Nicole08 | 15.03.2015 14:52 | Malwarebytes Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 05.03.2015
Suchlauf-Zeit: 14:54:47
Logdatei: Malwarebytes 2015-03-05.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.03.05.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Testversion
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: benutzer
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 340646
Verstrichene Zeit: 42 Min, 7 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 1
PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, 5392, , [33b362df4c3ebe7810c5d9d328d9f30d]
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 11
PUP.Optional.Spigot.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Application Updater, , [33b362df4c3ebe7810c5d9d328d9f30d],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\CLASSES\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B922D405-6D13-4A2B-AE89-08A030DA4402}, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1544451011-3975194477-2784028731-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{B922D405-6D13-4A2B-AE89-08A030DA4402}, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1544451011-3975194477-2784028731-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{B922D405-6D13-4A2B-AE89-08A030DA4402}, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\CLASSES\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\INPROCSERVER32, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER, , [39ad55ec54361d19c045d1ed60a3a759],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS, , [1dc9f34e2d5df640788cb20c05feff01],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1544451011-3975194477-2784028731-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Search Settings, , [1fc74ef36327ed491e8981a47b8ab24e],
PUP.Optional.Spigot.A, HKU\S-1-5-21-1544451011-3975194477-2784028731-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS, , [04e2d869dab08aace021e0de0df618e8],
Registrierungswerte: 11
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\APPLICATION UPDATER\APPLICATIONUPDATER.EXE, 1, , [33b362df4c3ebe7810c5d9d328d9f30d]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, , [a2442a171971241251b1e5f11ae7ba46]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchSettings, "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe", , [a2442a171971241251b1e5f11ae7ba46]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1544451011-3975194477-2784028731-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{B922D405-6D13-4A2B-AE89-08A030DA4402}, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B922D405-6D13-4A2B-AE89-08A030DA4402}, pdfforge Toolbar, , [618566db0387fc3a8c76954139c89967]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{B922D405-6D13-4A2B-AE89-08A030DA4402}, pdfforge Toolbar, , [618566db0387fc3a8c76954139c89967]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\APPLICATION UPDATER|serverURL, hxxp://www.mybrowserbar.com/, , [39ad55ec54361d19c045d1ed60a3a759]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\SEARCH SETTINGS|installDir, C:\Program Files (x86)\Common Files\Spigot\Search Settings\, , [1dc9f34e2d5df640788cb20c05feff01]
PUP.Optional.Spigot.A, HKU\S-1-5-21-1544451011-3975194477-2784028731-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SEARCH SETTINGS|GCProtected, 0, , [04e2d869dab08aace021e0de0df618e8]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{4D6A6C8E-1EB2-46E1-8CAA-40DAFDE3ED93}.XPI, 1, , [1ec8360b2b5ff73f063f0a80f31056aa]
PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\{62DD0A97-FDD4-421B-94A5-D1A9434450C7}.XPI, 1, , [1ec8360b2b5ff73f063f0a80f31056aa]
Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)
Ordner: 4
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, , [1ec8360b2b5ff73f063f0a80f31056aa],
Dateien: 27
PUP.Optional.Spigot.A, C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe, , [33b362df4c3ebe7810c5d9d328d9f30d],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, , [a2442a171971241251b1e5f11ae7ba46],
PUP.Optional.Spigot.A, C:\Program Files (x86)\pdfforge Toolbar\IE\11.0\pdfforgeToolbarIE64.dll, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, C:\Program Files (x86)\pdfforge Toolbar\IE\11.0\pdfforgeToolbarIE.dll, , [618566db0387fc3a8c76954139c89967],
PUP.Optional.Spigot.A, C:\Program Files (x86)\pdfforge Toolbar\WidgiHelper.exe, , [8a5ca49d2664fc3a0dc9c3e9e41d2ad6],
PUP.Optional.Spigot.A, C:\Windows\Installer\433ed.msi, , [76704ff231595adcb34fddf95da4b749],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth200.dll, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx200.dll, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ff.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandextr_ie.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{4D6A6C8E-1EB2-46e1-8CAA-40DAFDE3ED93}.xpi, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\{62DD0A97-FDD4-421b-94A5-D1A9434450C7}.xpi, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, , [1ec8360b2b5ff73f063f0a80f31056aa],
PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, , [1ec8360b2b5ff73f063f0a80f31056aa],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:00 on 15/03/2015 (****)
Checking for autostart values...^^
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by **** (administrator) on ****-HP on 15-03-2015 14:02:50
Running from C:\Users\****\Downloads
Loaded Profiles: **** (Available profiles: ****)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
(CANON INC.) C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.EXE
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_305.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6602856 2011-01-11] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-05] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2503704 2015-03-05] ()
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-11-02] (CyberLink)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1273448 2012-04-03] (CANON INC.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-26] (Easybits)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-05] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\Run: [Google Update] => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-09-02] (Google Inc.)
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\Run: [EPLTarget\P0000000000000001] => C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIIKE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-302 303 305 306 Series"
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7394584 2014-12-12] (Piriform Ltd)
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\RunOnce: [Adobe Speed Launcher] => 1426423548
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\MountPoints2: F - F:\autostart.exe
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\MountPoints2: {eec51d56-2dc7-11e3-98ff-2c768ae646aa} - G:\pushinst.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://web.de/
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/CQNOT/4
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.pixelio.de/
hxxp://www.google.de/
URLSearchHook: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\11.0\pdfforgeToolbarIE64.dll ()
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM -> {F508C8AB-762D-4759-BA05-C8D219F6E582} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> {F508C8AB-762D-4759-BA05-C8D219F6E582} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={5DAC5645-8911-4FE5-B479-CE9AA19E9E4C}&mid=eba0431ce20f47d09ea8fd3fcc02af59-cc200d34b14e5459bf1ea92047f6eef29cd316c2&lang=en&ds=gf011&pr=sa&d=2012-08-28 08:35:01&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=CPNTDF&pc=CPNTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=CPNTDF
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {5A7FB257-9F57-49C7-B172-EEC9DEC4FDAA} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^OSJ000^YY^DE&apn_uid=507C4DE0-FFB8-4BBB-8D3C-85C5782205FF&apn_sauid=B7BC1221-D834-478E-9363-72D6044C27DF
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxp://isearch.avg.com/search?cid={5DAC5645-8911-4FE5-B479-CE9AA19E9E4C}&mid=eba0431ce20f47d09ea8fd3fcc02af59-cc200d34b14e5459bf1ea92047f6eef29cd316c2&lang=en&ds=gf011&pr=sa&d=2012-08-28 08:35:01&v=15.2.0.5&pid=avg&sg=0&sap=dsp&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=CPNTDF
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> {F508C8AB-762D-4759-BA05-C8D219F6E582} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2012-06-14] (CANON INC.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-03-05] (AVG Secure Search)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\11.0\pdfforgeToolbarIE64.dll [2015-02-26] ()
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.3.0.885\AVG Secure Search_toolbar.dll [2015-03-05] (AVG Secure Search)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2012-06-14] (CANON INC.)
Toolbar: HKLM-x32 - No Name - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
Toolbar: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.3.0\ViProtocol.dll [2015-03-05] (AVG Secure Search)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2011-08-09] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\****\AppData\Roaming\Mozilla\Firefox\Profiles\jitqdoz9.default-1426423934191
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.3.0\\npsitesafety.dll No File
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1544451011-3975194477-2784028731-1001: @tools.google.com/Google Update;version=3 -> C:\Users\****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF Plugin HKU\S-1-5-21-1544451011-3975194477-2784028731-1001: @tools.google.com/Google Update;version=9 -> C:\Users\****\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-07] (Google Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml [2015-03-05]
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.3.0.885 [2015-03-05]
Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\****\AppData\Local\Google\Chrome\Application\23.0.1271.91\gcswf32.dll No File
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\****\AppData\Local\Google\Chrome\Application\23.0.1271.91\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\****\AppData\Local\Google\Chrome\Application\23.0.1271.91\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.0\\npsitesafety.dll (AVG Technologies)
CHR Plugin: (Java(TM) Platform SE 7 U7) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.70.10) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Plugin: (Windows Live™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\****\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Profile: C:\Users\****\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-02]
CHR Extension: (Google Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-02]
CHR Extension: (AVG Secure Search) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2012-11-08]
CHR Extension: (Gmail) - C:\Users\****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-02]
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [365568 2011-07-05] (Advanced Micro Devices, Inc.) [File not signed]
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-05] (Avira Operations GmbH & Co. KG)
S2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezSharedSvcHost.exe [514232 2010-04-23] (EasyBits Software AS) [File not signed]
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1817088 2010-12-28] (Realsil Microelectronics Inc.) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-28] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 vToolbarUpdater18.3.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\ToolbarUpdater.exe [1802776 2015-03-05] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-05] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-11-24] (Avira Operations GmbH & Co. KG)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-18] (Siliten)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-08-23] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-08-23] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-08-23] (Paragon)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 massfilter; system32\drivers\massfilter.sys [X]
S3 ZTEusbmdm6k; system32\DRIVERS\ZTEusbmdm6k.sys [X]
S3 ZTEusbnmea; system32\DRIVERS\ZTEusbnmea.sys [X]
S3 ZTEusbser6k; system32\DRIVERS\ZTEusbser6k.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-15 14:02 - 2015-03-15 14:04 - 00023817 _____ () C:\Users\****\Downloads\FRST.txt
2015-03-15 14:02 - 2015-03-15 14:03 - 00000000 ____D () C:\FRST
2015-03-15 14:02 - 2015-03-15 14:02 - 02095616 _____ (Farbar) C:\Users\****\Downloads\FRST64.exe
2015-03-15 14:00 - 2015-03-15 14:00 - 00000472 _____ () C:\Users\****\Desktop\defogger_disable.log
2015-03-15 14:00 - 2015-03-15 14:00 - 00000000 _____ () C:\Users\****\defogger_reenable
2015-03-15 13:57 - 2015-03-15 13:57 - 00050477 _____ () C:\Users\****\Downloads\Defogger.exe
2015-03-15 13:52 - 2015-03-15 13:52 - 00000000 ____D () C:\Users\****\Desktop\Alte Firefox-Daten
2015-03-05 15:46 - 2015-03-15 13:52 - 00009431 _____ () C:\Users\****\Desktop\Malwarebytes 2015-03-05.txt
2015-03-05 14:49 - 2015-03-15 13:48 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-05 14:49 - 2015-03-05 14:49 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-05 14:49 - 2015-03-05 14:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-05 14:48 - 2015-03-05 14:49 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-05 14:48 - 2015-03-05 14:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-03-05 14:48 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-05 14:48 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-05 14:48 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-05 14:45 - 2015-03-15 13:58 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2015-03-05 14:45 - 2015-03-06 21:20 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar
2015-03-05 14:37 - 2015-03-15 13:49 - 00000146 _____ () C:\Windows\setupact.log
2015-03-05 14:37 - 2015-03-05 14:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-02 17:06 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-02 17:06 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-19 11:06 - 2015-01-23 05:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-19 11:06 - 2015-01-23 05:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-19 11:06 - 2015-01-23 04:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-19 11:06 - 2015-01-23 04:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-16 12:11 - 2015-02-04 04:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-16 12:11 - 2015-02-04 04:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-16 12:11 - 2015-02-04 04:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-16 12:11 - 2015-02-04 04:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-16 12:11 - 2015-02-04 04:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-16 12:11 - 2015-02-04 04:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-16 12:11 - 2015-02-04 04:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-16 12:11 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-16 12:11 - 2015-01-10 07:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-16 12:11 - 2015-01-10 07:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-16 12:11 - 2015-01-10 07:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-16 12:11 - 2015-01-10 07:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-16 12:11 - 2015-01-10 07:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-16 12:11 - 2015-01-10 07:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-16 12:11 - 2015-01-10 07:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-16 12:11 - 2015-01-10 07:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-16 12:10 - 2015-01-14 06:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-16 12:10 - 2015-01-14 06:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-16 12:10 - 2015-01-12 04:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-16 12:10 - 2015-01-12 04:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-16 12:10 - 2015-01-12 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-16 12:10 - 2015-01-12 03:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-16 12:10 - 2015-01-12 03:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-16 12:10 - 2015-01-12 03:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-16 12:10 - 2015-01-12 03:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-16 12:10 - 2015-01-12 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-16 12:10 - 2015-01-12 03:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-16 12:10 - 2015-01-12 03:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-16 12:10 - 2015-01-12 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-16 12:10 - 2015-01-12 03:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-16 12:10 - 2015-01-12 03:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-16 12:10 - 2015-01-12 03:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-16 12:10 - 2015-01-12 03:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-16 12:10 - 2015-01-12 03:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-16 12:10 - 2015-01-12 03:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-16 12:10 - 2015-01-12 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-16 12:10 - 2015-01-12 03:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-16 12:10 - 2015-01-12 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-16 12:10 - 2015-01-12 03:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-16 12:10 - 2015-01-12 03:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-16 12:10 - 2015-01-12 03:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-16 12:10 - 2015-01-12 03:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-16 12:10 - 2015-01-12 03:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-16 12:10 - 2015-01-12 03:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-16 12:10 - 2015-01-12 03:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-16 12:10 - 2015-01-12 02:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-16 12:10 - 2015-01-12 02:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-16 12:10 - 2015-01-12 02:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-16 12:10 - 2015-01-12 02:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-16 12:10 - 2015-01-12 02:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-16 12:10 - 2015-01-12 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-16 12:10 - 2015-01-12 02:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-16 12:10 - 2015-01-12 02:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-16 12:10 - 2015-01-12 02:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-16 12:10 - 2015-01-12 02:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-16 12:10 - 2015-01-12 02:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-16 12:10 - 2015-01-12 02:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-16 12:10 - 2015-01-12 02:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-16 12:10 - 2015-01-12 02:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-16 12:10 - 2015-01-12 02:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-16 12:10 - 2015-01-12 02:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-16 12:10 - 2015-01-12 02:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-16 12:10 - 2015-01-12 02:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-16 12:10 - 2015-01-12 02:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-16 12:10 - 2015-01-12 02:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-16 12:10 - 2015-01-12 02:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-16 12:10 - 2015-01-12 01:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-16 12:10 - 2015-01-12 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-16 12:08 - 2015-01-15 09:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-16 12:08 - 2015-01-15 09:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-16 12:08 - 2015-01-15 09:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-16 12:08 - 2015-01-15 09:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-16 12:08 - 2015-01-15 09:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-16 12:08 - 2015-01-15 09:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-16 12:08 - 2015-01-15 09:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-16 12:08 - 2015-01-15 09:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-16 12:08 - 2015-01-15 09:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-16 12:08 - 2015-01-15 09:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-16 12:08 - 2015-01-15 09:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-16 12:08 - 2015-01-15 08:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-16 12:08 - 2015-01-15 08:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-16 12:08 - 2015-01-15 08:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-16 12:08 - 2015-01-15 08:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-16 12:08 - 2015-01-15 08:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-16 12:08 - 2015-01-15 08:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-16 12:08 - 2015-01-15 05:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-16 12:08 - 2015-01-13 04:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-16 12:08 - 2015-01-13 03:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-16 12:07 - 2014-12-12 06:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-16 12:07 - 2014-12-12 06:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-16 12:07 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-16 12:07 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-16 12:07 - 2014-07-07 03:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-16 12:07 - 2014-07-07 03:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-16 12:07 - 2014-07-07 02:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-16 12:07 - 2014-07-07 02:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-16 12:06 - 2015-01-14 07:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-16 12:06 - 2015-01-14 06:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-16 12:06 - 2015-01-14 06:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-16 12:06 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-16 12:06 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-16 12:05 - 2015-01-14 07:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-16 12:05 - 2015-01-14 07:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-16 12:05 - 2015-01-14 07:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-16 12:05 - 2015-01-14 06:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-16 12:04 - 2015-01-09 03:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-03-15 14:00 - 2012-05-31 20:26 - 00000000 ____D () C:\Users\****
2015-03-15 13:59 - 2013-06-01 20:38 - 01155546 _____ () C:\Windows\WindowsUpdate.log
2015-03-15 13:57 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-15 13:57 - 2009-07-14 05:45 - 00031856 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-15 13:52 - 2013-05-09 08:35 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{4B85906F-98E1-4B70-9AA7-74C90EFB8482}
2015-03-15 13:45 - 2013-06-07 19:05 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-03-15 13:45 - 2013-06-05 19:31 - 00000350 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-15 13:45 - 2013-05-23 17:52 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2015-03-15 13:45 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-06 21:20 - 2011-11-07 21:42 - 00000000 ___RD () C:\Users\Public\Recorded TV
2015-03-06 21:20 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-03-05 15:54 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-03-05 14:45 - 2014-12-30 15:17 - 00044088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2015-03-05 14:45 - 2014-12-30 15:09 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-03-05 14:45 - 2014-12-30 15:09 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-03-05 14:44 - 2014-12-30 15:02 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-05 14:44 - 2014-12-30 15:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-03-05 14:43 - 2014-12-30 15:02 - 00000000 ____D () C:\Program Files (x86)\Avira
2015-03-05 14:38 - 2012-08-28 07:34 - 00000000 ____D () C:\Program Files (x86)\AVG Secure Search
2015-03-02 17:06 - 2013-10-05 15:22 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-03-02 17:06 - 2012-06-24 18:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 16:39 - 2014-05-24 19:01 - 00000000 ____D () C:\Users\****\AppData\Local\Audible
2015-03-02 16:34 - 2012-09-02 13:22 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544451011-3975194477-2784028731-1001UA.job
2015-03-02 15:34 - 2012-09-02 13:22 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544451011-3975194477-2784028731-1001Core.job
2015-03-02 14:49 - 2014-05-15 11:29 - 00003186 _____ () C:\Windows\System32\Tasks\HPCeeScheduleFor****
2015-03-02 14:49 - 2014-05-15 11:29 - 00000332 _____ () C:\Windows\Tasks\HPCeeScheduleFor****.job
2015-03-02 14:48 - 2012-06-25 21:50 - 00000000 ____D () C:\Users\****\AppData\Local\CrashDumps
2015-02-24 10:34 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-19 09:57 - 2013-06-26 19:06 - 00347064 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-02-19 09:49 - 2014-12-13 14:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-19 09:49 - 2014-05-06 11:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-16 13:41 - 2012-06-01 20:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-02-16 13:34 - 2013-08-14 17:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-16 13:24 - 2012-06-24 20:15 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
==================== Files in the root of some directories =======
2013-06-26 19:07 - 2014-06-29 11:19 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2012-08-28 07:52 - 2012-08-28 11:09 - 0000021 _____ () C:\Users\****\AppData\Roaming\ISOWorkshop.ini
Some content of TEMP:
====================
C:\Users\****\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-02-24 10:24
==================== End Of Log ============================ --- --- ---
FRST Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by **** at 2015-03-15 14:06:00
Running from C:\Users\****\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 1.5.3.9130 - Adobe Systems Inc.)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.2.1.650 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader X (10.1.13) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.13 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5.9.620 - Adobe Systems, Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ATI Catalyst Install Manager (HKLM\...\{6153098B-60DB-6A9F-EA0F-B006A96B57D5}) (Version: 3.0.829.0 - ATI Technologies, Inc.)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 1998470398.48.56.35720562 - Audible, Inc.)
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.3.0.885 - AVG Technologies)
Avira (HKLM-x32\...\{d9ed6dcf-6bfc-4fbb-802e-81dd5b767d6e}) (Version: 1.1.32.25147 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.32.25147 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 15.0.8.650 - Avira)
Boot Media Builder for Paragon Backup and Recovery™ 11 Home (HKLM-x32\...\{9B5C65EB-A2A6-5DCD-A5BC-53A1895C8204}) (Version: 1.00.0000 - Paragon Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG3200 series Benutzerregistrierung (HKLM-x32\...\Canon MG3200 series Benutzerregistrierung) (Version: - Canon Inc.)
Canon MG3200 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3200_series) (Version: 1.01 - Canon Inc.)
Canon MG3200 series On-screen Manual (HKLM-x32\...\Canon MG3200 series On-screen Manual) (Version: 7.5.0 - Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 1.0.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 1.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.0.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Compaq Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.1.13476.3753 - Hewlett-Packard Company)
CompuPic (HKLM-x32\...\CompuPic) (Version: - )
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2515 - CyberLink Corp.)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD Copy (HKLM-x32\...\InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}) (Version: 1.5.1306 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.1.4119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
ESU for Microsoft Windows 7 SP1 (HKLM-x32\...\{E96CAA2A-0244-4A2A-8403-0C3C9534778B}) (Version: 2.1.1 - Hewlett-Packard)
Evernote v. 4.2.3 (HKLM-x32\...\{F761359C-9CED-45AE-9A51-9D6605CD55C4}) (Version: 4.2.3.22 - Evernote Corp.)
FILEminimizer Pictures (HKLM-x32\...\FILEminimizer Pictures_is1) (Version: - balesio AG)
Google Chrome (HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\...\Google Chrome) (Version: 40.0.2214.115 - Google Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KODAK Create@Home Software (für dm) (HKLM-x32\...\{33D21DE0-8363-4997-A960-E32EA9D84AB3}) (Version: 7.3.4392 - Digilabs)
Magic Desktop (HKLM-x32\...\EasyBits Magic Desktop) (Version: 3.0 - EasyBits Software AS)
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Medion Home Cinema (HKLM-x32\...\InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}) (Version: 6.0.0000 - CyberLink Corp.)
Medion Home Cinema (x32 Version: 6.0.0000 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 35.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0.1 (x86 de)) (Version: 35.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Netzwerkhandbuch EPSON XP-302 303 305 306 Series (HKLM-x32\...\EPSON XP-302 303 305 306 Series Netg) (Version: - )
Paragon Backup and Recovery™ 11 Home (HKLM-x32\...\{485DF5E7-8379-4BFA-BAE1-9B8DBFE0D6B4}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v11.0 (HKLM-x32\...\{9C131BA5-223C-4856-B0D2-826775A2BA6E}) (Version: 11.0 - Spigot, Inc.) <==== ATTENTION
PHOTO Evolution PRO (HKLM-x32\...\{4DBEC42D-E6F8-4BC1-A2BD-12D2A6D3F3F3}_is1) (Version: - Franzis Verlag)
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}) (Version: 3.02.01.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.42.304.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6287 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.77 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 2.0.0 - Hewlett-Packard) Hidden
Reveal 1.2 (HKLM-x32\...\Reveal_1.2) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Software Updater (HKLM-x32\...\{A737E18A-5171-40D0-8034-7DD243420081}) (Version: 4.1.1 - SEIKO EPSON CORPORATION)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.29.0 - Synaptics Incorporated)
Unlocker 1.9.0-x64 (HKLM\...\Unlocker) (Version: 1.9.0 - Cedrick Collomb)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Mesh ActiveX control for remote connections (HKLM-x32\...\{C5398A89-516C-4DAF-BA07-EE7949090E56}) (Version: 15.4.5722.2 - Microsoft Corporation)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1544451011-3975194477-2784028731-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\****\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
==================== Restore Points =========================
29-01-2015 15:13:12 Windows Update
06-02-2015 12:42:56 Windows Update
10-02-2015 13:12:00 Windows Update
16-02-2015 11:58:20 Windows Update
16-02-2015 13:20:02 Windows Update
22-02-2015 14:51:50 Windows Update
02-03-2015 14:27:42 Windows Update
02-03-2015 17:06:22 Windows Update
05-03-2015 14:58:38 Windows Update
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C4AC2AB-F19E-47FA-B0C1-F623AC42A993} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-06-15] (CyberLink)
Task: {1FCB485B-F56D-4CF1-B411-72ADEE68CFCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {23C47CB7-4B7C-4CE3-BB20-43D8B8DEAEAF} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{D2D21822-E4CD-42AA-AF7B-9DA2D55B821C}.exe
Task: {3EF895A6-81DE-43C1-8173-1E155D069DC9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe
Task: {4C08FDCC-2F91-41E6-B58E-C9EE9BD240D0} - System32\Tasks\HPCeeScheduleFor**** => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13] (Hewlett-Packard)
Task: {4D0F4783-9CF2-4C17-8017-1869B287279D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {570DA36F-EEEC-452C-B015-8A606D008DCB} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(Yes) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {60AFA18A-8357-474B-B7C9-42CDF0610AE0} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1544451011-3975194477-2784028731-1001UA => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {80B59B5A-AA0B-4367-A460-FC4534EA60F5} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {943711D3-3648-4131-9B86-4D935976DED8} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {A4482426-EE58-4DF8-B204-FE513B064F67} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe
Task: {AB288D5C-64BB-44F2-A514-72573254ED0B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1544451011-3975194477-2784028731-1001Core => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-02] (Google Inc.)
Task: {BE631227-8CD4-4CDC-8999-EF14D355F7A1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Warranty Opt-In(No) => c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\Detection_PostWarrantyAlert.exe
Task: {C7A5B382-369F-4924-9FA1-F7B93F56E3FB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {CB3F7F4F-5B7B-46EC-BBFF-609BF8F8EC0F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)
Task: {E377D9C3-B0B7-4D7B-B782-EDA8293D21F0} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{9947737E-416C-493F-B34B-7A3794001960}.exe
Task: {E9CBC81B-C735-477E-885C-D6BA781FA75A} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{D2D21822-E4CD-42AA-AF7B-9DA2D55B821C}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{9947737E-416C-493F-B34B-7A3794001960}.exe <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544451011-3975194477-2784028731-1001Core.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1544451011-3975194477-2784028731-1001UA.job => C:\Users\****\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleFor****.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
==================== Loaded Modules (whitelisted) ==============
2012-09-04 11:05 - 2005-03-12 00:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2010-07-15 05:44 - 2010-07-15 05:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2011-07-05 11:27 - 2011-07-05 11:27 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-08-28 07:34 - 2015-03-05 14:38 - 02503704 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2013-10-05 15:42 - 2012-03-28 13:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-03-05 14:38 - 2015-03-05 14:38 - 00159768 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\loggingserver.exe
2014-12-12 23:24 - 2014-12-12 23:24 - 00047104 _____ () C:\Program Files\CCleaner\lang\lang-1031.dll
2011-07-05 11:27 - 2011-07-05 11:27 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2011-07-05 11:13 - 2011-07-05 11:13 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-06-17 13:42 - 2011-06-17 13:42 - 00016384 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2015-03-05 14:38 - 2015-03-05 14:38 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.3.0\log4cplusU.dll
2009-11-02 13:20 - 2009-11-02 13:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-02 13:23 - 2009-11-02 13:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2015-01-29 16:28 - 2015-01-29 16:28 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2015-02-06 14:06 - 2015-02-06 14:06 - 16852144 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1544451011-3975194477-2784028731-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\****\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: ccleaner => "C:\EXTRAS\ccleaner_portable_3.20\CCleaner64.exe" /AUTO
MSCONFIG\startupreg: Easybits Recovery => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
MSCONFIG\startupreg: SetDefault => C:\Program Files\Hewlett-Packard\HP LaunchBox\SetDefault.exe
MSCONFIG\startupreg: vProt => "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-1544451011-3975194477-2784028731-500 - Administrator - Disabled)
Gast (S-1-5-21-1544451011-3975194477-2784028731-501 - Limited - Disabled)
**** (S-1-5-21-1544451011-3975194477-2784028731-1001 - Administrator - Enabled) => C:\Users\****
HomeGroupUser$ (S-1-5-21-1544451011-3975194477-2784028731-1003 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (03/15/2015 01:46:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2015 03:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2015 02:39:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2015 03:29:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (03/02/2015 03:27:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (03/02/2015 02:30:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm CCleaner64.exe, Version 5.1.0.5075 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 42c
Startzeit: 01d054eb91899ea7
Endzeit: 265
Anwendungspfad: C:\Program Files\CCleaner\CCleaner64.exe
Berichts-ID: 22d09b76-c0e0-11e4-9bf0-2c768ae646aa
Error: (03/02/2015 02:12:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: CNQMUPDT.EXE, Version: 2.0.0.0, Zeitstempel: 0x4f7a7000
Name des fehlerhaften Moduls: CNMDWLD.DLL, Version: 1.0.0.0, Zeitstempel: 0x4f5eedc8
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000023c6
ID des fehlerhaften Prozesses: 0xf18
Startzeit der fehlerhaften Anwendung: 0xCNQMUPDT.EXE0
Pfad der fehlerhaften Anwendung: CNQMUPDT.EXE1
Pfad des fehlerhaften Moduls: CNQMUPDT.EXE2
Berichtskennung: CNQMUPDT.EXE3
Error: (03/02/2015 02:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 10:26:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
System errors:
=============
Error: (03/15/2015 01:51:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (03/15/2015 01:51:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (03/15/2015 01:51:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (03/15/2015 01:51:13 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (03/15/2015 01:51:13 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (03/15/2015 01:51:13 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (03/15/2015 01:51:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet:
%%-2140993535
Error: (03/15/2015 01:51:06 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:
%%-2140993535
Error: (03/15/2015 01:51:06 PM) (Source: PNRPSvc) (EventID: 102) (User: )
Description: 0x80630801
Error: (03/15/2015 01:46:34 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Microsoft Office Sessions:
=========================
Error: (03/15/2015 01:46:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2015 03:53:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/05/2015 02:39:11 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (03/02/2015 03:29:53 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
Error: (03/02/2015 03:27:58 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Program Files (x86)\EPSON Software\Download Navigator\EPSDNAVI.EXE
Error: (03/02/2015 02:30:03 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: CCleaner64.exe5.1.0.507542c01d054eb91899ea7265C:\Program Files\CCleaner\CCleaner64.exe22d09b76-c0e0-11e4-9bf0-2c768ae646aa
Error: (03/02/2015 02:12:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: CNQMUPDT.EXE2.0.0.04f7a7000CNMDWLD.DLL1.0.0.04f5eedc8c0000005000023c6f1801d054ea3c1eb2fbC:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXEC:\Program Files (x86)\Canon\Quick Menu\CNMDWLD.DLLb60dfd7c-c0dd-11e4-9bf0-2c768ae646aa
Error: (03/02/2015 02:11:29 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 05:16:47 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/24/2015 10:26:18 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestc:\program files\CCleaner\CCleaner.exe
==================== Memory info ===========================
Processor: AMD E-300 APU with Radeon(tm) HD Graphics
Percentage of memory in use: 70%
Total physical RAM: 3690.91 MB
Available physical RAM: 1106.86 MB
Total Pagefile: 7380 MB
Available Pagefile: 3961.17 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:278.51 GB) (Free:209.6 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (Recovery) (Fixed) (Total:15.42 GB) (Free:1.68 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:3.96 GB) (Free:3.27 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: F2DC90A7)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=278.5 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.4 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=4 GB) - (Type=0C)
==================== End Of Log ============================ GMER Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-03-15 14:27:20
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000066 Hitachi_ rev.ES2O 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\****\AppData\Local\Temp\ugtiqpob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075721401 2 bytes JMP 74f9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075721419 2 bytes JMP 74f9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075721431 2 bytes JMP 75018ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007572144a 2 bytes CALL 74f748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757214dd 2 bytes JMP 750187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757214f5 2 bytes JMP 75018978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007572150d 2 bytes JMP 75018698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075721525 2 bytes JMP 75018a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007572153d 2 bytes JMP 74f8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075721555 2 bytes JMP 74f968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007572156d 2 bytes JMP 75018f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075721585 2 bytes JMP 75018ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007572159d 2 bytes JMP 7501865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757215b5 2 bytes JMP 74f8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757215cd 2 bytes JMP 74f9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757216b2 2 bytes JMP 75018e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\AVG Secure Search\vprot.exe[2388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757216bd 2 bytes JMP 750185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075721401 2 bytes JMP 74f9b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075721419 2 bytes JMP 74f9b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075721431 2 bytes JMP 75018ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007572144a 2 bytes CALL 74f748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757214dd 2 bytes JMP 750187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757214f5 2 bytes JMP 75018978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007572150d 2 bytes JMP 75018698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075721525 2 bytes JMP 75018a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007572153d 2 bytes JMP 74f8fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075721555 2 bytes JMP 74f968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007572156d 2 bytes JMP 75018f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075721585 2 bytes JMP 75018ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007572159d 2 bytes JMP 7501865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757215b5 2 bytes JMP 74f8fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757215cd 2 bytes JMP 74f9b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757216b2 2 bytes JMP 75018e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE[2428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757216bd 2 bytes JMP 750185f1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075721401 2 bytes JMP 74f9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075721419 2 bytes JMP 74f9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075721431 2 bytes JMP 75018ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007572144a 2 bytes CALL 74f748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757214dd 2 bytes JMP 750187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757214f5 2 bytes JMP 75018978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007572150d 2 bytes JMP 75018698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075721525 2 bytes JMP 75018a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007572153d 2 bytes JMP 74f8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075721555 2 bytes JMP 74f968ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007572156d 2 bytes JMP 75018f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075721585 2 bytes JMP 75018ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007572159d 2 bytes JMP 7501865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757215b5 2 bytes JMP 74f8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757215cd 2 bytes JMP 74f9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757216b2 2 bytes JMP 75018e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\ezSharedSvcHost.exe[2560] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757216bd 2 bytes JMP 750185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075721401 2 bytes JMP 74f9b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075721419 2 bytes JMP 74f9b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075721431 2 bytes JMP 75018ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007572144a 2 bytes CALL 74f748ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000757214dd 2 bytes JMP 750187a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000757214f5 2 bytes JMP 75018978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007572150d 2 bytes JMP 75018698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075721525 2 bytes JMP 75018a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007572153d 2 bytes JMP 74f8fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075721555 2 bytes JMP 74f968ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007572156d 2 bytes JMP 75018f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075721585 2 bytes JMP 75018ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007572159d 2 bytes JMP 7501865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000757215b5 2 bytes JMP 74f8fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000757215cd 2 bytes JMP 74f9b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000757216b2 2 bytes JMP 75018e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe[3040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000757216bd 2 bytes JMP 750185f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075721401 2 bytes JMP 74f9b21b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075721419 2 bytes JMP 74f9b346 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075721431 2 bytes JMP 75018ea9 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 000000007572144a 2 bytes CALL 74f748ad C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000757214dd 2 bytes JMP 750187a2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000757214f5 2 bytes JMP 75018978 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 000000007572150d 2 bytes JMP 75018698 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075721525 2 bytes JMP 75018a62 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 000000007572153d 2 bytes JMP 74f8fca8 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075721555 2 bytes JMP 74f968ef C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 000000007572156d 2 bytes JMP 75018f61 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075721585 2 bytes JMP 75018ac2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 000000007572159d 2 bytes JMP 7501865c C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000757215b5 2 bytes JMP 74f8fd41 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000757215cd 2 bytes JMP 74f9b2dc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000757216b2 2 bytes JMP 75018e24 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe[4984] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000757216bd 2 bytes JMP 750185f1 C:\Windows\syswow64\KERNEL32.dll
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1EAB7F3-7C6E-C36A-FEC1-25F15DD25502}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{D1EAB7F3-7C6E-C36A-FEC1-25F15DD25502}@jadmifokeehbniegchpm 0x6D 0x61 0x64 0x6F ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ---- Tausend Dank schon mal! |