mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 18.03.2015
Suchlauf-Zeit: 20:56:43
Logdatei: mbam log.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2015.03.18.06
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: mmmurpark
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 372614
Verstrichene Zeit: 27 Min, 53 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 7
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [946aeb5b18722d09c0ce1712db2804fc],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [946aeb5b18722d09c0ce1712db2804fc],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, In Quarantäne, [946aeb5b18722d09c0ce1712db2804fc],
PUP.Optional.GetNow.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\GamesAppIntegrationService, In Quarantäne, [946aeb5b18722d09c0ce1712db2804fc],
PUP.Optional.GetNow.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, In Quarantäne, [946aeb5b18722d09c0ce1712db2804fc],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4276475938-3837995224-2700496704-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Löschen bei Neustart, [a45ac87e6f1b71c59a9b988b1be8f50b],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [0af4ff47f496b482acb574688b78768a],
Registrierungswerte: 1
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [0af4ff47f496b482acb574688b78768a]
Registrierungsdaten: 1
PUP.Optional.Conduit, HKU\S-1-5-21-4276475938-3837995224-2700496704-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476&UP=SP3E7A4BD6-209F-48EC-87F7-815CEDABE8C3&SSPV=SP2151_sp_ie, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com?SearchSource=10&ctid=CT2736476&UP=SP3E7A4BD6-209F-48EC-87F7-815CEDABE8C3&SSPV=SP2151_sp_ie),Löschen bei Neustart,[d32bb096ddad41f57ea7eb022ed7f60a]
Ordner: 8
PUP.Optional.OpenCandy, C:\Users\mmmurpark\AppData\Roaming\OpenCandy, In Quarantäne, [b24cd274fb8fbb7b3273b5bbb64d42be],
PUP.Optional.OpenCandy, C:\Users\mmmurpark\AppData\Roaming\OpenCandy\EB7D4915F6D046F78E21A0EEF1AC38DA, In Quarantäne, [b24cd274fb8fbb7b3273b5bbb64d42be],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\UI, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\avaxvyyvyf, In Quarantäne, [fe00a6a03b4f979f0c0a01a8cf344db3],
Dateien: 16
PUP.Optional.GetNow.A, C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe, In Quarantäne, [946aeb5b18722d09c0ce1712db2804fc],
PUP.Optional.Conduit.A, C:\Users\mmmurpark\AppData\Roaming\OpenCandy\EB7D4915F6D046F78E21A0EEF1AC38DA\sp-downloader.exe, In Quarantäne, [df1fbd8982089c9a4f2af454c23f51af],
PUP.Optional.OpenCandy, C:\Users\mmmurpark\Downloads\DTLite4491-0356.exe, In Quarantäne, [a35bbf87eaa0122472f346ceff076898],
PUP.OfferBundler.ST, C:\Users\mmmurpark\Downloads\SoftonicDownloader_fuer_artistic-font-collection.exe, In Quarantäne, [14ea281e1b6ffa3c2bbce9cdaa5606fa],
PUP.Optional.Softonic.A, C:\Users\mmmurpark\Downloads\SoftonicDownloader_fuer_easy-cd-da-extractor.exe, In Quarantäne, [e01ef4521b6f1224f40b9bb04fb22fd1],
PUP.Optional.Softonic, C:\Users\mmmurpark\Downloads\SoftonicDownloader_fuer_streamripper.exe, In Quarantäne, [e915a0a638524fe7881de050659c8f71],
PUP.Optional.Softonic.A, C:\Users\mmmurpark\Downloads\SoftonicDownloader_fuer_tropico-4.exe, In Quarantäne, [0cf278ce3d4d112506f993b846bba25e],
PUP.Optional.SearchProtect, C:\Windows\AppPatch\Custom\Custom64\{cf2797aa-b7ec-e311-8ed9-005056c00008}.sdb, In Quarantäne, [c93597af5f2bee48ddc60632a065a35d],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [cf2fe1658cfe3bfb366be69f3ec5867a],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\avaxvyyvyf\pvpqbjobmlpfqlovvawq, In Quarantäne, [fe00a6a03b4f979f0c0a01a8cf344db3],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\avaxvyyvyf\rfobmlpfqlovvawq, In Quarantäne, [fe00a6a03b4f979f0c0a01a8cf344db3],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\avaxvyyvyf\rpboobmlpfqlovvawq, In Quarantäne, [fe00a6a03b4f979f0c0a01a8cf344db3],
PUP.Optional.SearchProtect.A, C:\Users\mmmurpark\AppData\Local\avaxvyyvyf\stb.dat, In Quarantäne, [fe00a6a03b4f979f0c0a01a8cf344db3],
PUP.Optional.Trovi.A, C:\Users\mmmurpark\AppData\Roaming\Mozilla\Firefox\Profiles\tqweru2j.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M6E1C784E-F336-445E-B0DF-10132CB166CF&SearchSource=69&CUI=&SSPV=SP2151_sp_ff&Lay=1&UM=5&UP=SP3E7A4BD6-209F-48EC-87F7-815CEDABE8C3");), Ersetzt,[fe00f353f49637ffc8853eed12f4a060]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Code:
# AdwCleaner v4.112 - Bericht erstellt 18/03/2015 um 21:37:08
# Aktualisiert 09/03/2015 von Xplode
# Datenbank : 2015-03-15.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : mmmurpark - LAPTOP
# Gestarted von : C:\Users\mmmurpark\Desktop\AdwCleaner_4.112.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Users\mmmurpark\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\mmmurpark\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\mmmurpark\AppData\Local\pdfforge
Ordner Gelöscht : C:\Users\mmmurpark\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\mmmurpark\AppData\Roaming\pdfforge
***** [ Geplante Tasks ] *****
Task Gelöscht : avayvaxvaa
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2736476
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SPPDCOM
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:8123;hxxps=127.0.0.1:8123;socks=127.0.0.1:1080
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.18751
-\\ Mozilla Firefox v36.0.1 (x86 de)
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.2736476a129652188678262596000000paramsGK1", "{\"updateReqTime\":1326396880404,\"updateRespTime\":1326396880971,\"data\":{\"settings\":{\"icon\":\"hxxp://storage.conduit.com/bankim[...]
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.installId", "ConduitNSISIntegration");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.installType", "ConduitXPEIntegration");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.smartbar.CTID", "CT2736476");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.smartbar.Uninstall", "0");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.smartbar.homepage", true);
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.smartbar.isHidden", false);
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.smartbar.toolbarName", "Freeware.de ");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("CT2736476.smartbar.userID", "UN71080270194978170");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2736476&SearchSource=13");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "Freeware.de Customized Web Search");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2736476&SearchSource=2&q=");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.installed", "[\"safesearch\"]");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("avira.safe_search.prev_newtab", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M6E1C784E-F336-445E-B0DF-10132CB166CF&SearchSource=69&CUI=&SSPV=SP2151_sp_ff&Lay=1&UM=5[...]
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("browser.newtab.url", "hxxp://www.trovi.com/?gd=&ctid=CT3325585&octid=EB_ORIGINAL_CTID&ISID=M6E1C784E-F336-445E-B0DF-10132CB166CF&SearchSource=69&CUI=&SSPV=SP2151_sp_ff&Lay=1&UM=5&UP=SP3E7A4[...]
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147a5bb9fa21d6-07f023534dc5f48-42504136-0-147a5bb9fa3342\"");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_expires_at", "1426710212");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_rndsnr", "\"18404557e39f2b79f705d15caf506141b829303d\"");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_userid", "4222645275");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.SAUTH_utoken", "\"51d0fdbbc23ec372f663b41575987899a998ed25\"");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.safesearch.install", "1407234842535");
[tqweru2j.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\mmmurpark\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tqweru2j.default\\\\extensions\\\\abs[...]
*************************
AdwCleaner[R0].txt - [5245 Bytes] - [18/03/2015 21:35:13]
AdwCleaner[S0].txt - [5277 Bytes] - [18/03/2015 21:37:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5336 Bytes] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.5 (03.17.2015:1)
OS: Windows 7 Home Premium x64
Ran by mmmurpark on 18.03.2015 at 21:45:10,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{04672B20-9AC3-4AB1-8BD4-CB59BA318F6B}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{1B2D6D44-29EB-43D3-A6B8-2309A40FFADB}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{25C9740A-2E0B-44D7-A7FA-17DB5B172ECD}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{30139B00-8838-47FF-94A5-6A3103B5F8E8}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{32F48A63-9D08-434A-A8E3-6BD9C845A482}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{3587F46A-3CB3-46E7-8E24-80D11962C51E}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{396122B6-E6E9-418A-BE1A-CD23FA5770E8}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{48440CF8-9635-47EC-BD72-2AB2C2851F73}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{58D48B29-5B8C-42C2-9A9B-EF0E30EE5E60}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{6D8864F2-97F9-4646-ACCD-78202A3B5F28}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{8AE32177-2522-4DE3-8FBE-65FDECCF24F7}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{9C30F9BD-6740-48CD-8C52-8C7EA7D51B6C}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{9C35FD65-F009-40EA-BD47-E91DDB8341EF}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{9FEE32A0-509F-4153-8034-CE91B7E13B9A}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{AA445830-D1E5-48E4-81F8-4E03484A7F43}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{AA8844FB-580D-4182-A155-D43C077F1EF9}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{B8B665AC-DAEB-4226-80D3-BA30B10B17AC}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{BDA39F9D-F546-48FB-BABF-9838F9B32A9E}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{C540839C-8FEC-477D-B0E6-56D006CA507D}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{CFBA9D29-6285-4710-A48C-6692B4BBACAB}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{E91959FA-6E39-4A05-BD5C-1EFFE582B308}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{F5E82225-D317-4758-A2FB-1C7C774214A8}
Successfully deleted: [Empty Folder] C:\Users\mmmurpark\appdata\local\{F898441B-E1E7-4C59-853F-44C7C340FE85}
~~~ FireFox
Successfully deleted: [File] C:\Users\mmmurpark\AppData\Roaming\mozilla\firefox\profiles\tqweru2j.default\searchplugins\avira-safesearch.xml
Successfully deleted: [Folder] C:\Users\mmmurpark\AppData\Roaming\mozilla\firefox\profiles\tqweru2j.default\smartbar
Successfully deleted: [Folder] C:\Users\mmmurpark\AppData\Roaming\mozilla\firefox\profiles\tqweru2j.default\extensions\safesearch@avira.com
Successfully deleted: [Folder] C:\Users\mmmurpark\AppData\Roaming\mozilla\firefox\profiles\tqweru2j.default\extensions\toolbar@gmx.net
Successfully deleted the following from C:\Users\mmmurpark\AppData\Roaming\mozilla\firefox\profiles\tqweru2j.default\prefs.js
user_pref("CT2736476.1000082.currentList", "[{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive.net/california.asx\",\"description\":\"California Rock - Rock\",\"text\"
user_pref("CT2736476.1000082.isPlayDisplay", "true");
user_pref("CT2736476.1000082.localStations", "[{\"stationId\":\"9962\",\"url\":\"hxxp://feedlive.net/california.asx\",\"description\":\"California Rock\",\"text\":\"Californi.
user_pref("CT2736476.1000082.nowPlaying", "{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive.net/california.asx\",\"description\":\"California Rock - Rock\",\"text\":\
user_pref("CT2736476.1000082.publisherStations", "[{\"stationId\":\"21930450\",\"url\":\"hxxp://www.feedlive.net/california.asx\",\"description\":\"California Rock - Rock\",\"
user_pref("CT2736476.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.
user_pref("CT2736476.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2736476.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2736476.autoDisableScopes", -1);
user_pref("CT2736476.browser.search.defaultthis.engineName", true);
user_pref("CT2736476.defaultSearch", "true");
user_pref("CT2736476.defaultSearchDisplayName", "");
user_pref("CT2736476.defaultSearchUrl", "");
user_pref("CT2736476.enableAlerts", "always");
user_pref("CT2736476.enableFix404", "true");
user_pref("CT2736476.enableSearchFromAddressBar", "true");
user_pref("CT2736476.firstTimeDialogOpened", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
user_pref("CT2736476.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2736476.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
user_pref("CT2736476.keyword", true);
user_pref("CT2736476.openThankYouPage", "false");
user_pref("CT2736476.openUninstallPage", "true");
user_pref("CT2736476.search.searchAppId", "129257551953665476");
user_pref("CT2736476.search.searchCount", "0");
user_pref("CT2736476.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"3\"}");
user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2736476\"}");
user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreewaredeToolbar.OurToolbar.com//xpi\"}");
user_pref("CT2736476.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Freeware.de\"}");
user_pref("CT2736476.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
user_pref("CT2736476.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1326396878308");
user_pref("CT2736476.serviceLayer_services_appTracking_lastUpdate", "1326396879353");
user_pref("CT2736476.serviceLayer_services_appsMetadata_lastUpdate", "1326396878194");
user_pref("CT2736476.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1326396878581");
user_pref("CT2736476.serviceLayer_services_login_10.6.0.900_lastUpdate", "1326396880281");
user_pref("CT2736476.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1326396878651");
user_pref("CT2736476.serviceLayer_services_serviceMap_lastUpdate", "1326396877743");
user_pref("CT2736476.serviceLayer_services_toolbarContextMenu_lastUpdate", "1326396878600");
user_pref("CT2736476.serviceLayer_services_toolbarSettings_lastUpdate", "1326396877882");
user_pref("CT2736476.serviceLayer_services_translation_lastUpdate", "1326396878670");
user_pref("CT2736476.settingsINI", true);
user_pref("CT2736476.shouldFirstTimeDialog", "false");
user_pref("CT2736476.toolbarBornServerTime", "12-01-2012");
user_pref("avira.safe_search.installed", "[\"safesearch\"]");
user_pref("avira.safe_search.search_was_active", "false");
user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-
user_pref("extensions.bootstrappedAddons", "{\"{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\":{\"version\":\"2.6.8\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\mmmurpark
user_pref("extensions.safesearch.MP_DISTINCT_ID", "\"147a5bb9fa21d6-07f023534dc5f48-42504136-0-147a5bb9fa3342\"");
user_pref("extensions.safesearch.SAUTH_expires_at", "1427316102");
user_pref("extensions.safesearch.SAUTH_rndsnr", "\"72f936d5c9be631b2cfd5cdaaa1718ce5f5cd3e3\"");
user_pref("extensions.safesearch.SAUTH_userid", "5949476809");
user_pref("extensions.safesearch.SAUTH_utoken", "\"13931cc2939068189e817c1b3642ee2cc46d8bfd\"");
user_pref("extensions.safesearch.install", "1426711301360");
user_pref("extensions.xpiState", "{\"app-profile\":{\"abs@avira.com\":{\"d\":\"C:\\\\Users\\\\mmmurpark\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\tqweru2j.def
Emptied folder: C:\Users\mmmurpark\AppData\Roaming\mozilla\firefox\profiles\tqweru2j.default\minidumps [335 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2015 at 21:48:10,56
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ frst ist zu lang, kommt im nächsten post
frst Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by mmmurpark (administrator) on LAPTOP on 18-03-2015 21:49:49
Running from C:\Users\mmmurpark\Downloads
Loaded Profiles: mmmurpark (Available profiles: mmmurpark)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Acer Incorporated) C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerEvent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 3520 series\Bin\HPNetworkCommunicator.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11785832 2011-03-10] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2588968 2010-11-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-07-29] (Adobe Systems Incorporated)
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [Power Management] => C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerTray.exe [1831528 2011-05-10] (Acer Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703280 2015-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [127792 2015-02-12] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-05-15] (Apple Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-24] (Advanced Micro Devices, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4276475938-3837995224-2700496704-1000\...\Run: [HP Deskjet 3520 series (NET)] => C:\Program Files\HP\HP Deskjet 3520 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-4276475938-3837995224-2700496704-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Packard Bell.scr [456224 2010-07-29] ()
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\mmmurpark\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\mmmurpark\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\mmmurpark\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\mmmurpark\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\mmmurpark\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\mmmurpark\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\mmmurpark\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4276475938-3837995224-2700496704-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4276475938-3837995224-2700496704-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKU\S-1-5-21-4276475938-3837995224-2700496704-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL No File
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
FireFox:
========
FF ProfilePath: C:\Users\mmmurpark\AppData\Roaming\Mozilla\Firefox\Profiles\tqweru2j.default
FF DefaultSearchEngine: Google
FF SelectedSearchEngine: Wikipedia (de)
FF Homepage: hxxp://www.gmx.at/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll [2012-10-04] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @ganymede/GanymedeNetPlugin,version=1.0 -> C:\Program Files (x86)\Ganymede\Plugins\npganymedenet.dll [2011-08-30] ( )
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\new_plugin\npjp2.dll No File
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-28] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2015-02-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npganymedenet.dll [2011-08-30] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Extension: Avira Browser Safety - C:\Users\mmmurpark\AppData\Roaming\Mozilla\Firefox\Profiles\tqweru2j.default\Extensions\abs@avira.com [2015-03-09]
FF Extension: Adblock Plus - C:\Users\mmmurpark\AppData\Roaming\Mozilla\Firefox\Profiles\tqweru2j.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-10-05]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2015-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-03-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-03-09]
FF Extension: No Name - C:\Users\mmmurpark\AppData\Roaming\Mozilla\Firefox\Profiles\tqweru2j.default\extensions\toolbar@gmx.net [Not Found]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2015-03-11] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [184056 2015-02-12] (Avira Operations GmbH & Co. KG)
R2 ePowerSvc; C:\Program Files\Packard Bell\Packard Bell Power Management\ePowerSvc.exe [872552 2011-05-10] (Acer Incorporated)
R2 GREGService; C:\Program Files (x86)\Packard Bell\Registration\GREGsvc.exe [39528 2011-01-18] (Acer Incorporated)
S3 IEEtwCollectorService; C:\Windows\system32\IEEtwCollector.exe [114688 2015-02-20] (Microsoft Corporation) [File not signed]
S2 Live Updater Service; C:\Program Files\Packard Bell\Packard Bell Updater\UpdaterService.exe [244624 2011-04-22] (Acer Incorporated)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132120 2015-03-11] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
R0 PxHlpa64; C:\Windows\SysWOW64\Drivers\PxHlpa64.sys [26720 2004-09-23] (Sonic Solutions) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) |