| Cowboy015 | 11.04.2015 14:09 |
So jetzt bin ich durch.
Hier die Logs.
WMAM Log: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 11.04.2015
Suchlauf-Zeit: 12:33:07
Logdatei: MWAM Log.txt
Administrator: Ja
Version: 2.01.4.1018
Malware Datenbank: v2015.04.11.01
Rootkit Datenbank: v2015.03.31.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Michael
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 375402
Verstrichene Zeit: 9 Min, 14 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 4
PUP.Optional.Protect, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1324, , [c6876605e8a24ee86af3698937ceeb15]
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, 1736, , [c489b2b91278e254c97a0a0919e933cd]
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\CmdShell.exe, 2112, , [6ae36efd92f879bddb840ee43acb728e]
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, 2744, , [a3aac2a9fe8c9d9926173ff51ee416ea]
Module: 9
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, , [430ae487b0da1c1abf149ea5b949c33d],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [e667d695f8928ea8223ca2509f664eb2],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [cb82a4c798f2ee48a40498d7fa068b75],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
Registrierungsschlüssel: 26
PUP.Optional.Protect, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, , [c6876605e8a24ee86af3698937ceeb15],
PUP.Optional.XTab.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IHProtect Service, , [c489b2b91278e254c97a0a0919e933cd],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c08d7deee0aae1550e403d0100039e62],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c08d7deee0aae1550e403d0100039e62],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, , [c08d7deee0aae1550e403d0100039e62],
PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, , [fc51e289c2c843f3e93b9e2f60a3b24e],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\Iminent, , [fe4f303bed9d63d33b0233dccc3816ea],
PUP.Optional.LuckSearches.A, HKLM\SOFTWARE\WOW6432NODE\luckysearchesSoftware, , [61ecee7d6c1e54e22b074f7133d0758b],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\WajIntEnhance, , [a8a5b4b7bbcf5fd7e26be8e1828124dc],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [d17c3c2f62287cba80ac7b4bbc477789],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [ed60eb8098f2cb6b1516d0f6699a26da],
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\luckysearches uninstall, , [2c219ccffd8dee4875a1be04c241e21e],
PUP.Optional.Vosteran, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [80cd353699f138fe003fe9ec19ea28d8],
PUP.Optional.Wajam.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [1c310c5fd9b175c1ce5b5571828149b7],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, , [e06d303b6b1fbd79033c855d63a0f709],
PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, , [d776f8732268df57587dce0949bade22],
PUP.Optional.HomeTab.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\HomeTab, , [96b72a41e0aaba7c845216dd22e19e62],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\SearchProtectWS, , [0c412a41ef9bff3725091aac44bf17e9],
PUP.Optional.TNT.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\TNT2, , [83ca86e5612995a1887b23a5a063619f],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\WajIntEnhance, , [1b3272f946447bbb6fdf16b3b350718f],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IMBoosterARP, , [014c09629af07fb7a0c19e2425de8b75],
PUP.Optional.Iminent.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\IminentToolbar, , [af9ea9c27d0d60d64121a81a02014cb4],
PUP.Optional.Linkey.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Linkey, , [a2ab42296f1bf343154ef4ce7093cf31],
PUP.Optional.Vosteran.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Vosteran.com, , [202d87e4375347efe57f8240da29ce32],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\WajIntEnhance, , [4ffe71fa6d1dca6cf1749d250bf87a86],
PUP.Optional.Wajam.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\SIMPLYTECH\HomeTabWajIEnhance, , [4efffc6f8a001f17ae7c5d697f8435cb],
Registrierungswerte: 16
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, luckysearches, , [a5a803687b0fdd591737153d729309f7]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.luckysearches.com/web/?type=dspp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, , [05482249e4a6da5c113d66ec1beae41c]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, luckysearches, , [76d753189eeca88eb797b69c48bd20e0]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.luckysearches.com/web/?type=ds&ts=1428622614&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, , [d27bea811476063089c5f55dbc4932ce]
PUP.Optional.SearchEngine.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|searchengine@gmail.com, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\searchengine@gmail.com, , [d37a3932c4c67db95d6b95bad4317b85]
PUP.Optional.IStart.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|istart_ffnt@gmail.com, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\istart_ffnt@gmail.com, , [024bacbf305aea4c9ba8556d30d3d42c]
PUP.Optional.FFToolbar.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|fftoolbar2014@etech.com, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com, , [b09def7c8bffd5612999973580839769]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, 2sq, , [e06d303b6b1fbd79033c855d63a0f709]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{02075563-E9A8-40DB-87C1-9E3F48D011AD}|URL, hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&ts=1428622630&type=default&q={searchTerms}, , [e766e289355551e5113c76dcf80d49b7]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&ts=1428622630&type=default&q={searchTerms}, , [014ce586f89251e5ca835ff3d035be42]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|URL, hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&ts=1428622630&type=default&q={searchTerms}, , [a0adf5761e6c35014805f75bc342738d]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}|FaviconURL, hxxp://www.luckysearches.com//favicon.ico, , [b5982e3df8924ee84c010f438b7a738d]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, luckysearches, , [67e657142961b5818fbef85a41c4c13f]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.luckysearches.com/web/?type=dspp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, , [5bf22744e7a373c3f05d63ef798c53ad]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|TopResultURL, hxxp://www.luckysearches.com/web/?type=ds&ts=1428622614&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, , [d7767af1eaa00d2997b6f2603cc914ec]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{E733165D-CBCF-4FDA-883E-ADEF965B476C}|URL, hxxp://www.luckysearches.com/web/?utm_source=b&utm_medium=2sq&utm_campaign=install_ie&utm_content=ds&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&ts=1428622630&type=default&q={searchTerms}, , [57f684e7deac5fd779d4d77bac590ef2]
Registrierungsdaten: 9
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC),,[4b02e58605854aeca07fb0444fb63bc5]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[4a039ad1236790a6270cdc24fb0b06fa]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.luckysearches.com/web/?type=ds&ts=1428622614&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/web/?type=ds&ts=1428622614&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}),,[d07d2c3f5d2dcb6b56c906eefc0951af]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC),,[60edf17a711943f34ed1619345c0c63a]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC),,[301d9ecd9befef47ee31757f749144bc]
PUP.Optional.LuckySearches.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.luckysearches.com/web/?type=ds&ts=1428622614&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/web/?type=ds&ts=1428622614&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}),,[1a335417e9a192a423fc18dc62a37e82]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[87c66dfe5931d066141f60a055b1cf31]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC),,[3b125d0e256555e164bc886ccc39c33d]
PUP.Optional.LuckySearches.A, HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.luckysearches.com/web/?type=dspp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.luckysearches.com/web/?type=dspp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}),,[4eff8cdf5238bf7780a05a9aa65fe719]
Ordner: 37
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\image, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, , [113cea818802310529e4693334cfea16],
PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, , [113cea818802310529e4693334cfea16],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, , [430a4c1f05850b2ba0045c569e657789],
PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, , [430a4c1f05850b2ba0045c569e657789],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome\content, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome\skin, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code, , [b7964427602a54e201a09d1b9b683ac6],
Dateien: 100
PUP.Optional.Protect, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, , [c6876605e8a24ee86af3698937ceeb15],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ProtectService.exe, , [c489b2b91278e254c97a0a0919e933cd],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\CmdShell.exe, , [6ae36efd92f879bddb840ee43acb728e],
PUP.Optional.ELEX, C:\Program Files (x86)\XTab\HPNotify.exe, , [a3aac2a9fe8c9d9926173ff51ee416ea],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\BrowserAction.dll, , [430ae487b0da1c1abf149ea5b949c33d],
PUP.Optional.SearchProtect, C:\Program Files (x86)\XTab\IeWatchDog.dll, , [e667d695f8928ea8223ca2509f664eb2],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchFF.dll, , [cb82a4c798f2ee48a40498d7fa068b75],
PUP.Optional.SupTab.A, C:\Program Files (x86)\XTab\SupTab.dll, , [c08d7deee0aae1550e403d0100039e62],
PUP.Optional.BrowserWatch, C:\Program Files (x86)\XTab\BrowerWatchCH.dll, , [e5681b50e0aa9b9bf1b79dd222de08f8],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\uninstall.exe, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\conf, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1025.xpi, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\install.data, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcp110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\msvcr110.dll, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\searchProvider.xml, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\about_bk.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\btn_apply.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\close.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf.xml, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\conf_back.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\input_bk.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\logo.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\main.xml, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_1.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\radio_2.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\rigth_arrow.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\skin\settings.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\data.html, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE.html, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\indexIE8.html, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\main.css, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\ver.txt, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\google_trends.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon128.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon16.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\icon48.png, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\loading.gif, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\img\logo32.ico, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\common.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\ga.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery-1.11.0.min.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\jquery.autocomplete.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\js.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\library.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit-ie8.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\js\xagainit2.0.js, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\en-US\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-419\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\es-ES\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-BE\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CA\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-CH\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-FR\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\fr-LU\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-CH\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\it-IT\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pl\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\pt-BR\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\ru-MO\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\tr-TR\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\vi-VI\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-CN\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.XTab.A, C:\Program Files (x86)\XTab\web\_locales\zh-TW\messages.json, , [3e0fe487ccbee94d35f08647c34035cb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome.manifest, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\install.rdf, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome\content\toolbar.js, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome\content\toolbar.xul, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.FFToolbar.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\extensions\fftoolbar2014@etech.com\chrome\skin\icon.png, , [9faee08bf8923df9cc069919c63d45bb],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\548.json, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\MessageBox.xml, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\uninstallDlg2.xml, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\UninstallManager.exe, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\bg.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\bg1.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\bk_shadow.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\button.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\button1.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\checkbox.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\checkbox_select.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\checked.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\close.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\loading_bg.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\loading_light.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\min.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\scrollbar.bmp, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\Thumbs.db, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\unchecked.png, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\code1.jpg, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\code2.jpg, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\code3.jpg, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\code4.jpg, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\code5.jpg, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\code6.jpg, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.LuckySearches.A, C:\Users\Michael\AppData\Roaming\luckysearches\images\code\Thumbs.db, , [b7964427602a54e201a09d1b9b683ac6],
PUP.Optional.HttpBreaker.A, C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.unitedinternet.original.browser.startup.homepage", "hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC");), ,[0449b1ba0f7b57df8955df5ca462946c]
Physische Sektoren: 0
(Keine schädliche Elemente gefunden)
(end)
AdwCleaner[S0]Log: Code:
# AdwCleaner v4.201 - Bericht erstellt 11/04/2015 um 14:15:19
# Aktualisiert 08/04/2015 von Xplode
# Datenbank : 2015-04-08.1 [Server]
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (x64)
# Benutzername : Michael - PC-HOME
# Gestarted von : C:\Users\Michael\Desktop\AdwCleaner_4.201.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Users\Michael\SupTab
Ordner Gelöscht : C:\Users\Michael\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Michael\Documents\ProPCCleaner
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\user.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox Developer Edition.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\simplytech
Schlüssel Gelöscht : HKLM\SOFTWARE\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\SupDp
Schlüssel Gelöscht : HKLM\SOFTWARE\SpeedBit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17689
-\\ Mozilla Firefox v37.0 (x86 de)
[z7h8kgxm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchEnginesURL", "");
[z7h8kgxm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.iconURL", "hxxp://www.luckysearches.com/web/favicon.ico");
[z7h8kgxm.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.searchengine.url", "hxxp://www.luckysearches.com/web/?type=dspp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC&q={searchTerms}");
[z7h8kgxm.default\prefs.js] - Zeile Gelöscht : user_pref("extensions.unitedinternet.original.browser.startup.homepage", "hxxp://www.luckysearches.com/?type=hppp&ts=1428622623&from=2sq&uid=ST3200822AS_3LJ30QGCXXXX3LJ30QGC");
*************************
AdwCleaner[R0].txt - [4459 Bytes] - [11/04/2015 14:05:05]
AdwCleaner[S0].txt - [4223 Bytes] - [11/04/2015 14:15:19]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4282 Bytes] ##########
JRT Log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.5.3 (04.07.2015:1)
OS: Windows 7 Ultimate x64
Ran by Michael on 11.04.2015 at 14:20:16,46
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2015 at 14:22:22,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Log:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Michael (administrator) on PC-HOME on 11-04-2015 14:26:36
Running from C:\Users\Michael\Desktop
Loaded Profiles: Michael (Available profiles: Michael)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
() C:\Program Files\Network Virtual Bridge\SERVICE\SNetwork Virtual Bridge.exe
() C:\Program Files\Network Virtual Bridge Update Protocol\Network Virtual Bridge Update Protocol.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(www.otp.ccc) C:\Program Files\Network Virtual Bridge\PROXY\adsentinel.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5595848 2014-09-22] (ESET)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-04-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5263504 2012-08-09] (VIA)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000 -> {02075563-E9A8-40DB-87C1-9E3F48D011AD} URL =
SearchScopes: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000 -> {E733165D-CBCF-4FDA-883E-ADEF965B476C} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-01-29] (IObit)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-20] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-12-02] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-12-03] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2014-10-15] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default
FF NewTab: hxxp://www.google.de
FF Homepage: hxxp://go.1und1.de/tb/mff_startpage_homepage
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_134.dll [2015-03-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
FF Plugin: adobe.com/AdobeAAMDetect_x86_64 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-01-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_134.dll [2015-03-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-20] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-14] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-23] (VideoLAN)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-01-07] (Adobe Systems)
FF Extension: LastPass - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\Extensions\support@lastpass.com [2015-03-27]
FF Extension: 1&1 MailCheck - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\Extensions\toolbar@1und1.de [2015-03-27]
FF Extension: ZenMate Security & Privacy VPN - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\Extensions\firefox@zenmate.com.xpi [2015-03-27]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-03-27]
FF Extension: Metal Lion Australis Graphite - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\Extensions\{F6D83238-A31E-451d-8BCB-28F6BAFECF10}.xpi [2015-04-09]
FF Extension: Metal Lion Australis Scrollbars II - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\a3z9a987.default-1427472501224\Extensions\{FDBAD97E-A258-4fe3-9CF6-60CF386C4422}.xpi [2015-04-09]
FF Extension: LastPass - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\Extensions\support@lastpass.com [2015-04-10]
FF Extension: 1&1 MailCheck - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\Extensions\toolbar@1und1.de [2015-04-10]
FF Extension: ZenMate Security & Privacy VPN - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\Extensions\firefox@zenmate.com.xpi [2015-04-10]
FF Extension: Adblock Plus - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-04-10]
FF Extension: Metal Lion Australis Graphite - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\Extensions\{F6D83238-A31E-451d-8BCB-28F6BAFECF10}.xpi [2015-04-10]
FF Extension: Metal Lion Australis Scrollbars II - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\z7h8kgxm.default\Extensions\{FDBAD97E-A258-4fe3-9CF6-60CF386C4422}.xpi [2015-04-10]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-01-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2015-02-10]
FF HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
StartMenuInternet: FIREFOX.EXE - C:\Program Files\Firefox Developer Edition\firefox.exe
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1350112 2014-09-16] (ESET)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-29] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Network Virtual Bridge; C:\Program Files\Network Virtual Bridge\PROXY\adsentinel.exe [505364 2014-12-07] (www.otp.ccc) [File not signed]
R2 Network Virtual Bridge S; C:\Program Files\Network Virtual Bridge\SERVICE\SNetwork Virtual Bridge.exe [129024 2015-03-31] () [File not signed]
R2 Network Virtual Bridge Update Protocol; C:\Program Files\Network Virtual Bridge Update Protocol\Network Virtual Bridge Update Protocol.exe [128512 2015-03-25] () [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 ProtexisLicensing; C:\Windows\SysWOW64\PSIService.exe [177704 2007-06-05] ()
S2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2014-10-13] (DEVGURU Co., LTD.)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5448464 2015-03-30] (TeamViewer GmbH)
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-01-29] (VIA Technologies, Inc.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2015-01-29] (Advanced Micro Devices Inc.)
R1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [22680 2012-10-25] ()
R3 CnxtHdmiAudService; C:\Windows\System32\drivers\CHDMI64.sys [722488 2015-01-29] (Conexant Systems Inc.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-09-22] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241368 2014-09-22] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169280 2014-09-22] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [158968 2014-09-22] (ESET)
S3 ESETOlmarikOlmascoCleaner; C:\Windows\system32\Drivers\ESETOlmarikOlmascoCleaner.sys [157384 2015-02-07] ()
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2015-01-28] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-01-29] (REALiX(tm))
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [26368 2014-10-13] (DEVGURU Co., LTD.)
R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [231112 2013-01-03] (VIA Technologies, Inc.)
R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [296960 2015-01-29] (VIA Technologies, Inc.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 14:22 - 2015-04-11 14:26 - 00000623 _____ () C:\Users\Michael\Desktop\JRT.txt
2015-04-11 14:20 - 2015-04-11 14:20 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-PC-HOME-Windows-7-Ultimate-(64-bit).dat
2015-04-11 14:20 - 2015-04-11 14:20 - 00000000 ____D () C:\RegBackup
2015-04-11 14:17 - 2015-04-11 14:17 - 00004378 _____ () C:\Users\Michael\Desktop\AdwCleaner[S0].txt
2015-04-11 12:55 - 2015-04-11 14:15 - 00000000 ____D () C:\AdwCleaner
2015-04-11 12:32 - 2015-04-11 12:54 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-11 12:31 - 2015-04-11 12:31 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-11 12:31 - 2015-04-11 12:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-11 12:31 - 2015-04-11 12:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-11 12:31 - 2015-04-11 12:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-11 12:31 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-11 12:31 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-11 12:31 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-10 18:27 - 2015-04-10 18:27 - 00036222 _____ () C:\Users\Michael\Desktop\ComboFix.txt
2015-04-10 17:50 - 2015-04-10 18:28 - 00000000 ____D () C:\Qoobox
2015-04-10 17:50 - 2015-04-10 18:22 - 00000000 ____D () C:\Windows\erdnt
2015-04-10 17:50 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-04-10 17:50 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-04-10 17:50 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-04-10 17:50 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-04-10 17:50 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-04-10 17:50 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2015-04-10 17:50 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2015-04-10 17:50 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2015-04-10 17:48 - 2015-04-10 17:48 - 05617275 ____R (Swearware) C:\Users\Michael\Desktop\ComboFix.exe
2015-04-10 17:03 - 2015-04-10 17:03 - 00000000 ____D () C:\Program Files\Firefox Developer Edition
2015-04-10 16:56 - 2015-04-10 16:56 - 00039905 _____ () C:\Users\Michael\Desktop\Addition.txt
2015-04-10 16:55 - 2015-04-11 14:26 - 00018660 _____ () C:\Users\Michael\Desktop\FRST.txt
2015-04-10 16:48 - 2015-04-10 16:48 - 02686959 _____ (Thisisu) C:\Users\Michael\Desktop\JRT.exe
2015-04-10 16:47 - 2015-04-10 16:47 - 02217984 _____ () C:\Users\Michael\Desktop\AdwCleaner_4.201.exe
2015-04-10 16:23 - 2015-04-11 14:26 - 00000000 ____D () C:\FRST
2015-04-10 16:21 - 2015-04-10 16:21 - 02095616 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2015-04-10 01:01 - 2015-04-11 14:15 - 00000936 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Firefox Developer Edition.lnk
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\sh4ldr
2015-04-10 00:09 - 2015-04-10 00:09 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-04-10 00:08 - 2015-04-10 00:09 - 00000000 ____D () C:\Windows\0028CB34D5D3460FB308A39A095A5E01.TMP
2015-04-09 23:44 - 2015-04-09 23:44 - 00000000 _____ () C:\autoexec.bat
2015-04-09 23:12 - 2015-04-09 23:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Opera Software
2015-04-09 23:12 - 2015-04-09 23:17 - 00000000 ____D () C:\Users\Michael\AppData\Local\Opera Software
2015-04-08 23:16 - 2015-04-08 23:16 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DailyMagic
2015-04-08 23:16 - 2015-04-08 23:16 - 00000000 ____D () C:\ProgramData\DailyMagic
2015-04-07 17:41 - 2015-04-11 14:16 - 00037322 _____ () C:\Windows\PFRO.log
2015-04-07 17:41 - 2015-04-11 14:16 - 00000448 _____ () C:\Windows\setupact.log
2015-04-07 17:41 - 2015-04-07 17:41 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-06 22:40 - 2015-04-06 22:40 - 00001328 _____ () C:\Users\Michael\Desktop\Sable Maze 3 - Der verbotene Garten.lnk
2015-04-06 22:38 - 2015-04-06 22:40 - 00000000 ____D () C:\Program Files (x86)\Sable Maze 3 - Der verbotene Garten SA
2015-04-06 22:37 - 2015-04-06 22:37 - 00001467 _____ () C:\Users\Michael\Desktop\Cursery - Der boese Mann und der schwarze Kater.lnk
2015-04-06 22:37 - 2015-04-06 22:37 - 00000000 ____D () C:\Program Files (x86)\Cursery - Der boese Mann und der schwarze Kater SA
2015-04-06 22:36 - 2015-04-06 22:36 - 00001260 _____ () C:\Users\Michael\Desktop\Hidden Memories of a Bright Summer.lnk
2015-04-06 22:36 - 2015-04-06 22:36 - 00000000 ____D () C:\Program Files (x86)\Hidden Memories of a Bright Summer
2015-04-06 21:41 - 2015-04-06 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duden
2015-04-06 21:40 - 2015-04-06 21:40 - 00000000 ____D () C:\Program Files (x86)\Duden
2015-04-06 20:57 - 2015-04-06 20:59 - 00000000 ____D () C:\ProgramData\dudenbibliothek6
2015-04-06 20:45 - 2015-04-06 21:41 - 00000000 ____D () C:\ProgramData\Duden
2015-04-06 20:45 - 2015-04-06 20:45 - 00000000 ____D () C:\Users\Michael\Documents\Add-in Express
2015-04-06 20:45 - 2015-04-06 20:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Duden
2015-04-04 00:56 - 2015-04-04 01:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\FRITZ!
2015-04-04 00:56 - 2015-04-04 01:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\FRITZ!
2015-04-04 00:52 - 2006-02-23 12:16 - 00047616 _____ (TODO: <Company name>) C:\Windows\system32\AvmColorFax.dll
2015-04-04 00:52 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\system32\FritzColorPort64.dll
2015-04-04 00:52 - 2006-02-22 10:53 - 00043520 _____ (TODO: <Company name>) C:\Windows\system32\AvmFax.dll
2015-04-04 00:52 - 2006-02-22 10:51 - 00027136 _____ (AVM Berlin GmbH) C:\Windows\system32\FriDru64.dll
2015-04-04 00:52 - 2006-02-22 10:39 - 00020480 _____ () C:\Windows\system32\FritzPort64.dll
2015-04-04 00:50 - 2007-09-07 10:05 - 00492848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp70.dll
2015-04-04 00:50 - 2007-09-07 10:04 - 00980272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70.dll
2015-04-04 00:50 - 2007-09-07 10:04 - 00970032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc70u.dll
2015-04-04 00:50 - 2007-09-07 10:04 - 00060208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvci70.dll
2015-04-04 00:28 - 2015-04-10 00:45 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-04 00:28 - 2015-04-04 00:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-03-28 16:28 - 2015-04-10 19:58 - 00000000 ____D () C:\Program Files\Network Virtual Bridge
2015-03-28 00:39 - 2015-04-10 00:45 - 00000000 ____D () C:\Program Files\Network Virtual Bridge Update Protocol
2015-03-28 00:39 - 2015-03-28 00:42 - 00000190 _____ () C:\debug.log
2015-03-28 00:39 - 2015-03-28 00:39 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\InAppBrowser
2015-03-27 19:45 - 2015-03-27 19:45 - 00000000 ____D () C:\Users\Michael\Documents\Autodata
2015-03-27 14:52 - 2015-03-27 14:52 - 03711896 _____ (ESET) C:\Windows\SysWOW64\%InstallDir%speclean.new
2015-03-27 14:47 - 2015-03-27 14:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Light Developer
2015-03-27 14:46 - 2015-03-27 14:46 - 00001128 _____ () C:\Users\Public\Desktop\CutOut 4.lnk
2015-03-27 14:46 - 2015-03-27 14:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutOut 4
2015-03-27 14:46 - 2015-03-27 14:46 - 00000000 ____D () C:\Program Files (x86)\Franzis
2015-03-25 19:52 - 2015-03-25 20:15 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2015-03-25 19:52 - 2015-03-25 19:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\Skype
2015-03-25 19:51 - 2015-03-25 19:51 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-25 19:51 - 2015-03-25 19:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-25 19:50 - 2015-03-25 19:50 - 00000000 ____D () C:\ProgramData\Skype
2015-03-25 18:21 - 2015-03-11 06:06 - 00943616 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-25 18:21 - 2015-03-11 06:06 - 00760832 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-25 18:21 - 2015-03-11 06:06 - 00677888 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-25 18:21 - 2015-03-11 06:06 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-25 18:21 - 2015-03-11 06:05 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-25 18:21 - 2015-03-11 06:05 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-25 18:21 - 2015-03-11 06:05 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-03-25 18:21 - 2015-03-11 06:02 - 01107456 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-24 22:00 - 2015-03-24 22:01 - 00001795 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Blackjack Ballroom Casino.lnk
2015-03-24 22:00 - 2015-03-24 22:00 - 00000000 ____D () C:\ProgramData\MGS
2015-03-24 22:00 - 2015-03-24 22:00 - 00000000 ____D () C:\Microgaming
2015-03-23 22:13 - 2015-03-23 22:13 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\fltk.org
2015-03-23 22:13 - 2015-03-23 22:13 - 00000000 ____D () C:\ProgramData\fltk.org
2015-03-23 22:10 - 2015-03-23 22:12 - 00000000 ____D () C:\Temp
2015-03-20 23:10 - 2015-04-11 14:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-20 23:10 - 2015-03-23 21:00 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-20 23:06 - 2015-03-20 23:06 - 00943832 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2015-03-20 23:06 - 2015-03-20 23:06 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-03-20 22:40 - 2015-04-10 00:45 - 00000000 ____D () C:\Users\Michael\Projects Series
2015-03-20 22:40 - 2015-04-10 00:45 - 00000000 ____D () C:\Users\Michael\PhotoBuzzer Projects 1
2015-03-20 22:40 - 2015-03-20 22:40 - 00000982 _____ () C:\Users\Public\Desktop\Photo BUZZER (64-Bit).lnk
2015-03-20 22:40 - 2015-03-20 22:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Franzis
2015-03-20 22:40 - 2015-03-20 22:40 - 00000000 ____D () C:\Program Files\Franzis
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-04-11 14:22 - 2011-04-12 09:43 - 00703092 _____ () C:\Windows\system32\perfh007.dat
2015-04-11 14:22 - 2011-04-12 09:43 - 00150676 _____ () C:\Windows\system32\perfc007.dat
2015-04-11 14:22 - 2009-07-14 07:13 - 01629572 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-11 14:20 - 2009-07-14 06:45 - 00026944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-11 14:20 - 2009-07-14 06:45 - 00026944 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-11 14:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-11 14:15 - 2015-01-27 22:24 - 00000848 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-11 14:15 - 2015-01-27 20:28 - 00000999 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-11 14:15 - 2015-01-27 20:27 - 00000000 ____D () C:\Users\Michael
2015-04-11 14:15 - 2015-01-27 20:17 - 01852263 _____ () C:\Windows\WindowsUpdate.log
2015-04-10 18:27 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2015-04-10 18:06 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2015-04-10 18:05 - 2015-01-27 22:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-04-10 18:04 - 2009-07-14 04:34 - 80478208 _____ () C:\Windows\system32\config\SOFTWARE.bak
2015-04-10 18:04 - 2009-07-14 04:34 - 14942208 _____ () C:\Windows\system32\config\SYSTEM.bak
2015-04-10 18:04 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2015-04-10 18:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2015-04-10 18:04 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2015-04-10 17:54 - 2015-02-07 19:30 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-10 01:32 - 2015-01-27 20:36 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-10 01:31 - 2015-01-29 19:44 - 00002890 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Michael
2015-04-10 01:31 - 2015-01-27 20:36 - 00000000 ____D () C:\Users\Michael\AppData\Local\Google
2015-04-10 00:45 - 2015-01-30 14:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2015-04-10 00:45 - 2015-01-30 14:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-04-10 00:45 - 2015-01-29 20:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\ProductData
2015-04-10 00:45 - 2015-01-29 20:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\IObit
2015-04-10 00:45 - 2015-01-29 20:05 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-10 00:45 - 2015-01-28 22:18 - 00000000 ____D () C:\Windows\AutoKMS
2015-04-10 00:45 - 2015-01-28 21:56 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-04-10 00:44 - 2015-01-27 20:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-04-10 00:44 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\registration
2015-04-10 00:43 - 2015-02-24 17:53 - 00000000 ____D () C:\Program Files\Samsung
2015-04-10 00:43 - 2015-02-15 00:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-04-10 00:43 - 2015-01-28 21:08 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-04-09 22:46 - 2015-02-15 00:16 - 00000000 ____D () C:\Users\Michael\Documents\SelfMV
2015-04-07 17:41 - 2009-07-14 06:45 - 00408104 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-06 22:35 - 2014-10-29 19:20 - 00000000 ____D () C:\GEGeek Toolkit
2015-04-06 22:17 - 2015-02-10 18:05 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\HpUpdate
2015-04-06 22:17 - 2015-02-08 21:01 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\TeamViewer
2015-04-06 22:02 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-06 21:41 - 2015-01-27 20:47 - 00106264 _____ () C:\Users\Michael\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-06 21:31 - 2015-01-28 21:08 - 00000072 _____ () C:\Users\Public\LMDebug.log
2015-04-04 00:50 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Help
2015-04-02 23:20 - 2015-03-02 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2015-04-02 23:20 - 2015-03-02 19:40 - 00000000 ____D () C:\Program Files\Calibre2
2015-04-02 22:12 - 2015-02-09 13:29 - 00003773 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-04-02 22:12 - 2015-02-06 19:53 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-04-02 22:11 - 2015-02-09 13:26 - 00000971 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-04-01 16:02 - 2015-02-22 15:17 - 00000000 ____D () C:\ProgramData\elsterformular
2015-03-28 15:02 - 2015-02-10 15:24 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-27 14:41 - 2015-01-27 22:11 - 00000000 ____D () C:\Users\Michael\AppData\Local\Alt.Binz.PPU
2015-03-25 19:53 - 2015-01-28 12:47 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-25 19:53 - 2015-01-28 12:47 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-24 20:47 - 2015-01-31 16:50 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Party
2015-03-23 16:40 - 2015-01-28 13:39 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2015-03-20 23:10 - 2015-01-28 13:39 - 00778928 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-20 23:10 - 2015-01-28 13:39 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-20 23:09 - 2015-02-22 15:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-20 23:09 - 2015-02-22 15:47 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-20 23:06 - 2015-01-27 20:49 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2015-03-20 22:59 - 2015-01-29 20:11 - 00002858 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Michael)
2015-03-12 19:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
==================== Files in the root of some directories =======
2015-01-29 17:20 - 2015-01-29 17:20 - 0000000 _____ () C:\Users\Michael\AppData\Roaming\gdfw.log
2015-01-29 17:20 - 2015-01-29 17:20 - 0000779 _____ () C:\Users\Michael\AppData\Roaming\gdscan.log
2015-02-01 22:11 - 2015-02-02 20:48 - 0061952 _____ () C:\Users\Michael\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-01-30 20:03 - 2015-01-30 20:03 - 0007605 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2015-02-23 21:09 - 2015-02-23 21:09 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-02-01 15:16 - 2015-02-10 18:34 - 0002232 _____ () C:\ProgramData\hpzinstall.log
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-04-04 15:54
==================== End Of Log ============================
--- --- ---
--- --- ---
--- --- ---
Und noch derAdditionLog: Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Michael at 2015-04-11 14:27:09
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET NOD32 Antivirus 8.0 (Disabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.30 - GIGABYTE)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 2.9.0.465 - Adobe Systems Incorporated)
Adobe Flash Player 17 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.134 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alt.Binz Prepaid Usenet edition Version 0.39.15 (HKLM-x32\...\{6B87C531-F762-46BA-AC33-C88B1CC7D83B}_is1) (Version: 0.39.15 - Prepaid usenet)
Ashampoo Burning Studio 15 v.15.0.2 (HKLM-x32\...\{91B33C97-5B38-0A92-D04A-A0F26F3F87D4}_is1) (Version: 15.0.2 - Ashampoo GmbH & Co. KG)
ATI Catalyst Install Manager (HKLM\...\{576A97E3-1A79-6215-49DE-AA358AF47420}) (Version: 3.0.769.0 - ATI Technologies, Inc.)
AutoGreen B12.1220.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.1220.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
B110 (x32 Version: 140.0.283.000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
calibre 64bit (HKLM\...\{39CE621D-C455-4054-8824-712AAAE0C60C}) (Version: 2.22.0 - Kovid Goyal)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Conexant Audio Driver For AMD HDMI Codec (HKLM\...\CNXT_AUDIO_HDA_HDMI) (Version: 4.98.32.0 - Conexant)
Corel MediaOne (HKLM-x32\...\{3C569633-C8DE-46E2-BB8F-F65198681C2F}) (Version: 2.00.0000 - Corel Corporation)
Corel Painter Essentials 3 (HKLM-x32\...\_{0C180787-F8C8-42FD-A9D3-689BA44BEAAF}) (Version: - Corel Corporation)
Corel Painter Essentials 3 (x32 Version: 3.2 - Corel Corporation) Hidden
Cursery - Der boese Mann und der schwarze Kater SA 1.00 (HKLM-x32\...\Cursery - Der boese Mann und der schwarze Kater SA 1.00) (Version: 1.00 - BigFish)
CutOut 4.0 (HKLM\...\CutOut 4_is1) (Version: 4.0 - Franzis.de)
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DHTML Editing Component (HKLM-x32\...\{2EA870FA-585F-4187-903D-CB9FFD21E2E0}) (Version: 6.02.0001 - Microsoft Corporation)
Driver Booster 2.1 (HKLM-x32\...\Driver Booster_is1) (Version: 2.1 - IObit)
Duden Professional (HKLM-x32\...\{CADD1164-F60E-484B-A01C-F5CDE6FD40FD}) (Version: 10.0.0 - Bibliographisches Institut GmbH)
Easy Tune 6 B13.0323.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B13.0323.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
Echoes of the Past: Die Zitadellen der Zeit (HKLM-x32\...\BFG-Echoes of the Past - Die Zitadellen der Zeit) (Version: - )
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.16151 - Landesfinanzdirektion Thüringen)
ESET NOD32 Antivirus (HKLM\...\{A7BFCCE9-FCCE-4E25-B198-AFA0C4007B4D}) (Version: 8.0.301.3 - ESET, spol s r. o.)
Firefox Developer Edition 39.0a2 (x64 de) (HKLM\...\Firefox Developer Edition 39.0a2 (x64 de)) (Version: 39.0a2 - Mozilla)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hidden Memories of a Bright Summer 1.00 (HKLM-x32\...\Hidden Memories of a Bright Summer 1.00) (Version: 1.00 - BigFish)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver 14.0 Rel. 7 (HKLM\...\{014E482A-0C27-47E3-BA82-307E9DCA2F47}) (Version: 14.0 - HP)
HP Photosmart Wireless B110 All-In-One Driver Software 14.0 Rel. 7 (HKLM\...\{59C83C08-63F4-4AEC-81D6-392C5E23B843}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{96D12EC9-720B-45FB-904C-36D6307A1C76}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPAppStudio (x32 Version: 140.0.95.000 - Hewlett-Packard) Hidden
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
Malwarebytes Anti-Malware Version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{887868A2-D6DE-3255-AA92-AA0B5A59B874}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
ModifyRegistry version 0.1 (HKLM-x32\...\{1D5BE6B5-7FD4-4A78-90F2-AF6B53BC8C1C}_is1) (Version: 0.1 - VIA Technologies, Inc.)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0a2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network Virtual Bridge (HKLM-x32\...\Network Virtual Bridge) (Version: 1.0.0 - Network Virtual Bridge)
Network Virtual Bridge Update Protocol (HKLM-x32\...\Network Virtual Bridge Update Protocol) (Version: 1.0.0 - Network Virtual Bridge Update Protocol)
Network64 (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Network64 (Version: 140.0.221.000 - Hewlett-Packard) Hidden
ON_OFF Charge B12.1025.1 (HKLM-x32\...\{3DECD372-76A1-4483-BF10-B547790A3261}) (Version: 1.00.0001 - GIGABYTE)
Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
partypoker (HKLM-x32\...\PartyPoker) (Version: - PartyGaming)
Photo BUZZER (64-Bit) (HKLM\...\EMOTION_PROJECTS_1_2_CDF5610E_is1) (Version: 1.14 - Franzis Verlag GmbH)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
POIbase 2.0.13 (HKLM-x32\...\POIbase_is1) (Version: - POIbase)
PS_AIO_07_B110_SW_Min (x32 Version: 140.0.142.000 - Hewlett-Packard) Hidden
QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Sable Maze 3 - Der verbotene Garten SA 1.00 (HKLM-x32\...\Sable Maze 3 - Der verbotene Garten SA 1.00) (Version: 1.00 - BigFish)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15013.17 - Samsung Electronics Co., Ltd.) Hidden
Samsung SideSync 3.0 (HKLM-x32\...\Samsung SideSync) (Version: 3.1.4.827 - Samsung Electronics Co., Ltd.)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.49.0 - SAMSUNG Electronics Co., Ltd.)
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2817430) 64-Bit Edition (Version: - Microsoft) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.214.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.256.000 - Hewlett-Packard) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.40798 - TeamViewer)
The Lord of the Rings FREE Trial (x32 Version: 1.00.0000 - ATI Technologies Inc.) Hidden
TomTom HOME (HKLM-x32\...\{BB05590A-6602-43F3-A400-77EA0976BC0A}) (Version: 2.9.8 - Ihr Firmenname)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Ulead PhotoImpact X3 (HKLM-x32\...\InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}) (Version: 1.00.0000 - Corel)
Ulead PhotoImpact X3 (x32 Version: 1.00.0000 - Corel) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000_Classes\CLSID\{32C15893-74C0-4478-879B-FE14EB684AB4}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x64\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000_Classes\CLSID\{39C26CEE-9070-4B47-9261-6743499AFBF7}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x64\hpqgutil.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000_Classes\CLSID\{9CC1FE07-02F9-49A6-A3F4-63AD8BAE9E49}\InprocServer32 -> C:\Users\Michael\AppData\Local\Microsoft\Windows Sidebar\Gadgets\HPPhoto.gadget\x64\hpqgps01.dll (Hewlett-Packard Co.)
CustomCLSID: HKU\S-1-5-21-2748237790-4062106441-2341631246-1000_Classes\CLSID\{AFD6BFDC-F329-41BB-9C53-764B965DD483}\InprocServer32 -> C:\Program Files (x86)\Duden\Duden Korrektor\adxloader64.dll ()
==================== Restore Points =========================
09-04-2015 22:27:03 Installed Samsung Kies3
09-04-2015 22:41:38 Installed Samsung Kies
10-04-2015 00:08:24 Installed SpyHunter
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 04:34 - 2015-04-10 18:05 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {0C106392-FFB7-40F4-ADF4-8A8543A2AFCB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {14D39568-2BFB-47EE-8EB4-6BB0CE64C5D8} - System32\Tasks\{BA973484-7843-4685-A4FE-4837A1732132} => C:\Program Files (x86)\House of Tales\The Moment of Silence\Mos.exe
Task: {20FB37AE-8A91-4387-B1A3-3152C63301A0} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-03-25] (Microsoft Corporation)
Task: {4FB94713-3604-4BDF-AAEE-3CD6DF47A7C4} - System32\Tasks\{F7845536-E327-421B-91F0-FE5528F03EAF} => C:\Program Files (x86)\House of Tales\The Moment of Silence\Mos.exe
Task: {5D7E2C4D-C28D-4434-9787-1C54ACC5B608} - System32\Tasks\{2B433C2E-A701-43FA-A66D-8F8BC894D53B} => C:\Program Files (x86)\House of Tales\The Moment of Silence\Mos.exe
Task: {73114562-41E3-4D01-B3C0-EA4AA37BC146} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {91CF6740-FF9D-4C45-BA18-12BF348683B8} - System32\Tasks\Driver Booster SkipUAC (Michael) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-12-12] (IObit)
Task: {AB81103D-683E-4E38-B35A-4EE035480CAF} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {AF4AE5D9-78C1-4690-9AD7-811C5B966781} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {B14F0D49-118F-44CC-B1C2-4B276EF9CA40} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxcontent => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {C6BD33EC-CCC0-4976-94EB-4C1C90915CD9} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {D887D107-0074-40C0-BCC7-52DA91EAA229} - System32\Tasks\Uninstaller_SkipUac_Michael => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-29] (IObit)
Task: {E114171C-82E4-457C-8BB5-A63E081469FE} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {E3E7338A-6DCB-42DC-9757-B7E06CB9E6DB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-20] (Adobe Systems Incorporated)
Task: {E5CDC547-58E1-4735-BE5E-094F12693DE7} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-12-09] (IObit)
Task: {F0E7657C-0586-4D1D-B853-2D330C74581E} - System32\Tasks\Microsoft\Windows\Setup\gwx\runappraiser => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-03-25] (Microsoft Corporation)
Task: {F7DE379B-51CF-4F94-8276-99D4FDB1BD5A} - System32\Tasks\AutoKMSCustom => C:\Windows\AutoKMS\AutoKMS.exe [2015-01-28] ()
Task: {FE45285E-F37C-4A30-9717-FB1916467B29} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) ==============
2014-12-19 16:57 - 2014-12-19 16:57 - 01039008 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2010-07-15 06:44 - 2010-07-15 06:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2015-03-31 05:52 - 2015-03-31 05:52 - 00129024 _____ () C:\Program Files\Network Virtual Bridge\SERVICE\SNetwork Virtual Bridge.exe
2015-03-25 07:43 - 2015-03-25 07:43 - 00128512 _____ () C:\Program Files\Network Virtual Bridge Update Protocol\Network Virtual Bridge Update Protocol.exe
2015-04-04 00:52 - 2006-02-23 11:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-06-22 07:48 - 2011-06-22 07:48 - 00034304 _____ () C:\Windows\System32\ssp7ml6.dll
2015-04-02 22:12 - 2015-03-30 09:02 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2012-05-13 06:15 - 2012-05-13 06:15 - 00072718 _____ () C:\Program Files\Network Virtual Bridge\PROXY\cygz.dll
2011-10-26 06:26 - 2011-10-26 06:26 - 00080910 _____ () C:\Program Files\Network Virtual Bridge\PROXY\cyggcc_s-1.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\ProgramData\TEMP:AECF4772
AlternateDataStreams: C:\ProgramData\TEMP:E87AB4E3
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ESETOlmarikOlmascoCleaner.sys => ""="Driver"
==================== EXE Association (whitelisted) ===============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-2748237790-4062106441-2341631246-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.178.1
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
==================== Accounts: =============================
Administrator (S-1-5-21-2748237790-4062106441-2341631246-500 - Administrator - Disabled)
Gast (S-1-5-21-2748237790-4062106441-2341631246-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2748237790-4062106441-2341631246-1002 - Limited - Enabled)
Michael (S-1-5-21-2748237790-4062106441-2341631246-1000 - Administrator - Enabled) => C:\Users\Michael
==================== Faulty Device Manager Devices =============
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: Photosmart B110 series
Description: Photosmart B110 series
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: AMD FX(tm)-4300 Quad-Core Processor
Percentage of memory in use: 29%
Total physical RAM: 3565.55 MB
Available physical RAM: 2519.61 MB
Total Pagefile: 7129.3 MB
Available Pagefile: 5902.53 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:861.86 GB) NTFS
Drive d: (Laufwerk 2) (Fixed) (Total:186.31 GB) (Free:100.26 GB) NTFS
Drive f: (Sicherung Windows) (Fixed) (Total:149.04 GB) (Free:60.73 GB) NTFS
Drive g: (DUDEN2014) (CDROM) (Total:0.78 GB) (Free:0 GB) UDF
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 186.3 GB) (Disk ID: 3E503E4F)
Partition 1: (Active) - (Size=186.3 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 6974C0E1)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 06B006AF)
Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Vielen Dank erst mal für die Hilfe.
Mir ist grad aufgefallen das beim Virenscan mit ESET:
C:\hiberfil.sys - Fehler beim Öffnen
C:\pagefile.sys - Fehler beim Öffnen
angezeigt wird. |
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
Emsisoft Emergency Kit herunter.
SecurityCheck und:
WARNUNG an die MITLESER: 