Kaja Papaya | 04.04.2015 16:02 | Oki doki
Hier kommen die neuen logs. Vielen Dank für's Anschauen :) Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 07.12.2014
Suchlauf-Zeit: 23:12:04
Logdatei: Mbam.txt
Administrator: Ja
Version: 2.00.4.1028
Malware Datenbank: v2014.12.07.10
Rootkit Datenbank: v2014.12.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: main
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 312763
Verstrichene Zeit: 17 Min, 7 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 19
PUP.Optional.ClickCaption.A, HKLM\SOFTWARE\WOW6432NODE\ClickCaption_1.10.0.2, In Quarantäne, [34d2233db4c890a630f9af9d0003f709],
PUP.Optional.InstallCore.A, HKLM\SOFTWARE\WOW6432NODE\INSTALLCORE\WSE_Vosteran, In Quarantäne, [b650d68a57258fa7b09384cd6a9914ec],
PUP.Optional.ClickCaption.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ccnfd_1_10_0_2, In Quarantäne, [04026df3fd7f2f074add3c10de2504fc],
PUP.Optional.1ClickDownload.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\1ClickDownload, In Quarantäne, [e6205c04631965d154b7e5bba75d1fe1],
PUP.Optional.DigitalSites.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DSiteproducts, In Quarantäne, [e323a4bc2f4dd462277277502bd9857b],
PUP.Optional.Softonic.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, In Quarantäne, [778f67f92c50053189449daaec1701ff],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\wse_vosteran, In Quarantäne, [d92d213fc5b746f04e46a81f38cc738d],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, In Quarantäne, [7d893828ec9050e69405d8b08182d52b],
PUP.Optional.InstallCore.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, In Quarantäne, [38ce9ec2f4880234318abfdf56aeb54b],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{7041156A-0D2B-4DCD-A8EE-D0608BFCB2D0}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9B41579A-1996-42F9-8F84-7B7786818CEF}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E2343056-CC08-46AC-B898-BFC7ACF4E755}, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.CouponFactor.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{37476589-E48E-439E-A706-56189E2ED4C4}_is1, In Quarantäne, [8086dc84f08c79bd6fb578c8e81b659b],
PUP.Optional.Movie2kDownloader.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\1ClickDownload, In Quarantäne, [a0669cc4ee8ebb7ba62f91b5b25102fe],
Registrierungswerte: 2
PUP.Optional.ClickCaption.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{190bc294-c8e5-471c-9466-3eb945b09542}, C:\Program Files (x86)\Mozilla Firefox\extensions\{190bc294-c8e5-471c-9466-3eb945b09542}, In Quarantäne, [a660db8565172e08ce5c2329a0639967]
PUP.Optional.InstallCore.A, HKU\S-1-5-21-20707334-2862616035-3361723143-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, zr2X2X1G1S1F2V1S2Q0V, In Quarantäne, [38ce9ec2f4880234318abfdf56aeb54b]
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 11
Rogue.Multiple, C:\ProgramData\374311380, In Quarantäne, [1bebf868b8c47cba627628dea55e6d93],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.DealsFinderPro.A, C:\ProgramData\DealsFinderPro, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.CouponFactor.A, C:\ProgramData\CouponFactor, In Quarantäne, [8086dc84f08c79bd6fb578c8e81b659b],
PUP.Optional.ClickCaption.A, C:\Program Files (x86)\ClickCaption_1.10.0.2, In Quarantäne, [a95df967285458decc6e9ca82ed544bc],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\icons_3.6.2.0, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\UpdateProc, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\bh, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Movie2kDownloader.A, C:\Program Files (x86)\Movie2KDownloader.com, In Quarantäne, [a0669cc4ee8ebb7ba62f91b5b25102fe],
Dateien: 26
PUP.Optional.MultiPlug, C:\ProgramData\DealsFinderPro\Q8XnzBlydDsOBI.dll, In Quarantäne, [986e5907621aca6c3b0b4d75b051649c],
PUP.Optional.MultiPlug, C:\ProgramData\DealsFinderPro\Q8XnzBlydDsOBI.x64.dll, In Quarantäne, [2dd961ffceaec57116305270f01146ba],
PUP.Optional.InstallCore, C:\Users\main\Downloads\PdfCreatorSetup.exe, In Quarantäne, [cc3a3f213646ee48b0d974e23ec7f709],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\searchplugins\Vosteran.xml, In Quarantäne, [788efa66f18b43f34750fbcce51f43bd],
Rogue.Multiple, C:\ProgramData\374311380\BITFE6E.tmp, In Quarantäne, [1bebf868b8c47cba627628dea55e6d93],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc\bkup.dat, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc\config.dat, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc\info.dat, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc\prod.dat, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc\STTL.DAT, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.Updater.A, C:\Users\main\AppData\Roaming\DigitalSites\UpdateProc\TTL.DAT, In Quarantäne, [aa5c94ccdaa20234a42b0330ba49de22],
PUP.Optional.DealsFinderPro.A, C:\ProgramData\DealsFinderPro\Q8XnzBlydDsOBI.dat, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.DealsFinderPro.A, C:\ProgramData\DealsFinderPro\Q8XnzBlydDsOBI.tlb, In Quarantäne, [34d283dd5b2150e6a45dd368d92a26da],
PUP.Optional.CouponFactor.A, C:\ProgramData\CouponFactor\CouponFactor.exe, In Quarantäne, [8086dc84f08c79bd6fb578c8e81b659b],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\UpdateProc\bkup.dat, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\UpdateProc\config.dat, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\UpdateProc\info.dat, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\UpdateProc\STTL.DAT, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Users\main\AppData\Roaming\WSE_Vosteran\UpdateProc\TTL.DAT, In Quarantäne, [7294c39d84f853e3033b85c03cc70ef2],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\astcnfg.dat, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\FavIcon.ico, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\Sqlite3.dll, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\uninst.dat, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Vosteran.A, C:\Program Files (x86)\WSE_Vosteran\uninstall.exe, In Quarantäne, [f0164917443839fddf61fe47e023ac54],
PUP.Optional.Movie2kDownloader.A, C:\Program Files (x86)\Movie2KDownloader.com\Movie2KDownloader.exe, In Quarantäne, [a0669cc4ee8ebb7ba62f91b5b25102fe],
PUP.Optional.Movie2kDownloader.A, C:\Program Files (x86)\Movie2KDownloader.com\uninst.exe, In Quarantäne, [a0669cc4ee8ebb7ba62f91b5b25102fe],
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end) Code:
# AdwCleaner v4.200 - Bericht erstellt 04/04/2015 um 16:30:37
# Aktualisiert 29/03/2015 von Xplode
# Datenbank : 2015-03-29.1 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : main - main-PC
# Gestarted von : C:\Users\main\Desktop\AdwCleaner_4.200.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\b4e0a05c5cf801cd
Ordner Gelöscht : C:\Users\main\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\main\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\main\AppData\Roaming\1H1Q1V1N1N1O1R
Ordner Gelöscht : C:\Users\main\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\main\Favorites\Startfenster.lnk
Datei Gelöscht : C:\Users\main\Favorites\Links\Startfenster.lnk
Datei Gelöscht : C:\Users\main\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Startfenster.lnk
Datei Gelöscht : C:\Users\main\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Startfenster.lnk
Datei Gelöscht : C:\Users\main\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
Datei Gelöscht : C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\user.js
***** [ Geplante Tasks ] *****
Task Gelöscht : Run_Bobby_Browser
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9CB96984-43C3-4D44-90EF-01466EFCF7BB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{882F289F-2362-4031-B263-55573E0D8617}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B1AC63A6-D476-46C2-8F01-965D66C40EBD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{882F289F-2362-4031-B263-55573E0D8617}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B1AC63A6-D476-46C2-8F01-965D66C40EBD}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Optimizer Pro
Schlüssel Gelöscht : HKCU\Software\BoBrowser
Schlüssel Gelöscht : HKCU\Software\Vosteran
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Clara
***** [ Internetbrowser ] *****
-\\ Internet Explorer v8.0.7601.18631
-\\ Mozilla Firefox v36.0.4 (x86 de)
[stq7qpe8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.SSWWgulnRSXXC5b0.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.indexOf(\[...]
[stq7qpe8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.hmpgUrl", "hxxp://Vosteran.com/?f=1&a=vst_ggfc_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0D0EtDtA0EyCyDtB0BtC0B0FtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDyD1[...]
[stq7qpe8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.newTabUrl", "hxxp://Vosteran.com/?f=2&a=vst_ggfc_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0D0EtDtA0EyCyDtB0BtC0B0FtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzytDy[...]
[stq7qpe8.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.srchvstrn.tlbrSrchUrl", "hxxp://Vosteran.com/?f=3&a=vst_ggfc_14_47_ff&cd=2XzuyEtN2Y1L1QzutDtDtC0D0EtDtA0EyCyDtB0BtC0B0FtAtN0D0Tzu0StCtDyDtCtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCyEtBzyt[...]
*************************
AdwCleaner[R0].txt - [4454 Bytes] - [04/04/2015 16:25:24]
AdwCleaner[R1].txt - [4513 Bytes] - [04/04/2015 16:29:35]
AdwCleaner[S0].txt - [3880 Bytes] - [04/04/2015 16:30:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3939 Bytes] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.1 (04.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by main on 04.04.2015 at 16:38:21,06
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\main\AppData\Roaming\mozilla\firefox\profiles\stq7qpe8.default\prefs.js
user_pref("extensions.srchvstrn.prtnrId", "WSE_Vosteran");
user_pref("extensions.srchvstrn.srchPrvdr", "Vosteran");
Emptied folder: C:\Users\main\AppData\Roaming\mozilla\firefox\profiles\stq7qpe8.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 04.04.2015 at 16:43:58,68
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by main (administrator) on main-PC on 04-04-2015 16:50:03
Running from C:\Users\main\Desktop
Loaded Profiles: main (Available profiles: main)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(brother Industries Ltd) C:\Windows\SysWOW64\BRSVC01A.EXE
(brother Industries Ltd) C:\Windows\SysWOW64\BRSS01A.EXE
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Geek Software GmbH) C:\Program Files (x86)\PDF24\pdf24.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-10-03] (AVAST Software)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [193568 2014-11-12] (Geek Software GmbH)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-20707334-2862616035-3361723143-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com/?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-20707334-2862616035-3361723143-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-20707334-2862616035-3361723143-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ecosia.org/
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.startseite24.net/?q={searchTerms}
SearchScopes: HKLM-x32 -> {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-20707334-2862616035-3361723143-1000 -> {4FC8287B-7200-46FD-A254-5891F67CDB61} URL = https://www.ecosia.org/search?q={searchTerms}&addon=opensearch
SearchScopes: HKU\S-1-5-21-20707334-2862616035-3361723143-1000 -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = hxxp://www.startseite24.net/?q={searchTerms}
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2014-10-03] (AVAST Software)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll [2014-11-23] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2014-10-03] (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll [2014-11-23] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default
FF SearchEngineOrder.1: Websuche
FF Homepage: ecosia.com
FF Keyword.URL:
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-09] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll [2014-11-23] (Oracle Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF SearchPlugin: C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\searchplugins\google-images.xml [2014-10-17]
FF SearchPlugin: C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\searchplugins\google-maps.xml [2014-10-17]
FF SearchPlugin: C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\searchplugins\search_engine.xml [2014-10-03]
FF SearchPlugin: C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\searchplugins\search_engine_trovi.xml [2014-10-16]
FF Extension: Cliqz Beta - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\Extensions\cliqz@cliqz.com.xpi [2014-10-18]
FF Extension: Adblock Plus - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-18]
FF Extension: QuickJava - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\Extensions\{E6C1199F-E687-42da-8C24-E7770CC3AE66}.xpi [2014-11-23]
FF Extension: JavaScript Debugger - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\Extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}.xpi [2014-11-23]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-10-03]
FF HKU\S-1-5-21-20707334-2862616035-3361723143-1000\...\Firefox\Extensions: [cliqz@cliqz.com] - C:\Users\main\AppData\Roaming\Mozilla\Firefox\Profiles\stq7qpe8.default\extensions\cliqz@cliqz.com
Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-10-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-10-03] (AVAST Software)
R2 Brother XP spl Service; C:\Windows\SysWOW64\brsvc01a.exe [57344 2004-06-13] (brother Industries Ltd) [File not signed]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2100024 2013-08-30] (TuneUp Software)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-10-03] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-10-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-10-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-10-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-10-03] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-10-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-10-03] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-04 16:43 - 2015-04-04 16:43 - 00001130 _____ () C:\Users\main\Desktop\JRT.txt
2015-04-04 16:38 - 2015-04-04 16:38 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-main-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-04 16:38 - 2015-04-04 16:38 - 00000000 ____D () C:\RegBackup
2015-04-04 16:33 - 2015-04-04 16:33 - 00004031 _____ () C:\Users\main\Desktop\AdwCleaner[S0].txt
2015-04-04 16:25 - 2015-04-04 16:30 - 00000000 ____D () C:\AdwCleaner
2015-04-04 16:17 - 2015-04-04 16:18 - 02208768 _____ () C:\Users\main\Desktop\AdwCleaner_4.200.exe
2015-04-04 14:33 - 2015-04-04 14:35 - 02690981 _____ (Thisisu) C:\Users\main\Desktop\JRT.exe
2015-04-01 23:48 - 2015-04-01 23:48 - 00014819 _____ () C:\Users\main\Desktop\Combofix.txt
2015-04-01 23:41 - 2015-04-01 23:41 - 00014819 _____ () C:\ComboFix.txt
2015-04-01 23:25 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-01 23:25 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-01 23:25 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-01 23:25 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-01 23:25 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-01 23:25 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-01 23:25 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-01 23:25 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-01 23:24 - 2015-04-01 23:41 - 00000000 ____D () C:\Qoobox
2015-04-01 23:24 - 2015-04-01 23:38 - 00000000 ____D () C:\Windows\erdnt
2015-04-01 23:16 - 2015-04-01 23:21 - 05617096 ____R (Swearware) C:\Users\main\Desktop\ComboFix2.exe
2015-04-01 23:05 - 2015-04-01 23:11 - 05616131 _____ (Swearware) C:\Users\main\Desktop\ComboFix.exe
2015-04-01 22:53 - 2015-04-01 22:53 - 00001268 _____ () C:\Users\main\Desktop\Revo Uninstaller.lnk
2015-04-01 22:53 - 2015-04-01 22:53 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-01 22:49 - 2015-04-01 22:50 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\main\Desktop\revosetup95.exe
2015-03-31 22:27 - 2015-04-04 16:24 - 00009661 _____ () C:\Users\main\Desktop\Mbam.txt
2015-03-31 21:57 - 2015-03-31 21:57 - 00274888 _____ () C:\Windows\Minidump\033115-28844-01.dmp
2015-03-31 21:57 - 2015-03-31 21:57 - 00000000 ____D () C:\Windows\Minidump
2015-03-31 21:50 - 2015-03-31 22:40 - 00001259 _____ () C:\Users\main\Desktop\Gmer.txt
2015-03-31 21:26 - 2015-03-31 21:26 - 00380416 _____ () C:\Users\main\Desktop\Gmer-19357.exe
2015-03-31 21:14 - 2015-04-01 11:46 - 00013322 _____ () C:\Users\main\Desktop\Addition.txt
2015-03-31 21:13 - 2015-04-04 16:50 - 00010593 _____ () C:\Users\main\Desktop\FRST.txt
2015-03-31 21:13 - 2015-04-04 16:50 - 00000000 ____D () C:\FRST
2015-03-31 21:12 - 2015-03-31 21:12 - 02095616 _____ (Farbar) C:\Users\main\Desktop\FRST64.exe
2015-03-31 21:08 - 2015-03-31 21:08 - 00000470 _____ () C:\Users\main\Desktop\defogger_disable.log
2015-03-31 21:08 - 2015-03-31 21:08 - 00000000 _____ () C:\Users\main\defogger_reenable
2015-03-31 21:07 - 2015-03-31 21:07 - 00050477 _____ () C:\Users\main\Desktop\Defogger.exe
2015-03-27 22:59 - 2015-03-27 23:00 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-20 22:45 - 2015-03-20 22:46 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\main\Desktop\mbam-setup-2.1.4.1018.exe
2015-03-20 18:24 - 2015-03-20 18:24 - 00373944 _____ () C:\Users\main\Downloads\adobe-reader-Download.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-04 16:40 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-04 16:40 - 2009-07-14 06:45 - 00021664 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-04 16:32 - 2014-11-23 10:34 - 00014855 _____ () C:\Windows\setupact.log
2015-04-04 16:32 - 2014-11-23 10:33 - 00020292 _____ () C:\Windows\PFRO.log
2015-04-04 16:32 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-04 16:31 - 2014-10-03 11:48 - 01205068 _____ () C:\Windows\WindowsUpdate.log
2015-04-04 15:08 - 2014-11-23 01:28 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-02 21:01 - 2014-12-08 00:09 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-01 23:54 - 2014-10-03 13:48 - 00002212 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2015-04-01 23:41 - 2011-04-12 09:43 - 00643866 _____ () C:\Windows\system32\perfh007.dat
2015-04-01 23:41 - 2011-04-12 09:43 - 00126394 _____ () C:\Windows\system32\perfc007.dat
2015-04-01 23:41 - 2009-07-14 07:13 - 01472002 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-01 23:41 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-01 23:36 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-01 18:23 - 2014-10-15 19:25 - 00000000 ____D () C:\Users\main\AppData\Roaming\Skype
2015-04-01 11:41 - 2014-10-03 13:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-03-31 21:08 - 2014-10-03 12:18 - 00000000 ____D () C:\Users\main
2015-03-30 17:46 - 2014-10-03 13:33 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-03-23 17:51 - 2014-10-03 12:33 - 00000000 ____D () C:\Users\main\Documents\Jurtenbau
2015-03-20 22:46 - 2014-12-08 00:08 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-20 22:46 - 2014-12-08 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-20 22:46 - 2014-12-08 00:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-17 07:15 - 2014-12-08 00:08 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-17 07:15 - 2014-12-08 00:08 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-17 07:15 - 2014-12-08 00:08 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
==================== Files in the root of some directories =======
2014-11-17 23:47 - 2014-11-21 00:28 - 0000106 _____ () C:\Users\main\AppData\Roaming\WB.CFG
Some content of TEMP:
====================
C:\Users\main\AppData\Local\Temp\Quarantine.exe
C:\Users\main\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 15:30
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- ---
Ich weuß nicht ob ein addition.txt noch dazu sollte, aber hab ich mal gemacht Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by main at 2015-04-04 16:53:55
Running from C:\Users\main\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.38 - Irfan Skiljan)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 36.0.4 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 de)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
OpenOffice 4.1.1 (HKLM-x32\...\{ACD0FFF9-6B35-43C1-82DB-9FF6990E8602}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Combine (HKLM-x32\...\PDF Combine_is1) (Version: - Helmsman, Inc.)
PDF Creator (HKLM\...\PDF Creator) (Version: - )
PDF24 Creator 6.9.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
TeraCopy 2.3 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
TuneUp Utilities 2014 (de-DE) (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
TuneUp Utilities 2014 (HKLM-x32\...\TuneUp Utilities 2014) (Version: 14.0.1000.89 - TuneUp Software)
TuneUp Utilities 2014 (x32 Version: 14.0.1000.89 - TuneUp Software) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
22-03-2015 20:05:45 Geplanter Prüfpunkt
30-03-2015 18:40:58 Geplanter Prüfpunkt
01-04-2015 22:57:01 Revo Uninstaller's restore point - PDF Creator Packages
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-04-01 23:35 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {487BA72D-37D5-4B4C-9CA3-2B1AD00D920F} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe [2013-08-30] (TuneUp Software)
Task: {6CD57FBA-6EBD-494D-AF69-48F3BF3168FA} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-10-03] (AVAST Software)
Task: {E163D6CF-0174-408B-8248-81C1E414197E} - System32\Tasks\{D8748C80-45D0-40BC-A402-D9BD541AAAD1} => pcalua.exe -a C:\ProgramData\CouponFactor\CouponFactor.exe -c /progname=CouponFactor /progver=3.4.2 /progpub=CouponFactor /proguninstallurl=asdahjka.com /deleteappfolder=0 /deletefile1="C:\Users\main\AppData\Roaming\appdataFr2.bin" /VERYSILENT
Task: {E7BAEBE7-18E8-444A-9626-AAE79FFA3BD3} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2014-10-07] (Oracle Corporation)
Task: {F1E091C6-E1A1-4748-9E88-D5E18CAF9452} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-09] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-11-17 22:28 - 2011-10-04 22:43 - 00087552 _____ () C:\Windows\System32\custmon64i.dll
2013-08-30 09:51 - 2013-08-30 09:51 - 00757048 _____ () C:\Program Files (x86)\TuneUp Utilities 2014\avgrepliba.dll
2014-10-03 13:46 - 2014-10-03 13:46 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2015-04-04 13:43 - 2015-04-04 13:43 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040400\algo.dll
2014-10-03 13:46 - 2014-10-03 13:46 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-20707334-2862616035-3361723143-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\main\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== Accounts: =============================
Administrator (S-1-5-21-20707334-2862616035-3361723143-500 - Administrator - Disabled)
Gast (S-1-5-21-20707334-2862616035-3361723143-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-20707334-2862616035-3361723143-1002 - Limited - Enabled)
main (S-1-5-21-20707334-2862616035-3361723143-1000 - Administrator - Enabled) => C:\Users\main
==================== Faulty Device Manager Devices =============
Name: Massenspeichercontroller
Description: Massenspeichercontroller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM)2 Duo CPU T8300 @ 2.40GHz
Percentage of memory in use: 56%
Total physical RAM: 2046.43 MB
Available physical RAM: 884.48 MB
Total Pagefile: 4092.86 MB
Available Pagefile: 2723.56 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB
==================== Drives ================================
Drive c: (ACER) (Fixed) (Total:111.57 GB) (Free:14.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:111.55 GB) (Free:43.32 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: FF3DCA13)
Partition 1: (Not Active) - (Size=9.8 GB) - (Type=27)
Partition 2: (Active) - (Size=111.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=111.6 GB) - (Type=07 NTFS)
==================== End Of Log ============================ Liebe Grüße Kaja |