860033-1002_Classes\CLSID\{6d05bf60-3eaf-4a97-87c5-10cce505435b}\localserver32 -> C:\Users\HansRaab\AppData\Local\Temp\{9c0ba3c1-2b67-45eb-bf69-bed9658d28d2}\IDriver.NonElevated.exe (the data entry has 7 more characters).
CustomCLSID: HKU\S-1-5-21-3631909480-931278838-2696860033-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3631909480-931278838-2696860033-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3631909480-931278838-2696860033-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-3631909480-931278838-2696860033-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\HansRaab\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
==================== Restore Points =========================
18-02-2015 13:23:24 Windows Update
24-02-2015 08:53:38 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {09C4BA61-CE93-4F00-9AEA-60D6E8ABCB3F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {1C7443DB-5954-4BFF-8FC8-C5B8CD4C42CF} - System32\Tasks\{AE5E7056-FDB1-4DD8-940C-E9C2EB05D5FF} => C:\Users\HansRaab\Desktop\Spiele\RATTLER.EXE [1991-09-12] ()
Task: {1F3E9471-B902-4AB1-BCEC-4356C7C9651D} - System32\Tasks\{705D752C-1F44-4AA0-AA23-F152A38ACCCE} => pcalua.exe -a "C:\Users\HansRaab\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8SSEGKT6\software_6_setup[1].exe" -d C:\Users\HansRaab\Desktop
Task: {23DDE263-241B-4E60-BEB9-5C3B3A0BD330} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-01-25] (Adobe Systems Incorporated)
Task: {2C6F2651-ECEC-4B4D-8582-B084A37D76C6} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3631909480-931278838-2696860033-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {37BA3E7B-B509-4623-A844-B28EFA294A06} - System32\Tasks\{11D9AE1B-E3F9-42C7-B3FF-846C3DAE1CD4} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE [1996-12-13] (Microsoft Corporation)
Task: {40D00C7D-1274-48E4-B1DF-BBC2A5515A3F} - System32\Tasks\{5F66F545-9E24-4C4C-8F39-02D4E2E4035F} => pcalua.exe -a "C:\Program Files\Microsoft Office\Office\Setup\Acme.exe" -c /w Off97Pro.STF
Task: {5C6DA362-426E-43EE-A210-8F19B1CD7BB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {6374AB8B-A014-425A-807E-D4E9895C7CC7} - System32\Tasks\{FF10AD55-7432-40B4-82CD-B34C1305E05E} => pcalua.exe -a E:\start.exe -d E:\
Task: {6B8C0FCA-264E-40B7-9F09-9E09C9660E9E} - System32\Tasks\{D8778EDF-DEF9-43D5-A71A-67A0E2FA839A} => pcalua.exe -a "D:\Dokumente\Downloads\ALDI Bestellsoftware Setup(1).exe" -d D:\Dokumente\Downloads
Task: {9B82F8D5-5C9D-41BF-8367-7B0024863B3C} - System32\Tasks\{B1B7B6CE-221E-4646-8E50-8591C82794C8} => pcalua.exe -a C:\Windows\system32\pcwrun.exe -c "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe"
Task: {B2620A15-9B6E-4AF0-B43E-6244EEB6AFA4} - System32\Tasks\{98D8EBC9-661E-49F6-B800-1BA13C3636AF} => C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28] ()
Task: {B2F7E39A-B4D6-4562-A374-F01616BAD74C} - System32\Tasks\{9F5F66EF-5ADB-4C81-879B-DC33CABB1472} => C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe [2007-05-28] ()
Task: {B412A666-7753-4DDD-9196-88AED3DF9145} - System32\Tasks\{6B5FB933-61A0-4AAE-8497-5AB9CD637016} => pcalua.exe -a "C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\ecsepm.cpl" -c Telefonmonitor-Optionen
Task: {B5745A7B-1E36-4E94-999A-21ED3A6AE4B3} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3631909480-931278838-2696860033-1002 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe [2012-11-30] (RealNetworks, Inc.)
Task: {B9F39F32-BC99-4870-BF61-89780B029361} - System32\Tasks\avastBCLRestartS-1-5-21-3631909480-931278838-2696860033-1002 => Firefox.exe
Task: {BEF7755D-CF5E-4EAF-8AE1-3B3E5A670EE8} - System32\Tasks\{5E7AE065-D251-4956-9ACA-90DA6FB28435} => pcalua.exe -a C:\Users\HansRaab\AppData\Roaming\DesktopIconForAmazon\IconForAmazon.exe -c uninstall
Task: {C1445573-4F47-4AF2-9F5B-EBB43A97F60E} - System32\Tasks\{8AEE0A55-590F-4765-BA37-F2B7AFDE7CD0} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE [1996-12-13] (Microsoft Corporation)
Task: {CAC77E60-90E0-42A6-B32E-9476E8BCEFC5} - System32\Tasks\{891F0127-B4DC-4768-9B66-C9D24EB6E215} => C:\Program Files\Microsoft Office\Office\OUTLOOK.EXE [1996-12-13] (Microsoft Corporation)
Task: {CD55DE1D-0287-490C-98A7-14DA4B1B6E9F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {DE182421-836C-4A69-882B-8E492CE15F86} - System32\Tasks\{7A19509F-96A8-4575-8D43-703FBC2629D8} => pcalua.exe -a E:\paperport\InstPPSE.exe -d E:\paperport
Task: {F6882C8E-1114-4B3D-8DBA-76DEEACB8B1F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-11-28] (AVAST Software)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) ==============
1996-12-14 00:00 - 1996-12-14 00:00 - 00022016 _____ () C:\Windows\system32\docobj.dll
2013-02-26 13:49 - 2014-05-20 01:04 - 00106840 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2015-02-24 08:48 - 2015-02-24 08:48 - 02911232 _____ () C:\Program Files\AVAST Software\Avast\defs\15022301\algo.dll
2014-07-21 08:41 - 2011-01-13 11:44 - 00232800 _____ () C:\Program Files\StarMoney 9.0\ouservice\PATCHW32.dll
2013-02-07 20:26 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
2015-02-23 09:33 - 2015-02-24 02:33 - 00384752 _____ () C:\Program Files\Common Files\2a617352-d396-46a3-a71b-5d89535356cf\updater.exe
2014-11-28 18:47 - 2014-11-28 18:47 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2006-03-09 17:45 - 2006-03-09 17:45 - 00081920 ____R () C:\Program Files\Common Files\Teleca Shared\boost_log-vc71-mt-1_33.dll
2015-02-23 09:33 - 2015-02-24 02:33 - 00577264 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugincontainer.exe
2015-02-23 12:34 - 2015-02-23 12:34 - 00701168 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\plugin.exe
2015-02-23 12:33 - 2015-02-23 12:33 - 00518896 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\5\plugin.exe
2015-02-23 12:33 - 2015-02-23 12:33 - 00508144 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\8\plugin.exe
2015-02-24 08:48 - 2015-02-24 12:03 - 00246000 _____ () C:\ProgramData\2a617352-d396-46a3-a71b-5d89535356cf\plugins\3\d9135418-4a1c-4cc7-bcea-6142e6a8f85f.dll
2015-01-16 15:54 - 2015-01-28 22:15 - 03925104 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll
2012-08-10 16:50 - 2012-08-10 16:50 - 00170496 _____ () C:\Program Files\OpenOffice.org 3\program\libxslt.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3631909480-931278838-2696860033-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\HansRaab\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: BrMfcWnd => C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
MSCONFIG\startupreg: ControlCenter3 => C:\Program Files\Brother\ControlCenter3\brctrcen.exe /autorun
MSCONFIG\startupreg: IndexSearch => "C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PaperPort PTD => "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
MSCONFIG\startupreg: PPort11reminder => "C:\Program Files\ScanSoft\PaperPort\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\PaperPort\11\Config\Ereg\Ereg.ini
MSCONFIG\startupreg: Sony Ericsson PC Suite => "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
MSCONFIG\startupreg: SoundMan => SOUNDMAN.EXE
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: TkBellExe => "C:\Program Files\Real\RealPlayer\Update\realsched.exe" -osboot
==================== Accounts: =============================
Administrator (S-1-5-21-3631909480-931278838-2696860033-500 - Administrator - Disabled)
Gast (S-1-5-21-3631909480-931278838-2696860033-501 - Limited - Enabled) => C:\Users\Gast.HansRaab-PC
HansRaab (S-1-5-21-3631909480-931278838-2696860033-1002 - Administrator - Enabled) => C:\Users\HansRaab
HomeGroupUser$ (S-1-5-21-3631909480-931278838-2696860033-1053 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/24/2015 00:07:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 864
Startzeit: 01d050212d919327
Endzeit: 258
Anwendungspfad: C:\Windows\Explorer.EXE
Berichts-ID: 4bbafb83-bc15-11e4-99b6-0015589635ce
Error: (02/24/2015 11:59:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 11:20:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 13a4
Startzeit: 01d05018cfbd6193
Endzeit: 78
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: b5d68a96-bc0e-11e4-92ff-0015589635ce
Error: (02/24/2015 11:01:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 934
Startzeit: 01d05016d0c14d6c
Endzeit: 94
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: 08758a66-bc0c-11e4-92ff-0015589635ce
Error: (02/24/2015 10:46:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1028
Startzeit: 01d050117014e55d
Endzeit: 63
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: 09809d4d-bc0a-11e4-92ff-0015589635ce
Error: (02/24/2015 10:45:11 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/02/24 10:45:11.301]: [00003112]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
Error: (02/24/2015 10:09:04 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STI BrtSTI: [2015/02/24 10:09:04.007]: [00003112]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
Error: (02/24/2015 10:08:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1064
Startzeit: 01d05010e6ad3700
Endzeit: 94
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: a8e2835a-bc04-11e4-92ff-0015589635ce
Error: (02/24/2015 10:04:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 1730
Startzeit: 01d0500fdf7fd985
Endzeit: 141
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: 1eb4f1cf-bc04-11e4-92ff-0015589635ce
Error: (02/24/2015 09:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm explorer.exe, Version 6.1.7601.17567 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 11a4
Startzeit: 01d0500d86a080f7
Endzeit: 109
Anwendungspfad: C:\Windows\explorer.exe
Berichts-ID: 1881eb3e-bc03-11e4-92ff-0015589635ce
System errors:
=============
Error: (02/24/2015 08:46:27 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/24/2015 08:46:27 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Windows Search erreicht.
Error: (02/24/2015 08:46:27 AM) (Source: DCOM) (EventID: 10005) (User: )
Description: 1053WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}
Error: (02/23/2015 00:10:17 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{7D8C9B6E-B0A6-433A-90D7-D44D080013D8}{4E5DC87F-8FD1-4D48-9266-C6349A352650}NT-AUTORITÄTNETZWERKDIENSTS-1-5-20LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 05:44:45 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
Error: (02/09/2015 05:34:47 PM) (Source: DCOM) (EventID: 10016) (User: NT-AUTORITÄT)
Description: ComputerstandardLokalAktivierung{7D8C9B6E-B0A6-433A-90D7-D44D080013D8}{4E5DC87F-8FD1-4D48-9266-C6349A352650}NT-AUTORITÄTNETZWERKDIENSTS-1-5-20LocalHost (unter Verwendung von LRPC)
Error: (02/09/2015 03:49:51 PM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (02/09/2015 11:04:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Diagnosediensthost" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Error: (02/09/2015 11:04:17 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: Der Dienst "WdiServiceHost" konnte sich nicht als "NT AUTHORITY\LocalService" mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:
%%50
Vergewissern Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft Management Console (MMC).
Error: (02/09/2015 11:04:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "IPsec-Richtlinien-Agent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1069
Microsoft Office Sessions:
=========================
Error: (02/24/2015 00:07:30 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Explorer.EXE6.1.7601.1756786401d050212d919327258C:\Windows\Explorer.EXE4bbafb83-bc15-11e4-99b6-0015589635ce
Error: (02/24/2015 11:59:58 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 11:20:18 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.1756713a401d05018cfbd619378C:\Windows\explorer.exeb5d68a96-bc0e-11e4-92ff-0015589635ce
Error: (02/24/2015 11:01:08 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.1756793401d05016d0c14d6c94C:\Windows\explorer.exe08758a66-bc0c-11e4-92ff-0015589635ce
Error: (02/24/2015 10:46:51 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567102801d050117014e55d63C:\Windows\explorer.exe09809d4d-bc0a-11e4-92ff-0015589635ce
Error: (02/24/2015 10:45:11 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/02/24 10:45:11.301]: [00003112]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
Error: (02/24/2015 10:09:04 AM) (Source: Brother BrLog) (EventID: 1001) (User: )
Description: STIBrtSTI: [2015/02/24 10:09:04.007]: [00003112]: CUsbScnDev: DeviceIoControl() failed. ErrorCode = 5
Error: (02/24/2015 10:08:21 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567106401d05010e6ad370094C:\Windows\explorer.exea8e2835a-bc04-11e4-92ff-0015589635ce
Error: (02/24/2015 10:04:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17567173001d0500fdf7fd985141C:\Windows\explorer.exe1eb4f1cf-bc04-11e4-92ff-0015589635ce
Error: (02/24/2015 09:57:09 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.1756711a401d0500d86a080f7109C:\Windows\explorer.exe1881eb3e-bc03-11e4-92ff-0015589635ce
==================== Memory info ===========================
Processor: AMD Sempron(tm) Processor 3000+
Percentage of memory in use: 56%
Total physical RAM: 3070.49 MB
Available physical RAM: 1335.74 MB
Total Pagefile: 6139.28 MB
Available Pagefile: 3925.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.57 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:41.8 GB) (Free:9.77 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Daten) (Fixed) (Total:34.89 GB) (Free:15.38 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 76.7 GB) (Disk ID: D221D221)
Partition 1: (Active) - (Size=41.8 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=34.9 GB) - (Type=OF Extended)
==================== End Of Log ============================
--- --- ---
Code:
ATTFilter
GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-24 13:33:12
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 HDS728080PLAT20 rev.PF2OA2AA 76,69GB
Running: Gmer-19357.exe; Driver: C:\Users\HansRaab\AppData\Local\Temp\kwliykoc.sys
---- System - GMER 2.1 ----
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAddBootEntry [0x9003DAC4]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwAllocateVirtualMemory [0x900F90BA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwAssignProcessToJobObject [0x9003E5A2]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEvent [0x9004A63C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateEventPair [0x9004A688]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateIoCompletion [0x9004A822]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateMutant [0x9004A5AA]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateSection [0x900F9494]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateSemaphore [0x9004A5F2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThread [0x900F9724]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwCreateThreadEx [0x900F980E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwCreateTimer [0x9004A7DC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDebugActiveProcess [0x9003F390]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDeleteBootEntry [0x9003DB2A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwDuplicateObject [0x90042B86]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwLoadDriver [0x9003D716]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwMapViewOfSection [0x900F9574]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwModifyBootEntry [0x9003DB90]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeKey [0x90042F7C]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwNotifyChangeMultipleKeys [0x9003FE78]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEvent [0x9004A666]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenEventPair [0x9004A6AA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenIoCompletion [0x9004A846]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenMutant [0x9004A5D0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenProcess [0x9004247E]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSection [0x9004A75A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenSemaphore [0x9004A61A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenThread [0x9004286A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwOpenTimer [0x9004A800]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwProtectVirtualMemory [0x900F9312]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueryObject [0x9003FCEC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwQueueApcThreadEx [0x9003F9FA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootEntryOrder [0x9003DBF6]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetBootOptions [0x9003DC5C]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwSetContextThread [0x900F9670]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemInformation [0x9003D7B0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSetSystemPowerState [0x9003D982]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwShutdownSystem [0x9003D910]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendProcess [0x9003F55A]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSuspendThread [0x9003F6BC]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwSystemDebugControl [0x9003DA0A]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwTerminateProcess [0x900F93E0]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwTerminateThread [0x9003F1EA]
SSDT \SystemRoot\system32\drivers\aswSnx.sys ZwVdmControl [0x9003DCC2]
SSDT \SystemRoot\system32\drivers\aswSP.sys ZwWriteVirtualMemory [0x900F9244]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRequestWaitReplyPort + 1495 82C7A9E5 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82CB4312 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10CB 82CBB550 4 Bytes [C4, DA, 03, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 82CBB578 4 Bytes [BA, 90, 0F, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 82CBB5D8 4 Bytes [A2, E5, 03, 90]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11A7 82CBB62C 8 Bytes [3C, A6, 04, 90, 88, A6, 04, ...]
.text ntkrnlpa.exe!KeRemoveQueueEx + 11B3 82CBB638 4 Bytes CALL 8773D8BF
.text ...
PAGE ntkrnlpa.exe!ZwReplyWaitReceivePortEx + 108 82E7761D 4 Bytes CALL 9004055F \SystemRoot\system32\drivers\aswSnx.sys
PAGE ntkrnlpa.exe!ZwAlpcSendWaitReceivePort + 122 82E91483 4 Bytes CALL 90040575 \SystemRoot\system32\drivers\aswSnx.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!SetScrollRange 772E8EC5 5 Bytes JMP 010C5F15 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!GetScrollInfo 772F2DA3 5 Bytes JMP 010C5EA8 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!SetScrollInfo 772F48DA 5 Bytes JMP 010C5F4C C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!GetScrollRange 7731045A 5 Bytes JMP 010C5E4B C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!SetScrollPos 773104BE 5 Bytes JMP 010C5E26 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!GetScrollPos 77310E43 5 Bytes JMP 010C5E83 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!EnableScrollBar 773119CE 5 Bytes JMP 010C5F80 C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\CCleaner\CCleaner.exe[612] USER32.dll!ShowScrollBar 77313C89 5 Bytes JMP 010C5EDB C:\Program Files\CCleaner\CCleaner.exe
.text C:\Program Files\AVAST Software\Avast\AvastSvc.exe[1480] kernel32.dll!SetUnhandledExceptionFilter 77B7F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\AVAST Software\Avast\avastui.exe[3444] kernel32.dll!SetUnhandledExceptionFilter 77B7F5AB 8 Bytes [31, C0, C2, 04, 00, 90, 90, ...] {XOR EAX, EAX; RET 0x4; NOP ; NOP ; NOP }
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtCreateFile 77A35608 5 Bytes JMP 56629AE0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtFlushBuffersFile 77A35998 5 Bytes JMP 5660C434 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtQueryFullAttributesFile 77A36028 5 Bytes JMP 5660C150 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtReadFile 77A362F8 5 Bytes JMP 5660C330 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtReadFileScatter 77A36308 5 Bytes JMP 5702F60F C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtWriteFile 77A36AA8 5 Bytes JMP 5662A9F0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!NtWriteFileGather 77A36AB8 5 Bytes JMP 5702F5BE C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!LdrUnloadDll 77A4C8DE 5 Bytes JMP 000E03FC
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] ntdll.dll!LdrLoadDll 77A522AE 5 Bytes JMP 614A1F42 C:\Program Files\Mozilla Firefox\mozglue.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] KERNEL32.dll!K32GetDeviceDriverBaseNameW + 5D 77B794E6 7 Bytes JMP 56F54AA0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] KERNEL32.dll!QueryPerformanceCounter + 13 77B7C4E5 7 Bytes JMP 56F54AC3 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] KERNEL32.dll!LoadAppInitDlls + 355 77B7F5A6 7 Bytes JMP 566263D0 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] user32.dll!GetWindowInfo 772F4B5E 5 Bytes JMP 56E4B991 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] GDI32.dll!GetViewportOrgEx + 26C 7764884B 3 Bytes JMP 56F54A21 C:\Program Files\Mozilla Firefox\xul.dll
.text C:\Program Files\Mozilla Firefox\firefox.exe[3708] GDI32.dll!GetViewportOrgEx + 270 7764884F 3 Bytes [DF, EB, F9] {FUCOMIP ST0, ST3; STC }
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272358d7b
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\000272358d7b@001d288fea2f 0xAE 0xFF 0x66 0x84 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015836bb818
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015836bb818@001d288fea2f 0x19 0x4B 0x73 0x3B ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272358d7b (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\000272358d7b@001d288fea2f 0xAE 0xFF 0x66 0x84 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015836bb818 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015836bb818@001d288fea2f 0x19 0x4B 0x73 0x3B ...
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\CIT\System\Active@A2D79AAC 1148
---- EOF - GMER 2.1 ----
--- --- ---
Code:
ATTFilterAdwCleaner Logfile:
Code:
# AdwCleaner v4.106 - Bericht erstellt am 14/01/2015 um 14:27:23
# Aktualisiert 21/12/2014 von Xplode
# Database : 2014-12-21.4 [Local]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : HansRaab - HANSRAAB-PC
# Gestartet von : C:\Users\HansRaab\Desktop\PC-Tools\adwcleaner_4.106(1).exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : AddonsHelper
***** [ Dateien / Ordner ] *****
Datei Gelöscht : C:\Users\HansRaab\AppData\Roaming\Mozilla\Firefox\Profiles\k5i4b7st.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Dealply
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\HansRaab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\HansRaab\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\HansRaab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\HansRaab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\HansRaab\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [dnshelp@dnshelp.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\5aed788e63eea41
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\GlobalUpdate
Schlüssel Gelöscht : HKCU\Software\InetStat
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\RegisteredApplicationsEx
Schlüssel Gelöscht : HKCU\Software\SecuredDownload
Schlüssel Gelöscht : HKCU\Software\V9
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7DD5E91C-3864-77EC-7635-D14910C2A03E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\suptab\search~1.dll
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v34.0.5 (x86 de)
-\\ Comodo Dragon v
*************************
AdwCleaner[R0].txt - [5748 octets] - [05/01/2015 09:38:25]
AdwCleaner[R10].txt - [774 octets] - [09/01/2015 18:42:07]
AdwCleaner[R11].txt - [774 octets] - [09/01/2015 18:52:19]
AdwCleaner[R12].txt - [632 octets] - [09/01/2015 22:31:01]
AdwCleaner[R13].txt - [632 octets] - [10/01/2015 10:29:25]
AdwCleaner[R14].txt - [632 octets] - [11/01/2015 11:55:26]
AdwCleaner[R15].txt - [632 octets] - [11/01/2015 14:25:32]
AdwCleaner[R16].txt - [665 octets] - [14/01/2015 13:10:58]
AdwCleaner[R17].txt - [9247 octets] - [14/01/2015 14:23:45]
AdwCleaner[R1].txt - [3022 octets] - [05/01/2015 18:35:35]
AdwCleaner[R2].txt - [2960 octets] - [05/01/2015 19:43:52]
AdwCleaner[R3].txt - [3069 octets] - [05/01/2015 19:56:41]
AdwCleaner[R4].txt - [1017 octets] - [05/01/2015 20:51:17]
AdwCleaner[R5].txt - [1017 octets] - [05/01/2015 21:44:41]
AdwCleaner[R6].txt - [955 octets] - [05/01/2015 22:28:06]
AdwCleaner[R7].txt - [906 octets] - [06/01/2015 11:57:13]
AdwCleaner[R8].txt - [866 octets] - [07/01/2015 10:29:25]
AdwCleaner[R9].txt - [774 octets] - [09/01/2015 13:12:36]
AdwCleaner[S0].txt - [9896 octets] - [14/01/2015 14:27:23]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9956 octets] ##########
--- --- ---
Code:
ATTFilter
Malwarebytes Anti-Malware
Malwarebytes | Free Anti-Malware & Internet Security Software
Suchlauf Datum: 09.01.2015
Suchlauf-Zeit: 20:40:11
Logdatei: malewareergebn.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.01.09.15
Rootkit Datenbank: v2015.01.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: HansRaab
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 387947
Verstrichene Zeit: 41 Min, 22 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 3
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, 1884, , [a3f551a30881d95df9fa4db744be3bc5]
PUP.Optional.XTab.A, C:\Program Files\XTab\CmdShell.exe, 2932, , [e0b82cc87415c175d09fed7b14ef11ef]
PUP.Optional.XTab.A, C:\Program Files\XTab\HPNotify.exe, 2860, , [e0b82cc87415c175d09fed7b14ef11ef]
Module: 9
PUP.Optional.XTab.A, C:\Program Files\XTab\BrowerWatchFF.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\BrowserAction.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\IeWatchDog.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
Registrierungsschlüssel: 8
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [a3f551a30881d95df9fa4db744be3bc5],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\IHProtect, , [51475a9afb8eca6ca8c6e4846e95bf41],
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\mystartsearchSoftware, , [b6e2b73dc8c125113adb4e22dd26cb35],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [c2d6ce261d6cb77fe9fac509778df50b],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [71270be95336b482ff3e1b58b350b14f],
PUP.Optional.CrossRider.A, HKU\S-1-5-21-3631909480-931278838-2696860033-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Crossrider, , [cace9163771240f6611f37a09470fb05],
PUP.Optional.Qone8, HKU\S-1-5-21-3631909480-931278838-2696860033-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [4058ab49dfaaa492a63cd3fb94702bd5],
PUP.Optional.AmazonTB.A, HKU\S-1-5-21-3631909480-931278838-2696860033-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\ALEXA INTERNET\ALEXA9\Amazon, , [3662fef615747eb8dfeb7356758ffa06],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 8
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.mystartsearch.com/?type=hppp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX),,[4355db1959307eb8c6909af6b4510ef2]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=ds&ts=1420447154&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1420447154&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}),,[a1f72dc7b0d981b5f2cebac89f66f20e]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX),,[afe908ecd4b553e3506ee1a16b9a19e7]
PUP.Optional.MyStartSearch.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=ds&ts=1420447154&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=ds&ts=1420447154&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}),,[4751a74ddaafed492798760c867f0df3]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[1187b143e9a09c9a9607b0deca3bb54b]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3631909480-931278838-2696860033-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}),,[b1e74ba98306e254b112562cbd4858a8]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3631909480-931278838-2696860033-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.mystartsearch.com/?type=hppp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/?type=hppp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX),,[1f796a8ae5a466d0dde495edea1b8c74]
PUP.Optional.MyStartSearch.A, HKU\S-1-5-21-3631909480-931278838-2696860033-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}, Gut: (Google), Schlecht: (hxxp://www.mystartsearch.com/web/?type=dspp&ts=1420447245&from=ima&uid=HDS728080PLAT20_PFD215E8R8KT7MR8KT7MX&q={searchTerms}),,[722692624643e35319a95a2822e3fd03]
Ordner: 32
PUP.Optional.XTab.A, C:\Program Files\XTab, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\image, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW, , [e0b82cc87415c175d09fed7b14ef11ef],
Rogue.Multiple, C:\ProgramData\4001812108, , [4c4c0ce81475d85e2c3e1f03d72cda26],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [d9bf37bd3653aa8c764f65e4659e27d9],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [d9bf37bd3653aa8c764f65e4659e27d9],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [395f5d97f7920e28a781d4932ed5728e],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [395f5d97f7920e28a781d4932ed5728e],
Dateien: 74
PUP.Optional.XTab.A, C:\Program Files\XTab\ProtectService.exe, , [a3f551a30881d95df9fa4db744be3bc5],
PUP.Optional.WindowsProtectManger.A, C:\$Recycle.Bin\S-1-5-21-3631909480-931278838-2696860033-1002\$RQODO49.exe, , [a2f649abb2d7c47299f003c0ca3723dd],
PUP.Optional.XTab.A, C:\Program Files\XTab\uninstall.exe, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\BrowerWatchCH.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\BrowerWatchFF.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\BrowserAction.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\CmdShell.exe, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\conf, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\HPNotify.exe, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\IeWatchDog.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcp110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\msvcr110.dll, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\about_bk.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\btn_apply.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\close.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf.xml, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\conf_back.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\input_bk.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\logo.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\main.xml, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_1.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\radio_2.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\rigth_arrow.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\skin\settings.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\data.html, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE.html, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\indexIE8.html, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\main.css, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\ver.txt, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\arrow.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_add_logo_hover.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\default_logo.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\googlelogo2.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\google_trends.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon128.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon16.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\icon48.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\loading.gif, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\logo32.ico, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\img\weather\0.png, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\common.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ga.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\ie8.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery-1.11.0.min.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\jquery.autocomplete.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\js.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\library.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit-ie8.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\js\xagainit2.0.js, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\en-US\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-419\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\es-ES\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-BE\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CA\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-CH\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-FR\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\fr-LU\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-CH\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\it-IT\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pl\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\pt-BR\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\ru-MO\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\tr-TR\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\vi-VI\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-CN\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.XTab.A, C:\Program Files\XTab\web\_locales\zh-TW\messages.json, , [e0b82cc87415c175d09fed7b14ef11ef],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, , [d9bf37bd3653aa8c764f65e4659e27d9],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
Angehängte Dateien
Dateityp: log defogger_disable.log (478 Bytes, 0x aufgerufen)
Dateityp: txt FRST.txt (31,3 KB, 0x aufgerufen)
Dateityp: txt Addition.txt (29,5 KB, 0x aufgerufen)
Dateityp: log GMER.log (13,5 KB, 0x aufgerufen)
Dateityp: txt AdwCleaner[S0].txt (9,8 KB, 0x aufgerufen)
Dateityp: txt malewareergebn.txt (17,4 KB, 0x aufgerufen)
So funktioniert es:
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
