Malewarbytes Anti Maleware: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 18.01.2015
Scan Time: 21:42:56
Logfile: Malewarebyte log.txt
Administrator: Yes
Version: 2.00.4.1028
Malware Database: v2015.01.18.08
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: MiraFelix
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 361667
Time Elapsed: 27 min, 40 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 9
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4456, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5176, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 3472, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5260, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5472, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 4656, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 1232, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, 5888, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, 1892, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41]
Modules: 9
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
Registry Keys: 21
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [d30d7b7d8bfea98da80422cacf3343bd],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, Quarantined, [d30d7b7d8bfea98da80422cacf3343bd],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{68B81CCD-A80C-4060-8947-5AE69ED01199}, Quarantined, [934d23d5dfaa87af88a8d84ee12239c7],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E6B969FB-6D33-48d2-9061-8BBD4899EB08}, Quarantined, [8858af49fd8c76c0bb76899d4cb7e31d],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [0bd5a850a6e320167ddea14e8280669a],
PUP.Optional.CompatibilityVerifier.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Verifies and fixes application compatibility issues, Quarantined, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\Iminent, Quarantined, [c11f9167f8911422c2a0fdbbfc076799],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, Quarantined, [479902f6f990a294075a633139ca8779],
PUP.Optional.SupraSavings, HKLM\SOFTWARE\suprasavings, Quarantined, [9050ae4a2366d462ae55bfcf1ee524dc],
PUP.Optional.Iminent.A, HKLM\SOFTWARE\CLASSES\Iminent, Quarantined, [7c6448b0addc0135f370588ad72d59a7],
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun32, Quarantined, [68781cdc1079d066bdfbeababc478878],
PUP.Optional.Softonic.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Softonic, Quarantined, [b03027d11e6bd95d30c76e088f74d927],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Iminent, Quarantined, [e9f7b0484a3f979f3c2737819271e719],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\IminentToolbar, Quarantined, [568a24d45f2a81b5e36e39803ec54cb4],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, Quarantined, [4a968177cbbe2c0a349242676d96f10f],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, Quarantined, [7967ea0e4742251151a5861e9073bd43],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, Quarantined, [ad33ec0cec9d66d002d035731de623dd],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, Quarantined, [865af0087514d561bf088b1ebc47de22],
PUP.Optional.Iminent.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOWREGISTRY\Iminent, Quarantined, [cd13e01890f961d54c1edac9e71c4bb5],
PUP.Optional.AdvancedSystemProtector.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\Advanced System Protector, Quarantined, [548c04f487023afc28d4256224dfe31d],
PUP.Optional.SystemSpeedup, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SYSTWEAK\ssd, Quarantined, [5a8691672b5e3006940ce9a923e0ea16],
Registry Values: 0
(No malicious items detected)
Registry Data: 1
PUP.Optional.Iminent.A, HKU\S-1-5-21-4028427240-2599992530-1488207558-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://start.iminent.com/?appId=29FC6E9A-9609-4E8B-8806-681BFE04E4E8, Good: (www.Google.com), Bad: (hxxp://start.iminent.com/?appId=29FC6E9A-9609-4E8B-8806-681BFE04E4E8),Replaced,[f2ee0eea6d1c21157f5eb7e38580ff01]
Folders: 18
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\locales, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.AdPeak.A, C:\temp, Quarantined, [5c8444b41772a3933f601584917223dd],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\claudia\AppData\Roaming\SpeedTestAnalysis, Quarantined, [aa3662960b7efb3b9087edc851b2926e],
PUP.Optional.Iminent.A, C:\Program Files\IminentToolbar, Quarantined, [1dc3ce2a4544a5912faf54e5d33043bd],
PUP.Optional.OpenCandy, C:\Users\claudia\AppData\Roaming\OpenCandy, Quarantined, [21bfd622aedb360018cd1a1fed1633cd],
PUP.Optional.OpenCandy, C:\Users\claudia\AppData\Roaming\OpenCandy\FBF3FE5D49C94B079C1523BCD4BAA530, Quarantined, [21bfd622aedb360018cd1a1fed1633cd],
PUP.Optional.NextLive.A, C:\Users\claudia\AppData\Roaming\newnext.me, Quarantined, [1dc3896fdcadec4a4936ef4cb350a957],
PUP.Optional.NextLive.A, C:\Users\claudia\AppData\Roaming\newnext.me\cache, Quarantined, [1dc3896fdcadec4a4936ef4cb350a957],
PUP.Optional.NextLive.A, C:\Users\MiraFelix\AppData\Roaming\newnext.me, Quarantined, [40a0b1473c4d6ec8ef9050eb7291d52b],
PUP.Optional.NextLive.A, C:\Users\MiraFelix\AppData\Roaming\newnext.me\cache, Quarantined, [40a0b1473c4d6ec8ef9050eb7291d52b],
PUP.Optional.SystemSpeedup, C:\Users\MiraFelix\AppData\Roaming\systweak\ssd, Quarantined, [06dae6126623dd593117f55d45becd33],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\Backup, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\Logs, Quarantined, [31af9761d3b64cead9143725679caa56],
Files: 48
PUP.Optional.AdPeak.A, C:\temp\InstallFilter32.msi, Quarantined, [c41c08f07b0e85b1bc1cdf5e50b056aa],
PUP.Optional.AdPeak.A, C:\Windows\System32\SecureAssist.dll, Quarantined, [2bb517e1f495ca6c5a7e88b57789aa56],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef.pak, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\debug.log, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\icudtl.dat, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libEGL.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Delete-on-Reboot, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\Default\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [eef2698f3455eb4bd6ca8ee410f3bf41],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\cef.pak, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\cef_100_percent.pak, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\cef_200_percent.pak, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\compatibilitycheck.exe, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\compatibilitychecksvc.exe, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\d3dcompiler_46.dll, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\debug.log, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\ffmpegsumo.dll, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\icudtl.dat, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\libEGL.dll, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\libGLESv2.dll, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\NPSWF32_15_0_0_189.dll, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.CompatibilityVerifier.A, C:\Users\MiraFelix\AppData\Roaming\Compatibility Verifier\vcredist_x86.exe, Quarantined, [1cc4ca2eb9d06cca3e626e044ab918e8],
PUP.Optional.AdPeak.A, C:\temp\lsp2.log, Quarantined, [5c8444b41772a3933f601584917223dd],
PUP.Optional.AdPeak.A, C:\temp\devcon.exe, Quarantined, [5c8444b41772a3933f601584917223dd],
PUP.Optional.AdPeak.A, C:\temp\t.txt, Quarantined, [5c8444b41772a3933f601584917223dd],
PUP.Optional.Iminent.A, C:\Users\claudia\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage, Quarantined, [be221bdd4148c076630e455cae55f60a],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\claudia\AppData\Roaming\SpeedTestAnalysis\speedtestanalysis.crx, Quarantined, [aa3662960b7efb3b9087edc851b2926e],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\claudia\AppData\Roaming\SpeedTestAnalysis\DeskTopIcon.ico, Quarantined, [aa3662960b7efb3b9087edc851b2926e],
PUP.Optional.SpeedTestAnalysis.A, C:\Users\claudia\AppData\Roaming\SpeedTestAnalysis\install_helper.exe, Quarantined, [aa3662960b7efb3b9087edc851b2926e],
PUP.Optional.OpenCandy, C:\Users\claudia\AppData\Roaming\OpenCandy\FBF3FE5D49C94B079C1523BCD4BAA530\TuneUpUtilities2014_de-DE.exe, Quarantined, [21bfd622aedb360018cd1a1fed1633cd],
PUP.Optional.NextLive.A, C:\Users\claudia\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [1dc3896fdcadec4a4936ef4cb350a957],
PUP.Optional.NextLive.A, C:\Users\claudia\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [1dc3896fdcadec4a4936ef4cb350a957],
PUP.Optional.NextLive.A, C:\Users\MiraFelix\AppData\Roaming\newnext.me\nengine.cookie, Quarantined, [40a0b1473c4d6ec8ef9050eb7291d52b],
PUP.Optional.NextLive.A, C:\Users\MiraFelix\AppData\Roaming\newnext.me\cache\spark.bin, Quarantined, [40a0b1473c4d6ec8ef9050eb7291d52b],
PUP.Optional.SystemSpeedup, C:\Users\MiraFelix\AppData\Roaming\systweak\ssd\SSDPTstub.exe, Quarantined, [06dae6126623dd593117f55d45becd33],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\QDetail.db, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\Settings.db, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\Update.ini, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\2.1.1000.12580\ASPLog.txt, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\Logs\log_16-04-14_08-03-40.xml, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.AdvancedSystemProtector.A, C:\Users\MiraFelix\AppData\Roaming\systweak\Advanced System Protector\Logs\SMLog.xml, Quarantined, [31af9761d3b64cead9143725679caa56],
PUP.Optional.Iminent.A, C:\Users\MiraFelix\AppData\Roaming\Mozilla\Firefox\Profiles\wqo9mthh.default\user.js, Good: (), Bad: (user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");), Replaced,[766a6e8a89005adcc75deaebf312da26]
Physical Sectors: 0
(No malicious items detected)
(end) Adw Cleaner Code:
# AdwCleaner v4.108 - Bericht erstellt am 18/01/2015 um 22:32:53
# Aktualisiert 17/01/2015 von Xplode
# Database : 2015-01-18.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzername : MiraFelix - CLAUDIA-PC
# Gestartet von : C:\Users\MiraFelix\Desktop\AdwCleaner_4.108.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Windows\system32\SearchProtect
Ordner Gelöscht : C:\Users\claudia\AppData\Local\genienext
Ordner Gelöscht : C:\Users\claudia\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\claudia\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\MiraFelix\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\MiraFelix\AppData\Local\genienext
Ordner Gelöscht : C:\Users\MiraFelix\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\MiraFelix\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\MiraFelix\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie
Datei Gelöscht : C:\Users\claudia\AppData\Roaming\Mozilla\Firefox\Profiles\05bvl33j.default\Extensions\speedtestanalysis@SpeedAnalysis.com.xpi
Datei Gelöscht : C:\Windows\system32\roboot.exe
Datei Gelöscht : C:\Users\claudia\daemonprocess.txt
Datei Gelöscht : C:\Users\MiraFelix\daemonprocess.txt
Datei Gelöscht : C:\Users\MiraFelix\Desktop\Youtube.lnk
Datei Gelöscht : C:\Users\MiraFelix\AppData\Roaming\Mozilla\Firefox\Profiles\wqo9mthh.default\user.js
***** [ Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C1F5E799-B218-4C32-B189-3C389BA140BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F60C9408-3110-4C98-A139-ABE1EE1111DD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\System Speedup
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\SOFTWARE\systweak
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0 (x86 de)
[05bvl33j.default\prefs.js] - Zeile gelöscht : user_pref("iminent.adapters", "{\"www.hunde-und-mehr.net\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":2,\"AdapterKey\":\"default_adapter\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\[...]
[05bvl33j.default\prefs.js] - Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.admin", false);
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.aflt", "orgnl");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.appId", "{0E4B2CAB-B859-4C57-B96E-63DDEC692BC4}");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.autoRvrt", "false");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.dfltLng", "");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.excTlbr", false);
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.ffxUnstlRst", false);
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.id", "526688a5000000000000001e65e85e56");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.instlDay", "16176");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.instlRef", "");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.newTab", false);
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.prdct", "iminent");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.prtnrId", "iminent");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.rvrt", "false");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.smplGrp", "none");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.tlbrId", "YBCPCSTIPO");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.tlbrSrchUrl", "hxxp://start.iminent.com/?ref=toolbarm#q=");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.vrsn", "1.8.28.3");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.vrsnTs", "1.8.28.319:43:47");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("extensions.iminent.vrsni", "1.8.28.3");
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("iminent.adapters", "{\"start.iminent.com\":{\"CountryCode\":\"DE\",\"NoAds\":false,\"Status\":1,\"AdapterKey\":\"iminent\",\"v\":true,\"p\":0,\"t\":1,\"th\":0.228,\"expireTime\":\"139767030[...]
[wqo9mthh.default\prefs.js] - Zeile gelöscht : user_pref("iminent.externalScripts", "{\"value\":[{\"addonUid\":\"10bb6277-6b2b-413e-8d82-ad9398543254\",\"name\":\"Dealply\",\"addonId\":1,\"url\":\"//i.iminentjs.info/imitin/javascript.js\",\"queryS[...]
*************************
AdwCleaner[R0].txt - [6419 octets] - [18/01/2015 22:26:07]
AdwCleaner[S0].txt - [6556 octets] - [18/01/2015 22:32:53]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6616 octets] ########## Junkware Removal Tool Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Professional x86
Ran by MiraFelix on 18.01.2015 at 22:38:52,55
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Windows\system32\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\MiraFelix\AppData\Roaming\mozilla\firefox\profiles\wqo9mthh.default\minidumps [165 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.01.2015 at 22:41:45,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Log
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-01-2015 01
Ran by MiraFelix (administrator) on CLAUDIA-PC on 18-01-2015 22:43:48
Running from C:\Users\MiraFelix\Desktop
Loaded Profiles: MiraFelix (Available profiles: claudia & MiraFelix)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Kaspersky Lab ZAO) C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Realtek Semiconductor Corp.) C:\Users\MiraFelix\AppData\Local\temp\RtkBtMnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
() C:\Program Files\Canon\ImageBrowser EX\MFManager.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Thisisu) C:\Users\MiraFelix\Desktop\JRT.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7625248 2009-07-23] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM\...\Run: [LogMeIn Hamachi Ui] => C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [3835728 2014-12-01] (LogMeIn Inc.)
HKU\S-1-5-21-4028427240-2599992530-1488207558-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [5489944 2014-12-12] (Piriform Ltd)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-06-06] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files\Canon\ImageBrowser EX\MFManager.exe ()
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-4028427240-2599992530-1488207558-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-4028427240-2599992530-1488207558-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF ProfilePath: C:\Users\MiraFelix\AppData\Roaming\Mozilla\Firefox\Profiles\wqo9mthh.default
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&dt=071113&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_16_0_0_257.dll ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4028427240-2599992530-1488207558-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\MiraFelix\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Extension: ZIP File Helper Light - C:\Users\MiraFelix\AppData\Roaming\Mozilla\Firefox\Profiles\wqo9mthh.default\Extensions\{a865262e-2c66-486a-b678-06f6803f5633}.xpi [2013-11-07]
FF Extension: {d0269225-21a6-46cc-99f1-2ca325a5b005} - C:\Users\MiraFelix\AppData\Roaming\Mozilla\Firefox\Profiles\wqo9mthh.default\Extensions\{d0269225-21a6-46cc-99f1-2ca325a5b005}.xpi [2013-11-01]
FF Extension: Adblock Plus - C:\Users\MiraFelix\AppData\Roaming\Mozilla\Firefox\Profiles\wqo9mthh.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-09]
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Модуль перевірки посилань - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2013-11-20]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-11-20]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2013-11-20]
FF HKLM\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2013-11-20]
FF HKLM\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2013-11-20]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [Not Found]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 Origin Client Service; C:\Program Files\Origin\OriginClientService.exe [1903472 2014-12-26] (Electronic Arts)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ACEDRV09; C:\Windows\system32\drivers\ACEDRV09.sys [110304 2014-11-15] (Protect Software GmbH)
R3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-20] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-17] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
S0 sfdrv01; C:\Windows\System32\drivers\sfdrv01.sys [48640 2005-04-04] (Protection Technology) [File not signed]
R0 sfhlp02; C:\Windows\System32\drivers\sfhlp02.sys [6656 2005-02-23] (Protection Technology) [File not signed]
S0 sfsync02; C:\Windows\System32\drivers\sfsync02.sys [19968 2005-04-14] (Protection Technology) [File not signed]
S3 catchme; \??\C:\Users\MIRAFE~1\AppData\Local\Temp\catchme.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 22:43 - 2015-01-18 22:43 - 00000000 ____D () C:\Users\MiraFelix\Desktop\FRST-OlderVersion
2015-01-18 22:41 - 2015-01-18 22:41 - 00000836 _____ () C:\Users\MiraFelix\Desktop\JRT.txt
2015-01-18 22:38 - 2015-01-18 22:38 - 00000000 ____D () C:\Windows\ERUNT
2015-01-18 22:37 - 2015-01-18 22:37 - 01707939 _____ (Thisisu) C:\Users\MiraFelix\Desktop\JRT.exe
2015-01-18 22:25 - 2015-01-18 22:33 - 00000000 ____D () C:\AdwCleaner
2015-01-18 21:43 - 2015-01-18 21:43 - 02186752 _____ () C:\Users\MiraFelix\Desktop\AdwCleaner_4.108.exe
2015-01-18 18:05 - 2015-01-18 18:05 - 00019200 _____ () C:\ComboFix.txt
2015-01-18 17:43 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-01-18 17:43 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-01-18 17:43 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-01-18 17:43 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-01-18 17:43 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-01-18 17:43 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-01-18 17:43 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-01-18 17:43 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-01-18 17:42 - 2015-01-18 18:05 - 00000000 ____D () C:\Qoobox
2015-01-18 17:42 - 2015-01-18 18:04 - 00000000 ____D () C:\Windows\erdnt
2015-01-18 17:40 - 2015-01-18 17:40 - 05608785 ____R (Swearware) C:\Users\MiraFelix\Desktop\ComboFix.exe
2015-01-18 15:43 - 2015-01-18 22:34 - 00019730 _____ () C:\Windows\PFRO.log
2015-01-18 15:09 - 2015-01-18 18:29 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-01-18 15:07 - 2015-01-18 16:41 - 00000000 ____D () C:\Users\MiraFelix\Desktop\mbar
2015-01-18 15:05 - 2015-01-18 15:05 - 16448208 _____ (Malwarebytes Corp.) C:\Users\MiraFelix\Desktop\mbar-1.08.2.1001.exe
2015-01-17 23:39 - 2015-01-17 23:41 - 00031549 _____ () C:\Users\MiraFelix\Desktop\Addition.txt
2015-01-17 23:38 - 2015-01-18 22:43 - 00013218 _____ () C:\Users\MiraFelix\Desktop\FRST.txt
2015-01-17 23:37 - 2015-01-18 22:43 - 00000000 ____D () C:\FRST
2015-01-17 23:34 - 2015-01-18 22:43 - 01118208 _____ (Farbar) C:\Users\MiraFelix\Desktop\FRST.exe
2015-01-17 19:54 - 2015-01-18 22:20 - 00114904 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-17 19:53 - 2015-01-18 15:48 - 00079576 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-17 19:53 - 2015-01-17 19:53 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-17 19:53 - 2015-01-17 19:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-17 19:53 - 2015-01-17 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-17 19:53 - 2015-01-17 19:53 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2015-01-17 19:53 - 2014-11-21 06:14 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-17 19:53 - 2014-11-21 06:14 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-17 19:52 - 2015-01-17 19:52 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\MiraFelix\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-16 23:38 - 2015-01-16 23:38 - 00002931 _____ () C:\Users\htaccess.txt
2015-01-16 23:37 - 2015-01-16 23:37 - 00003265 _____ () C:\Users\.htaccess
2015-01-16 23:34 - 2015-01-16 23:34 - 06381120 _____ (Tim Kosse) C:\Users\claudia\Downloads\FileZilla_3.10.0.2_win32-setup.exe
2015-01-15 10:27 - 2015-01-15 10:28 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2015-01-15 09:56 - 2015-01-18 22:34 - 00000448 _____ () C:\Windows\setupact.log
2015-01-15 09:56 - 2015-01-15 09:56 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 07:37 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2015-01-15 07:37 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-15 07:32 - 2014-12-19 03:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-15 07:32 - 2014-12-19 02:34 - 00116224 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-15 07:32 - 2014-12-11 18:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-15 07:32 - 2014-12-06 04:50 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-13 15:40 - 2015-01-18 21:56 - 00000112 _____ () C:\ProgramData\gBXX17O.dat
2015-01-10 08:18 - 2015-01-10 08:18 - 00002037 _____ () C:\Users\claudia\Desktop\Entfernen des Avira EU-Cleaners.lnk
2015-01-10 08:18 - 2015-01-10 08:18 - 00001981 _____ () C:\Users\claudia\Desktop\Avira EU-Cleaner.lnk
2015-01-10 08:17 - 2015-01-10 08:17 - 02209056 _____ () C:\Users\claudia\Downloads\avira-eu-cleaner_de.exe
2015-01-09 19:23 - 2015-01-09 19:23 - 05317104 _____ (Piriform Ltd) C:\Users\MiraFelix\Downloads\ccsetup501.exe
2015-01-08 18:47 - 2015-01-08 18:47 - 00001360 _____ () C:\Users\claudia\Desktop\CCleaner - Verknüpfung.lnk
2015-01-08 12:27 - 2015-01-08 12:27 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Mozilla
2015-01-08 12:27 - 2015-01-08 12:27 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Mozilla
2015-01-08 12:14 - 2015-01-08 12:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-01-08 12:14 - 2015-01-08 12:14 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Adobe
2015-01-08 12:14 - 2015-01-08 12:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-01-08 12:14 - 2015-01-08 12:14 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Adobe
2015-01-08 12:12 - 2015-01-08 12:12 - 00000000 ____D () C:\ProgramData\Package Cache
2015-01-04 21:51 - 2015-01-04 21:51 - 00000000 ____D () C:\Users\MiraFelix\Desktop\faddasdsadasdasdasdsadsadsadasdsdasdsadasdsadasdasdasd (1)
2014-12-26 20:24 - 2014-12-26 20:24 - 00015434 _____ () C:\Users\claudia\AppData\Local\recently-used.xbel
2014-12-25 18:24 - 2014-12-25 18:24 - 00000000 ____D () C:\Users\MiraFelix\AppData\Roaming\Leadertech
2014-12-21 17:05 - 2014-12-21 17:06 - 00000215 _____ () C:\Users\claudia\Desktop\Augsb. Direktion.url
2014-12-19 15:56 - 2014-12-19 15:56 - 00000183 _____ () C:\Users\claudia\Desktop\Spannseil Plisee.url
2014-12-19 10:32 - 2014-12-19 10:32 - 00000124 _____ () C:\Users\claudia\Desktop\IRIS.url
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-18 22:42 - 2009-07-14 05:34 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-18 22:42 - 2009-07-14 05:34 - 00027024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-18 22:39 - 2013-06-04 11:40 - 01467696 _____ () C:\Windows\WindowsUpdate.log
2015-01-18 22:38 - 2013-06-16 18:50 - 00000000 ____D () C:\Users\MiraFelix\AppData\Local\LogMeIn Hamachi
2015-01-18 22:35 - 2013-06-07 13:30 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2015-01-18 22:34 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-18 22:33 - 2014-07-22 10:54 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-01-18 22:33 - 2013-06-05 08:08 - 00000000 ____D () C:\Users\MiraFelix
2015-01-18 22:33 - 2013-06-04 11:50 - 00000000 ____D () C:\Users\claudia
2015-01-18 22:16 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Resources
2015-01-18 18:05 - 2009-07-14 03:37 - 00000000 __RHD () C:\Users\Default
2015-01-18 18:05 - 2009-07-14 03:37 - 00000000 ___RD () C:\Users\Public
2015-01-18 18:02 - 2009-07-14 03:04 - 00000215 _____ () C:\Windows\system.ini
2015-01-18 15:43 - 2009-07-14 09:47 - 00000000 ____D () C:\Windows\de-DE
2015-01-18 15:10 - 2013-06-08 23:13 - 00000000 ____D () C:\Users\claudia\AppData\Roaming\Skype
2015-01-17 19:34 - 2013-06-04 11:52 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-17 19:12 - 2013-06-22 09:33 - 00000000 ____D () C:\Users\MiraFelix\AppData\Roaming\.minecraft
2015-01-17 11:23 - 2013-06-16 20:04 - 00000000 ____D () C:\Users\claudia\AppData\Local\LogMeIn Hamachi
2015-01-17 08:00 - 2013-06-05 22:56 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2015-01-16 23:42 - 2013-06-08 15:12 - 00000000 ____D () C:\Users\claudia\AppData\Roaming\FileZilla
2015-01-16 23:35 - 2014-12-18 23:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileZilla FTP Client
2015-01-16 23:35 - 2014-12-18 23:14 - 00000000 ____D () C:\Program Files\FileZilla FTP Client
2015-01-15 19:48 - 2013-06-07 14:17 - 00000000 ____D () C:\Users\claudia\Documents\Leichathletik 2010.1
2015-01-15 18:59 - 2013-06-11 20:08 - 00000000 ____D () C:\Users\claudia\Documents\Leichathletik 2010
2015-01-15 08:01 - 2013-07-17 23:13 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-15 07:50 - 2013-06-07 13:17 - 110348472 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-01-15 07:34 - 2014-07-22 10:54 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2015-01-15 07:34 - 2014-07-22 10:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2015-01-14 08:23 - 2013-07-06 14:50 - 00000000 ____D () C:\Windows\Minidump
2015-01-12 08:52 - 2013-12-09 12:38 - 00275456 ___SH () C:\Users\claudia\Documents\Thumbs.db
2015-01-12 08:49 - 2013-08-19 23:14 - 00000000 ____D () C:\Users\claudia\Documents\Sicherung Homepage
2015-01-12 08:45 - 2013-07-24 10:34 - 00000000 ____D () C:\Users\claudia\Documents\Rechtsanwalt
2015-01-11 21:19 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-01-09 19:36 - 2014-10-05 12:07 - 00000000 ____D () C:\Users\MiraFelix\AppData\Local\Deployment
2015-01-09 19:26 - 2014-02-21 14:48 - 00000000 ____D () C:\Program Files\CCleaner
2015-01-09 12:03 - 2014-06-23 11:44 - 00000000 ____D () C:\Users\claudia\AppData\Roaming\Notepad++
2015-01-09 12:03 - 2014-06-23 11:44 - 00000000 ____D () C:\Program Files\Notepad++
2015-01-09 12:03 - 2014-06-12 17:52 - 00000000 ____D () C:\Users\MiraFelix\Documents\RCT3
2015-01-09 12:03 - 2013-06-04 14:08 - 00000000 ___HD () C:\Program Files\InstallShield Installation Information
2015-01-09 12:01 - 2013-06-09 16:08 - 00000000 ____D () C:\ProgramData\Electronic Arts
2015-01-09 11:57 - 2014-12-18 23:01 - 00000000 ____D () C:\Program Files\CHIP Updater
2015-01-06 04:36 - 2013-06-04 12:15 - 00249488 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-01-03 13:09 - 2013-06-15 11:25 - 00000000 ____D () C:\Users\claudia\Documents\INFO Links+more
2014-12-31 01:32 - 2014-12-14 21:36 - 00000000 ____D () C:\Users\claudia\Documents\Weihnachtskarte 14
2014-12-26 20:43 - 2013-12-15 21:13 - 00000000 ____D () C:\Users\claudia\.gimp-2.8
2014-12-26 17:40 - 2013-06-09 16:08 - 00000000 ____D () C:\ProgramData\Origin
2014-12-26 16:24 - 2013-06-09 16:08 - 00000000 ____D () C:\Program Files\Origin
2014-12-26 11:12 - 2014-02-09 12:25 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\system32\CmdLineExt.dll
2014-12-23 13:05 - 2013-06-07 14:25 - 00000000 ____D () C:\Users\claudia\Documents\Festnetzrechnung
2014-12-22 18:01 - 2013-06-07 14:18 - 00000000 ____D () C:\Users\claudia\Documents\Omas Reise nach Afrika
2014-12-20 19:45 - 2013-06-07 12:11 - 00073992 _____ () C:\Users\MiraFelix\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 23:57 - 2014-09-10 22:03 - 06057862 _____ (Tim Kosse) C:\Users\claudia\Downloads\FileZilla_3.9.0.5_win32-setup.exe
2014-12-19 06:59 - 2009-07-14 05:33 - 00307400 _____ () C:\Windows\system32\FNTCACHE.DAT
==================== Files in the root of some directories =======
2015-01-13 15:40 - 2015-01-18 21:56 - 0000112 _____ () C:\ProgramData\gBXX17O.dat
Files to move or delete:
====================
C:\ProgramData\gBXX17O.dat
Some content of TEMP:
====================
C:\Users\MiraFelix\AppData\Local\temp\Quarantine.exe
C:\Users\MiraFelix\AppData\Local\temp\RtkBtMnt.exe
C:\Users\MiraFelix\AppData\Local\temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-17 13:38
==================== End Of Log ============================ --- --- ---
Hoffe das passt so. |