Wonderblade | 02.12.2014 21:01 | Alles klar. Tausend Dank schonmal für all die Hinweise.
Hier das mbam.txt: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 02.12.2014
Suchlauf-Zeit: 20:33:07
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.12.02.08
Rootkit Datenbank: v2014.12.02.02
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Martin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 381784
Verstrichene Zeit: 4 Min, 36 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 86
PUP.Optional.Delta.A, HKLM\SOFTWARE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [30e01a44cab29c9a9e03a6589270966a],
PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}, In Quarantäne, [30e01a44cab29c9a9e03a6589270966a],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\ScriptHost.Tool.1, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\ScriptHost.Tool, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ScriptHost.Tool, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ScriptHost.Tool.1, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\CLSID\{C9B4F046-2A8C-46BD-B1A1-CF0EAE5EA521}, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{B15BBE59-42F5-4206-B3F0-BE98F5DC4B93}, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\extension.ScriptHostObject, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\extension.ScriptHostObject.1, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\x64.ScriptHostObject, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\x64.ScriptHostObject.1, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\extension.ScriptHostObject, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\extension.ScriptHostObject.1, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\x64.ScriptHostObject, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\x64.ScriptHostObject.1, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Babylon.A, HKU\S-1-5-21-3424261335-3249725380-4104138646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [8a86a0beeb914fe72510596c24de1ee2],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [4ec249158bf17db9ebd5d9cb04008f71],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [a7695707daa2f73fa0ee481e7d861ae6],
PUP.Optional.DoSearches.A, HKLM\SOFTWARE\WOW6432NODE\dosearchesSoftware, In Quarantäne, [19f76cf2adcf280ede164656a95bc63a],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [bb559dc1df9d3501f1cf188c33d1946c],
PUP.Optional.DataMngr.A, HKU\S-1-5-21-3424261335-3249725380-4104138646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\DataMngr_Toolbar, In Quarantäne, [c34d3e202557ff3797737a1f8480867a],
PUP.Optional.Qone8, HKU\S-1-5-21-3424261335-3249725380-4104138646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [59b7a7b7453746f0c2fdb1f3f4104db3],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6C65F1F0-8088-414B-828C-813207ADE75A}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{31CA2193-C364-44A3-8D41-847FAB1975DF}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{93CF54F5-CFAA-4440-B588-8ED0DFAD5C21}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D3BC53E7-0437-4C97-90EE-2CD6FF47FB14}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{31CA2193-C364-44A3-8D41-847FAB1975DF}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\AddonsFramework.Navbar.1, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\AddonsFramework.Navbar, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddonsFramework.Navbar, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\AddonsFramework.Navbar.1, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\CLSID\{1917AB4C-E2E9-42ae-A51E-B5750F160BFB}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\RegistryHelper.RegistryHelperObject.1, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\RegistryHelper.RegistryHelperObject, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RegistryHelper.RegistryHelperObject, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\RegistryHelper.RegistryHelperObject.1, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{1917AB4C-E2E9-42AE-A51E-B5750F160BFB}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{A4341726-E922-47bb-86A6-23F4F4F67342}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\CLSID\{A4341726-E922-47BB-86A6-23F4F4F67342}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{567A1ED0-A437-401F-9D84-A2B19CD697B5}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E809EB5C-E1A2-4CD0-AF2B-705CB533F7B8}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B887CA3B-D82B-4A01-AD29-E97444D01CE6}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E809EB5C-E1A2-4CD0-AF2B-705CB533F7B8}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{567A1ED0-A437-401F-9D84-A2B19CD697B5}, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Freecorder extension x64, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{93B6FCF3-8A88-49A9-B6BF-9BBDAFBA5229}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{045F91B3-695F-423A-98C7-8DE3C47AA020}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{A1440EC3-F0FA-407A-B811-DE6668C06D29}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E4A994B0-5550-4680-A4C6-B9470B888069}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F9EB11AB-9384-4736-9B33-993940F88895}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{93B6FCF3-8A88-49A9-B6BF-9BBDAFBA5229}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{E1F9C9F5-F9AB-486B-B68B-5B2E1BA5C90B}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C815E3DA-0823-49B0-9270-D1771D58B317}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EE95078D-518C-4FD2-8093-FD1D4E33D3CA}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{E1F9C9F5-F9AB-486B-B68B-5B2E1BA5C90B}, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Freecorder extension, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\Freecorder extension for Firefox, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
Registrierungswerte: 0
(Keine schädliche Elemente erkannt)
Registrierungsdaten: 6
PUP.Optional.DoSearches, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621, Gut: (www.google.com), Schlecht: (hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621),Ersetzt,[a967104e3547b680982d2a336b9a9070]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[937d9dc1f686979f5ea0b2ab1ee76898]
PUP.Optional.DoSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621, Gut: (www.google.com), Schlecht: (hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621),Ersetzt,[e22e72ec106c39fd0db75b027590e31d]
PUP.Optional.DoSearches, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621, Gut: (www.google.com), Schlecht: (hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621),Ersetzt,[957b342a1666142271549bc29d68d32d]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a769a0bea2da90a600fe213c39cc956b]
PUP.Optional.DoSearches, HKU\S-1-5-21-3424261335-3249725380-4104138646-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621, Gut: (www.google.com), Schlecht: (hxxp://www.dosearches.com/?utm_source=b&utm_medium=adks&utm_campaign=rg&utm_content=hp&from=adks&uid=_XXXXXXXXXX&ts=1383849621),Ersetzt,[2ce4f36b89f3ad890fb489d41bea5ba5]
Ordner: 10
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\img, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
Dateien: 100
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ScriptHost.dll, In Quarantäne, [769a8cd2512b171fa1b7873f30d2827e],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\AddonsFramework.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\background.html, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\BackgroundHost.exe, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\BackgroundHostPS.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\BackgroundHostPS.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\ButtonSite.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\ButtonSite.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\config.xml, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\icon.ico, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\jquery-1.6.2.min.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\json2.min.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\RegistryHelper.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\RegistryHelper.dll, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\uninstall.exe, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\updater.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\updaterWrapper.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\img\fc7_toolbar_icon-128.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\img\fc7_toolbar_icon-16.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\img\fc7_toolbar_icon-18.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\img\fc7_toolbar_icon-48.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\js\bg.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\js\content.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\arrow-dn.gif, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\jquery-1.7.2.min.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\popup.html, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\popup.js, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\style.css, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\clipper.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\convert.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\help.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\lock.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\logo-24.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\logo.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\mp3_editor.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\music.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\play-flv.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\play.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\radio.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\screen.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\search.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\triangle-1-s.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\tv.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\upgrade.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\upgrade2.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\vid-history.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\video-history.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\video.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\video_encryptor.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\vpl.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\youtube-square.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files\Freecorder extension x64\popup\images\youtube.png, In Quarantäne, [78982a347efed85e56dddb474fb4d729],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\AddonsFramework.dll, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\background.html, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\BackgroundHost.exe, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\config.xml, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\icon.ico, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\jquery-1.6.2.min.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\json2.min.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\PropertySync.exe, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\PropertySyncPS.dll, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\uninstall.exe, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\UninstallFirefoxToolbar.exe, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\updater.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\updaterWrapper.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-128.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-16.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-18.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\img\fc7_toolbar_icon-48.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js\bg.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\js\content.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\arrow-dn.gif, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\jquery-1.7.2.min.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\popup.html, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\popup.js, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\style.css, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\clipper.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\convert.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\help.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\lock.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\logo-24.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\logo.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\mp3_editor.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\music.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\play-flv.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\play.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\radio.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\screen.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\search.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\triangle-1-s.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\tv.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\upgrade.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\upgrade2.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\vid-history.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\video-history.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\video.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\video_encryptor.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\vpl.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\youtube-square.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
PUP.Optional.Freecorder.A, C:\Program Files (x86)\Freecorder extension\popup\images\youtube.png, In Quarantäne, [40d05e008def0b2b37fc7ca60af9a35d],
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end) Und hier der AdWareCleaner: Code:
# AdwCleaner v4.103 - Bericht erstellt am 02/12/2014 um 20:47:02
# Aktualisiert 01/12/2014 von Xplode
# Database : 2014-12-02.2 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Martin - MOONGARDEN
# Gestartet von : C:\Users\Martin\Desktop\AdwCleaner_4.103.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\Martin\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\Martin\AppData\Roaming\Babylon
Datei Gelöscht : C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\foxydeal.sqlite
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Martin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\RegistryHelper.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\BackgroundHost.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\ee8c88b53bbd47
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{544C2426-48FD-4C40-AE3B-31257FF334D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AFB904C4-C255-4540-B97E-A75A34F1FFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{DCA1528D-A3C0-4A9F-AA6E-DCE643F91495}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6636BF70-7702-4EF9-8004-FFE4E002FF80}
Schlüssel Gelöscht : HKCU\Software\BI
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\delta-search.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dosearches.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\v9.com
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v34.0 (x86 de)
[sk0nys8h.default-1383922477412\prefs.js] - Zeile gelöscht : user_pref("extensions.aniweather.timeShifted", 1385350);
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [4655 octets] - [02/12/2014 20:45:29]
AdwCleaner[S0].txt - [4340 octets] - [02/12/2014 20:47:02]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4400 octets] ########## Und das Junkware Removal Tool: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 7 Home Premium x64
Ran by Martin on 02.12.2014 at 20:55:13,43
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\freerip"
Successfully deleted: [Folder] "C:\Program Files (x86)\freerip"
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{0BD89E9B-902E-4799-8D2A-AFE1369044AE}
Successfully deleted: [Empty Folder] C:\Users\Martin\appdata\local\{3DC2CF00-75BF-4D20-A2E0-4F0F75669002}
~~~ FireFox
Emptied folder: C:\Users\Martin\AppData\Roaming\mozilla\firefox\profiles\sk0nys8h.default-1383922477412\minidumps [38 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 02.12.2014 at 20:57:35,18
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Und ein frisches FRST. Vielen Dank!
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2014
Ran by Martin (administrator) on MOONGARDEN on 02-12-2014 21:00:02
Running from C:\Users\Martin\Desktop
Loaded Profile: Martin (Available profiles: UpdatusUser & Martin)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(hxxp://kay-bruns.de) C:\Windows\SuRun32.bin
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(SanDisk Corporation) C:\Users\Martin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\S-Bar\MSIService.exe
() C:\Users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe
(MSI) C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
() C:\Program Files (x86)\Launchy\Launchy.exe
(Micro-Star International Co.,Ltd.) C:\Program Files (x86)\S-Bar\S-Bar.exe
() C:\Program Files (x86)\SlySoft\AnyDVD\ADvdDiscHlp64.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe
(Micro-Star International Co., Ltd.) C:\Program Files (x86)\MSI\KLM\KLM.exe
() C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2328360 2010-09-16] (Synaptics Incorporated)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [THXCfg64] => C:\windows\system32\RunDLL32.exe C:\windows\system32\THXCfg64.dll,RunDLLEntry THXCfg64
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12445288 2012-01-10] (Realtek Semiconductor)
HKLM\...\Run: [SuRun Systemmenü-Erweiterung] => C:\windows\SuRun.exe [727552 2014-02-12] (hxxp://kay-bruns.de)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-04] (Intel Corporation)
HKLM-x32\...\Run: [S-Bar] => C:\Program Files (x86)\S-Bar\S-Bar.exe [5499392 2011-11-03] (Micro-Star International Co.,Ltd.)
HKLM-x32\...\Run: [Super-Charger] => C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [502288 2012-01-03] (MSI)
HKLM-x32\...\Run: [KLM] => C:\Program Files (x86)\MSI\KLM\KLM.exe [1522376 2011-12-19] (Micro-Star International Co., Ltd.)
HKLM-x32\...\Run: [VGAOCAP] => C:\Program Files (x86)\MSI\MSI VGA Overclock Tool\VGAOCAP.exe [88576 2012-01-31] ()
HKLM-x32\...\Run: [THX Audio Control Panel] => C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe [1517056 2011-08-30] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488 2011-10-13] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe [230696 2011-10-13] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [126200 2014-11-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672384 2012-04-11] (DT Soft Ltd)
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\...\Run: [AnyDVD] => C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe [4455360 2013-04-20] (SlySoft, Inc.)
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\...\Run: [SansaDispatch] => C:\Users\Martin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2014-06-14] (SanDisk Corporation)
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\...\Run: [Amazon Music] => C:\Users\Martin\AppData\Local\Amazon Music\Amazon Music Helper.exe [6281024 2014-10-15] ()
AppInit_DLLs: C:\Windows\System32\nvinitx.dll => C:\Windows\System32\nvinitx.dll [260928 2012-03-18] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\Windows\SysWOW64\nvinit.dll => c:\Windows\SysWOW64\nvinit.dll [215360 2012-03-18] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Qualcomm Atheros Killer Network Manager.lnk
ShortcutTarget: Qualcomm Atheros Killer Network Manager.lnk -> C:\Program Files\Qualcomm Atheros\Killer Network Manager\KillerNetManager.exe ()
Startup: C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Launchy.lnk
ShortcutTarget: Launchy.lnk -> C:\Program Files (x86)\Launchy\Launchy.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = www.google.com
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {59C50C3A-68BD-4654-8C44-FAEE436CABAC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {59C50C3A-68BD-4654-8C44-FAEE436CABAC} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAM3&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3424261335-3249725380-4104138646-1001 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKU\S-1-5-21-3424261335-3249725380-4104138646-1001 -> {59C50C3A-68BD-4654-8C44-FAEE436CABAC} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: SuRun Shell Extension - {2C7B6088-5A77-4d48-BE43-30337DCA9A86} - C:\Windows\SuRunExt.dll [189952 2014-02-12] (hxxp://kay-bruns.de)
Winsock: Catalog9 01 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 02 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 03 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 04 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9 16 C:\windows\SysWOW64\BfLLR.dll [183808] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 01 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 02 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 03 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 04 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Winsock: Catalog9-x64 16 %SYSTEMROOT%\system32\BfLLR.dll [200704] (Bigfoot Networks, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412
FF SelectedSearchEngine: Google
FF Homepage: www.freitag.de
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*'))%20%7B%20return%20'PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\searchplugins\google-images.xml
FF SearchPlugin: C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\searchplugins\google-maps.xml
FF Extension: Papyrus Autor Recherche - C:\Users\Martin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\{de54d057-a919-42bd-bd12-402c0de91fc9}.xpi [2014-09-13]
FF Extension: YouTube Unblocker - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\youtubeunblocker@unblocker.yt [2014-11-05]
FF Extension: Forecastfox - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2013-11-08]
FF Extension: DownloadHelper - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: No Name - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\amznUWL2@amazon.com.xpi [2013-11-22]
FF Extension: ProxTube - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\ich@maltegoetz.de.xpi [2014-09-11]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-11-08]
FF Extension: Personas Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\personas@christopher.beard.xpi [2013-11-08]
FF Extension: FlashGot - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2013-11-13]
FF Extension: {2c5f8b93-e2e7-4098-8ac8-093e2bbf3213} - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\{2c5f8b93-e2e7-4098-8ac8-093e2bbf3213}.xpi [2014-11-29]
FF Extension: AniWeather - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\{4176DFF4-4698-11DE-BEEB-45DA55D89593}.xpi [2014-05-11]
FF Extension: Adblock Plus - C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\sk0nys8h.default-1383922477412\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-11-08]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012-12-11]
FF HKU\S-1-5-21-3424261335-3249725380-4104138646-1001\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
Chrome:
=======
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [166192 2014-11-20] (Avira Operations GmbH & Co. KG)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-05-04] (mobile concepts GmbH)
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2010-10-22] (Hewlett-Packard Co.) [File not signed]
R2 Micro Star SCM; C:\Program Files (x86)\S-Bar\MSIService.exe [160768 2011-11-03] (Micro-Star International Co., Ltd.) [File not signed]
R2 MSI Foundation Service; C:\Program Files (x86)\MSI\MSI HOUSE\MSIFoundationService.exe [12800 2010-07-17] (MSI) [File not signed]
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [138768 2012-01-03] (MSI)
R2 Net Driver HPZ12; C:\windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 Qualcomm Atheros Killer Service; C:\Program Files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [492032 2012-03-08] () [File not signed]
R2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 SuRunSVC; C:\windows\SuRun.exe [727552 2014-02-12] (hxxp://kay-bruns.de) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [125888 2010-07-22] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [125888 2010-07-22] (SlySoft, Inc.)
S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-10-23] (Avira Operations GmbH & Co. KG)
R1 BfLwf; C:\Windows\System32\DRIVERS\bflwfx64.sys [75880 2012-03-08] (Bigfoot Networks, Inc.)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2012-08-08] (DT Soft Ltd)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 ipadtst; C:\Program Files (x86)\MSI\Super-Charger\ipadtst_64.sys [17936 2011-12-12] (Windows (R) Win 7 DDK provider)
R3 L1C; C:\Windows\System32\DRIVERS\e22w7x64.sys [161616 2012-03-08] (Qualcomm Atheros, Inc.)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [14136 2010-01-18] (MSI)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 MGHwCtrl; \??\C:\Program Files\MSI\MSI Software Install\MGHwCtrl.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 20:59 - 2014-12-02 20:59 - 00000000 ____D () C:\Users\Martin\Desktop\FRST-OlderVersion
2014-12-02 20:57 - 2014-12-02 20:57 - 00001111 _____ () C:\Users\Martin\Desktop\JRT.txt
2014-12-02 20:55 - 2014-12-02 20:55 - 00000000 ____D () C:\windows\ERUNT
2014-12-02 20:54 - 2014-12-02 20:54 - 01707646 _____ (Thisisu) C:\Users\Martin\Desktop\JRT.exe
2014-12-02 20:45 - 2014-12-02 20:47 - 00000000 ____D () C:\AdwCleaner
2014-12-02 20:44 - 2014-12-02 20:44 - 02154496 _____ () C:\Users\Martin\Desktop\AdwCleaner_4.103.exe
2014-12-02 20:42 - 2014-12-02 20:42 - 00032609 _____ () C:\Users\Martin\Desktop\mbam.txt
2014-12-02 20:31 - 2014-12-02 20:41 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-02 20:31 - 2014-12-02 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-02 20:31 - 2014-12-02 20:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-02 20:31 - 2014-12-02 20:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-02 20:31 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-02 20:31 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-02 20:31 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-02 20:28 - 2014-12-02 20:29 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Martin\Downloads\mbam-setup-2.0.3.1025.exe
2014-12-02 08:31 - 2014-12-02 08:29 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avnetflt.sys
2014-12-02 08:29 - 2014-12-02 08:29 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\Avira
2014-12-02 08:27 - 2014-10-23 14:02 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avipbb.sys
2014-12-02 08:27 - 2014-10-23 14:02 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avkmgr.sys
2014-12-02 08:27 - 2014-10-23 14:01 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\windows\system32\Drivers\avgntflt.sys
2014-12-02 08:22 - 2014-12-02 08:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-12-02 08:22 - 2014-12-02 08:27 - 00000000 ____D () C:\ProgramData\Avira
2014-12-02 08:22 - 2014-12-02 08:27 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-12-02 08:22 - 2014-12-02 08:22 - 04549888 _____ (Avira Operations & Co. KG) C:\Users\Martin\Downloads\avira_de_av___ws.exe
2014-12-02 08:22 - 2014-12-02 08:22 - 00001147 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-12-02 08:22 - 2014-12-02 08:22 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-02 03:50 - 2014-12-02 03:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-01 21:03 - 2014-12-01 21:03 - 00026903 _____ () C:\ComboFix.txt
2014-12-01 20:55 - 2014-12-01 21:03 - 00000000 ____D () C:\Qoobox
2014-12-01 20:55 - 2014-12-01 21:02 - 00000000 ____D () C:\windows\erdnt
2014-12-01 20:55 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-01 20:55 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-01 20:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-01 20:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-01 20:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-01 20:55 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-01 20:55 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-01 20:55 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-01 20:52 - 2014-12-01 20:52 - 05600374 ____R (Swearware) C:\Users\Martin\Desktop\ComboFix.exe
2014-12-01 20:51 - 2014-12-01 20:51 - 05600374 _____ (Swearware) C:\Users\Martin\Downloads\ComboFix.exe
2014-12-01 20:47 - 2014-12-01 20:47 - 00001278 _____ () C:\Users\Martin\Desktop\Revo Uninstaller.lnk
2014-12-01 20:47 - 2014-12-01 20:47 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-12-01 20:46 - 2014-12-01 20:47 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Martin\Downloads\revosetup95.exe
2014-11-30 17:14 - 2014-11-30 17:14 - 00083472 _____ () C:\Users\Martin\Desktop\Addition.txt
2014-11-30 17:13 - 2014-12-02 21:00 - 00026429 _____ () C:\Users\Martin\Desktop\FRST.txt
2014-11-30 17:13 - 2014-12-02 21:00 - 00000000 ____D () C:\FRST
2014-11-30 17:12 - 2014-12-02 20:59 - 02117120 _____ (Farbar) C:\Users\Martin\Desktop\FRST64.exe
2014-11-30 11:10 - 2014-11-30 11:11 - 04583464 _____ (Avira Operations GmbH & Co. KG) C:\Users\Martin\Downloads\avira_de_av_5681627194__ws.exe
2014-11-26 19:38 - 2014-11-26 19:38 - 00003629 _____ () C:\Users\Martin\AppData\Local\recently-used.xbel
2014-11-19 08:07 - 2014-11-11 04:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-11-19 08:07 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-11-19 08:07 - 2014-11-11 03:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-11-19 08:07 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-11-12 06:29 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-11-12 06:29 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-11-12 06:29 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-11-12 06:29 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-11-12 06:29 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-11-12 06:29 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-11-12 06:29 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-11-12 06:29 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-11-12 06:29 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-11-12 06:29 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-11-12 06:29 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-11-12 06:29 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-11-12 06:29 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-11-12 06:29 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-11-12 06:29 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-11-12 06:29 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-11-12 06:29 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-11-12 06:29 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-11-12 06:29 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-11-12 06:29 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-11-12 06:29 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-11-12 06:29 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-11-12 06:29 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-11-12 06:29 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-11-12 06:29 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-11-12 06:29 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 06:29 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-11-12 06:29 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-11-12 06:29 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-11-12 06:29 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-11-12 06:29 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-11-12 06:29 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-11-12 06:29 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-11-12 06:29 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-11-12 06:29 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-11-12 06:29 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-11-12 06:29 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 06:29 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-11-12 06:29 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-11-12 06:29 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-11-12 06:29 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-11-12 06:29 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-11-12 06:29 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-11-12 06:29 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-11-12 06:29 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-11-12 06:29 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-11-12 06:29 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-11-12 06:29 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-11-12 06:29 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-11-12 06:29 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-11-12 06:29 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-11-12 06:29 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-11-12 06:29 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-11-12 06:29 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-11-12 06:29 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-11-12 06:29 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-11-12 06:29 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-11-12 06:29 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-11-12 06:29 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-11-12 06:29 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-11-12 06:29 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-11-12 06:29 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-11-12 06:29 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-11-12 06:29 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-11-12 06:29 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-11-12 06:26 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-11-12 06:26 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-11-12 06:26 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-11-12 06:26 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-11-12 06:26 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-11-12 06:26 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-11-12 06:26 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-11-12 06:26 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-11-12 06:26 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-11-12 06:26 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-11-12 06:26 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-11-12 06:26 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-11-12 06:26 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-11-12 06:26 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-11-12 06:26 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-11-12 06:26 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-11-12 06:26 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-11-12 06:26 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-11-12 06:26 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-11-12 06:26 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-11-12 06:26 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-11-12 06:26 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-11-12 06:26 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-11-12 06:26 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-11-12 06:26 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-11-12 06:26 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-11-12 06:26 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-11-12 06:26 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-11-12 06:25 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-11-12 06:25 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-11-12 06:25 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-11-12 06:25 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-11-12 06:25 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-12-02 20:55 - 2009-07-14 05:45 - 00024656 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-02 20:55 - 2009-07-14 05:45 - 00024656 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-02 20:53 - 2012-04-26 02:50 - 00700134 _____ () C:\windows\system32\perfh007.dat
2014-12-02 20:53 - 2012-04-26 02:50 - 00149984 _____ () C:\windows\system32\perfc007.dat
2014-12-02 20:53 - 2009-07-14 06:13 - 01622300 _____ () C:\windows\system32\PerfStringBackup.INI
2014-12-02 20:48 - 2012-07-22 15:03 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-02 20:48 - 2012-04-26 04:59 - 00000000 ____D () C:\ProgramData\Bigfoot Networks
2014-12-02 20:48 - 2010-11-21 04:47 - 00586700 _____ () C:\windows\PFRO.log
2014-12-02 20:48 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-02 20:48 - 2009-07-14 05:51 - 00148909 _____ () C:\windows\setupact.log
2014-12-02 20:47 - 2012-07-22 15:03 - 00001075 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-02 20:47 - 2012-07-22 14:40 - 00001007 _____ () C:\Users\Martin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-02 20:47 - 2012-07-22 14:30 - 01066863 _____ () C:\windows\WindowsUpdate.log
2014-12-02 20:24 - 2012-07-23 11:54 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\vlc
2014-12-02 20:03 - 2012-07-22 15:15 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-02 14:18 - 2012-08-15 16:32 - 00000000 ____D () C:\Users\Martin\AppData\Roaming\dvdcss
2014-12-01 21:03 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-12-01 21:01 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-11-29 08:21 - 2012-07-22 15:43 - 00000000 ____D () C:\Program Files (x86)\JDownloader 2
2014-11-28 16:29 - 2012-08-20 02:46 - 00000000 ____D () C:\ProgramData\DVD Shrink
2014-11-28 16:15 - 2013-03-29 12:45 - 00000000 ____D () C:\Users\Martin\Documents\Fantasy-Roman
2014-11-26 19:40 - 2012-08-13 19:12 - 00000000 ____D () C:\Users\Martin\.gimp-2.8
2014-11-26 16:03 - 2012-07-22 16:03 - 04443312 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerInstaller.exe
2014-11-26 16:03 - 2012-07-22 15:15 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 16:03 - 2012-07-22 15:15 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 16:03 - 2012-04-26 06:06 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 21:38 - 2012-08-30 04:43 - 00000000 ____D () C:\Users\Martin\Documents\Politik-Wirtschaft
2014-11-25 15:02 - 2012-08-29 04:38 - 00000000 ____D () C:\Users\Martin\Documents\Schule
2014-11-19 09:01 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\rescache
2014-11-18 20:59 - 2009-07-14 04:20 - 00000000 ____D () C:\windows\system32\NDF
2014-11-12 14:02 - 2009-07-14 05:45 - 00335032 _____ () C:\windows\system32\FNTCACHE.DAT
2014-11-12 07:26 - 2013-08-06 23:39 - 00000000 ____D () C:\windows\system32\MRT
2014-11-12 07:25 - 2012-09-16 14:59 - 103374192 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-11-04 14:30 - 2010-11-21 04:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-11-04 00:30 - 2014-09-01 10:59 - 00000000 ____D () C:\Users\Martin\AppData\Local\Adobe
2014-11-02 18:15 - 2009-07-14 06:08 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
Some content of TEMP:
====================
C:\Users\Martin\AppData\Local\temp\avgnt.exe
C:\Users\Martin\AppData\Local\temp\Quarantine.exe
C:\Users\Martin\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-25 09:42
==================== End Of Log ============================ --- --- ---
--- --- --- |