Trojaner-Board
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Kaspersky Alarmstufe Gelb. Trojaner? PC in Gefahr? (https://www.trojaner-board.de/164616-kaspersky-alarmstufe-gelb-trojaner-pc-gefahr.html)

Haniver87 02.03.2015 12:39
Kaspersky Alarmstufe Gelb. Trojaner? PC in Gefahr?
 
Hallo, seit ungefähr einer Woche meldet mein Antivirenschutz Kaspersky, mit dem ich immer sehr zufrieden war und der mich bislang prima schützte, dass es auf meinem PC "unverarbeitete Objekte" gäbe. Seitdem steht Kaspersky bei mir auf Alaramstufe Gelb ("Die Sicherheit ist bedroht; Bedrohungen: andere"). Wenn ich einen Komplettsuchlauf mache, dann werden stets die gleichen Objekte gefunden und ich kann diese mit Kaspersky nicht entfernen (sie sind beim nä. Hochfahren des PCs alle wieder da) und auch nicht mit der Windowssuche finden, um sie manuell zu beseitigen.
Vermutlich habe ich mir da was eingefangen, als ich neulich nachts bzw. früh morgens auf mehreren Stream-Portalen rumgesurft bin, weil ich mir live eine Sportveranstaltung aus den USA online anschauen wollte. Der Stream brach immer wieder zusammen und da habe ich halt mehrere (wohl dubiose) Streamseiten ausprobiert - und schon habe ich den Salat! Ich habe noch am Rande mitbekommen, dass sich mein Virenschutz mit roten Hinweisen/Warnungen meldete, aber sonst wurde der auch immer mit allem fertig, es ist nie was auf der Festplatte hängen geblieben. Ich wollte halt unbedingt die Veranstaltung sehen und war generell übermüdet und genervt.

Es handelt sich im Einzelnen um folgende Objekte:
stij.exe
WSSetup[1].exe
WSSetup[2].exe
SkyalkerSetup[1].exe
SkyalkerSetup[2].exe

Ich habe auch schon den CCleaner und Malwarebytes installiert und suchen lassen, aber die haben nichts von Bedeutung gefunden oder entfernt - und Kaspersky zeigt noch immer unverändert die Liste der nicht verarbeiteten Objekte an und bleibt gelb.

Sind das schlimme Trojaner???

Ich kann jetzt nicht sagen, dass mein PC sich irgendwie anders verhalten würde. Alles läuft weiterhin tadellos. Vielleicht spinnt mein Virenschutz bloß rum? Besteht jetzt für meinen Rechner akute Gefahr oder ist das nur ein relativ harmloses kosmetisches Problem? Es nervt halt, dass Kaspersky mich jetzt immer mit dieser Liste von Objekten warnt.

Wie soll ich jetzt vorgehen?

schrauber 02.03.2015 12:55
hi,

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)


Haniver87 02.03.2015 15:50
FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Administrator (administrator) on MEIER-PC on 02-03-2015 15:40:44
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(AMD) C:\Windows\System32\atieclxx.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1342303199\ee\aolsoftware.exe
() C:\Program Files (x86)\AVG Secure Search\vprot.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1342303199\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Secure Search\vprot.exe [2640408 2014-08-26] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\RunOnce: [Adobe Speed Launcher] => 1425306980

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://start.qone8.com/web/?type=ds&ts=1383556867&from=amt&uid=SAMSUNGXSSDX830XSeries_S0VYNEAC506697&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://start.qone8.com/web/?type=ds&ts=1383556867&from=amt&uid=SAMSUNGXSSDX830XSeries_S0VYNEAC506697&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://start.qone8.com/web/?type=ds&ts=1383556867&from=amt&uid=SAMSUNGXSSDX830XSeries_S0VYNEAC506697&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://start.qone8.com/web/?type=ds&ts=1383556867&from=amt&uid=SAMSUNGXSSDX830XSeries_S0VYNEAC506697&q={searchTerms}
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,start page = about:blank
SearchScopes: HKLM-x32 -> DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: AVG Security Toolbar -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKU\S-1-5-21-2580177475-3764215397-4099907053-500 -> No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -  No File
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\18.1.9\\npsitesafety.dll No File
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @viewpoint.com/VMP -> C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\avg-secure-search.xml
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Flashblock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: Video Downloader professional - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\ffext_basicvideoext@startpage24.xpi [2013-11-23]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [avg@toolbar] - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799
FF Extension: AVG Security Toolbar - C:\ProgramData\AVG Secure Search\FireFoxExt\18.1.9.799 [2014-08-26]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Kaspersky виртуелна тастатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-08-18]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
R2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [1820184 2014-08-11] (AVG Secure Search)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-08-05] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2010-07-16] (CACE Technologies, Inc.)
S3 PDNETCTL; C:\Windows\SysWOW64\DRIVERS\pdnetctl.sys [31941 2005-10-27] () [File not signed]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 15:40 - 2015-03-02 15:40 - 02092544 ____C (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-03-02 15:40 - 2015-03-02 15:40 - 00020931 ____C () C:\Users\Administrator\Downloads\FRST.txt
2015-03-02 15:40 - 2015-03-02 15:40 - 00000000 ___DC () C:\FRST
2015-03-02 00:20 - 2015-03-02 00:20 - 00000000 _RHDC () C:\MSOCache
2015-03-01 12:09 - 2015-03-01 12:13 - 208123812 ____C () C:\Users\Administrator\Downloads\SWeaver20150228.mp4
2015-02-28 22:36 - 2015-02-28 22:36 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-28 12:13 - 2015-02-28 12:23 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-02-28 12:12 - 2015-02-28 12:12 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-02-28 12:12 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-02-28 12:12 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-02-28 12:12 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-02-26 21:34 - 2015-02-26 21:34 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 11:17 - 2015-02-25 11:17 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 11:17 - 2015-02-25 11:17 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 15:37 - 2015-02-28 13:11 - 00006936 ____C () C:\Windows\PFRO.log
2015-02-24 08:11 - 2015-02-24 08:12 - 158642802 ____C () C:\Users\Administrator\Downloads\AndreaMclean20150223.mp4
2015-02-23 22:21 - 2015-02-23 22:21 - 00341880 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 22:21 - 2015-02-23 22:21 - 00000020 __SHC () C:\Users\Administrator\ntuser.ini
2015-02-23 20:18 - 2015-03-02 15:36 - 00001848 ____C () C:\Windows\setupact.log
2015-02-23 20:18 - 2015-02-23 20:18 - 00000000 ____C () C:\Windows\setuperr.log
2015-02-23 20:05 - 2015-02-23 20:05 - 00086160 ____C () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 13:54 - 2015-02-23 13:54 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 13:54 - 2015-02-23 13:54 - 00000822 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 13:54 - 2015-02-23 13:54 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 13:54 - 2015-02-23 13:54 - 00000000 ___DC () C:\Program Files\CCleaner
2015-02-23 11:02 - 2015-02-23 11:04 - 222469916 ____C () C:\Users\Administrator\Downloads\Fastlane20150223.mp4
2015-02-22 23:28 - 2015-02-22 23:30 - 207051158 ____C () C:\Users\Administrator\Downloads\LauraWhitmore20150222.mp4
2015-02-22 23:25 - 2015-02-22 23:27 - 177803993 ____C () C:\Users\Administrator\Downloads\CeliaSawyer20150222.mp4
2015-02-22 18:56 - 2015-02-22 18:58 - 209058681 ____C () C:\Users\Administrator\Downloads\Soap20150222.mp4
2015-02-21 22:36 - 2015-02-21 22:37 - 156812637 ____C () C:\Users\Administrator\Downloads\LisaSnowdon20141129.mp4
2015-02-21 17:24 - 2015-02-21 17:26 - 146456450 ____C () C:\Users\Administrator\Downloads\LaurenSimon.mp4
2015-02-12 07:54 - 2015-02-12 08:38 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:02 - 2015-02-11 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:02 - 2015-02-11 11:25 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:02 - 2015-02-11 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:02 - 2015-02-11 11:25 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:02 - 2015-02-11 11:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-06 19:58 - 2015-02-06 19:58 - 00002233 ____C () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-02 15:39 - 2012-07-11 09:25 - 01173786 ____C () C:\Windows\WindowsUpdate.log
2015-03-02 15:37 - 2012-07-14 01:42 - 00000000 ___DC () C:\ProgramData\Kaspersky Lab
2015-03-02 15:36 - 2013-06-09 18:47 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2015-03-02 15:36 - 2013-06-03 08:19 - 00000350 ____C () C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2015-03-02 15:36 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-03-02 08:16 - 2012-07-16 08:32 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-02 07:56 - 2011-04-12 08:43 - 00699432 ____C () C:\Windows\system32\perfh007.dat
2015-03-02 07:56 - 2011-04-12 08:43 - 00149572 ____C () C:\Windows\system32\perfc007.dat
2015-03-02 07:56 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-03-02 07:56 - 2009-07-14 05:45 - 00029120 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-02 07:56 - 2009-07-14 05:45 - 00029120 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-02 00:15 - 2012-07-14 22:45 - 00000000 ___DC () C:\Users\Administrator\AppData\Roaming\vlc
2015-03-01 12:06 - 2014-02-25 10:29 - 01594028 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-28 23:00 - 2012-07-14 02:15 - 00000000 __RDC () C:\Users\Administrator\Eigene Bilder
2015-02-28 23:00 - 2012-07-14 02:15 - 00000000 ___DC () C:\Users\Administrator
2015-02-28 22:41 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\tracing
2015-02-28 12:12 - 2013-11-13 20:26 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-02-27 07:49 - 2013-11-23 13:36 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 15:45 - 2014-04-02 15:56 - 00001855 ____C () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 13:54 - 2012-07-11 10:21 - 00000000 ___DC () C:\Windows\Panther
2015-02-23 01:32 - 2012-07-14 02:15 - 00001421 ____C () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-17 18:44 - 2012-08-13 15:49 - 00177864 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-02-17 07:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:29 - 2014-12-10 15:17 - 00000000 ___DC () C:\Windows\system32\appraiser
2015-02-11 11:29 - 2014-05-06 16:15 - 00000000 __SDC () C:\Windows\system32\CompatTel
2015-02-11 11:25 - 2012-07-15 00:43 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-02-11 11:24 - 2013-08-15 06:01 - 00000000 ___DC () C:\Windows\system32\MRT
2015-02-11 11:22 - 2012-07-15 00:56 - 116773704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 11:18 - 2012-07-27 13:45 - 00000099 ____C () C:\Users\Public\LMDebug.log
2015-02-08 01:30 - 2012-07-14 13:46 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\Microsoft Games
2015-02-06 19:59 - 2014-12-27 23:35 - 00000000 ___DC () C:\Users\Administrator\.gimp-2.8
2015-02-06 19:58 - 2014-12-26 23:44 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\gtk-2.0
2015-02-05 23:16 - 2012-07-16 08:32 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:16 - 2012-07-16 08:32 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 23:16 - 2012-07-16 08:32 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-11-23 13:35 - 2013-11-23 13:35 - 0283184 ____C (Mozilla) C:\Program Files\Firefox Setup Stub 25.0.1.exe
2012-07-14 01:41 - 2012-04-18 00:19 - 145454840 ___RC (Kaspersky Lab) C:\Program Files\kis12.0.0.374de.exe
2014-03-21 20:45 - 2014-03-31 15:45 - 0000067 ____C () C:\Users\Administrator\AppData\Roaming\WB.CFG
2015-02-06 19:58 - 2015-02-06 19:58 - 0002233 ____C () C:\Users\Administrator\AppData\Local\recently-used.xbel
2012-07-14 02:15 - 2012-07-14 02:15 - 0017408 ____C () C:\Users\Administrator\AppData\Local\WebpageIcons.db

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 13:19

==================== End Of Log ============================
--- --- ---

--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-03-2015
Ran by Administrator at 2015-03-02 15:41:04
Running from C:\Users\Administrator\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Kaspersky Internet Security (Enabled - Up to date) {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
AS: Kaspersky Internet Security (Enabled - Up to date) {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.24 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 5.0 (HKLM-x32\...\Adobe Acrobat 5.0) (Version: 5.0 - Adobe Systems, Inc.)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Alice-Installationsdateien entfernen (HKLM-x32\...\Alice) (Version:  - )
AMD Catalyst Install Manager (HKLM\...\{C8807716-1F6F-5C43-3C32-7295A45CF060}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
AOL Uninstaller (Choose which Products to Remove) (HKLM-x32\...\AOL Uninstaller) (Version:  - AOL Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft PhotoBase 3 (HKLM-x32\...\{C1D14C0D-FDAA-4DF2-8441-A902805CCE8C}) (Version:  - )
ArcSoft PhotoStudio 5 (HKLM-x32\...\{03F1CC67-5BD8-4C36-8394-76311B2AE69A}) (Version:  - )
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.0.4.4 - Atheros Communications Inc.)
Audacity 2.0 (HKLM-x32\...\Audacity_is1) (Version:  - Audacity Team)
Audiograbber 1.83 SE  (HKLM-x32\...\Audiograbber) (Version: 1.83 SE  - Audiograbber)
AutoGreen B12.0206.1 (HKLM-x32\...\InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}) (Version: 1.00.0000 - GIGABYTE)
AutoGreen B12.0206.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
AVG Security Toolbar (HKLM-x32\...\AVG Secure Search) (Version: 18.1.9.799 - AVG Technologies)
BabylonObjectInstaller (HKLM-x32\...\{83AA2913-C123-4146-85BD-AD8F93971D39}) (Version: 2.0.0.3 - Babylon Ltd) <==== ATTENTION
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Common Desktop Agent (Version: 1.62.0 - OEM) Hidden
Easy Tune 6 B12.0402.1 (HKLM-x32\...\InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}) (Version: 1.00.0000 - GIGABYTE)
Easy Tune 6 B12.0402.1 (x32 Version: 1.00.0000 - GIGABYTE) Hidden
FFMPEG Addon (HKLM-x32\...\{111124AF-1ED4-44EF-B674-111111985342}_is1) (Version: 1.00 - FFMPEG)
Free Audio Converter version 5.0.52.1107 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.52.1107 - DVDVideoSoft Ltd.)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
HP Managed Printing Admin (HKLM-x32\...\{7CA4F780-7AD0-417A-82A1-46EB825CFD53}) (Version: 2.5.9 - Hewlett-Packard)
Iminent (x32 Version: 6.37.21.0 - Iminent) Hidden <==== ATTENTION
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.0.0.1351 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.0.0.1032 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.3.214 - Intel Corporation)
Intel® Trusted Connect Service Client (HKLM\...\{6199B534-A1B6-46ED-873B-97B0ECF8F81E}) (Version: 1.23.216.0 - Intel Corporation)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.450 - Oracle)
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
JDownloader 2.0 (HKLM-x32\...\jdownloader2) (Version: 2.0 - AppWork GmbH)
Kaspersky Internet Security 2013 (HKLM-x32\...\InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}) (Version: 13.0.1.4190 - Kaspersky Lab)
Kaspersky Internet Security 2013 (x32 Version: 13.0.1.4190 - Kaspersky Lab) Hidden
Malwarebytes Anti-Malware Version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 de)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Platform (x32 Version: 1.39 - VIA Technologies, Inc.) Hidden
Portrait Professional 10.9 Test (HKLM-x32\...\PortraitProfessional10Trial_is1) (Version: 10.9 - Anthropics Technology Ltd.)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Replay Media Catcher 4 (4.4.3) (HKLM-x32\...\Replay Media Catcher 4) (Version: 4.4.3 - Applian Technologies)
Samsung CLP-360 Series (HKLM-x32\...\Samsung CLP-360 Series) (Version: 1.01 (01.05.2012) - Samsung Electronics Co., Ltd.)
Samsung Easy Printer Manager (HKLM-x32\...\Samsung Easy Printer Manager) (Version: 1.02.45.02(01.05.2012) - Samsung Electronics Co., Ltd.)
Samsung Printer Live Update (HKLM-x32\...\Samsung Printer Live Update) (Version: 1.01.00.04 - Samsung Electronics Co., Ltd.)
Samsung SSD Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 3.1 - Samsung Electronics)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Update_DealPly (HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\DealPly) (Version:  - ) <==== ATTENTION
VIA Plattform-Geräte-Manager (HKLM-x32\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.39 - VIA Technologies, Inc.)
Video Download Capture V4.3.9 (HKLM\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.3.9 - Apowersoft)
Video Download Capture Version 4.9.0 (HKLM-x32\...\{3C9D008D-3716-4C3F-90CD-38ED57568FAB}_is1) (Version: 4.9.0 - APOWERSOFT LIMITED)
VideoPerformer (HKLM-x32\...\VideoPerformer) (Version:  - PerformerSoft LLC) <==== ATTENTION
Viewpoint Media Player (HKLM-x32\...\ViewpointMediaPlayer) (Version:  - )
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Yontoo 1.12.02 (HKLM\...\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}) (Version: 1.12.02 - Yontoo LLC) <==== ATTENTION

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

24-02-2015 07:53:25 Windows Update
25-02-2015 11:17:13 Windows Update
28-02-2015 22:36:25 Windows Update
01-03-2015 12:06:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0699B31B-CF7E-4158-90E0-BCFD1AB35B36} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {16704D17-6DA9-447A-B344-CD7C702BCDF2} - System32\Tasks\SuperEasyDriverUpdaterRunAtStartup => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: {1B6EFF08-6469-40FD-8094-6F03BB58DFB3} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {25625578-00AB-4DB2-88C1-6073BF36795D} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-05] (Adobe Systems Incorporated)
Task: {42080913-B308-4E6E-9BA2-A35FC039FBED} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4CE7CCE6-10C3-4828-8CC3-932E04B83828} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv => C:\Windows\TEMP\{AC110DBB-C250-4FE1-B4A0-8D2F2D67B638}.exe
Task: {718AF655-F0E0-47BE-9A7E-62E4BA361E84} - \DealPlyUpdate No Task File <==== ATTENTION
Task: {77671F2D-71BB-4A6A-A8A9-BE1E00B33F0A} - System32\Tasks\{FEA6A0F5-C588-4FF0-B25C-A696BAC955E9} => pcalua.exe -a "C:\Program Files (x86)\CS Browser Assistant 2.0\Uninstall.exe" -d "C:\Program Files (x86)\CS Browser Assistant 2.0"
Task: {8C948802-C9C7-47A1-8F78-1D19E316716A} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\TuneUp Utilities 2014\OneClick.exe
Task: {A3DA5DBC-1AD6-4E27-A1D9-FB7C9F1FEE44} - System32\Tasks\{1B105139-36D2-49B1-BBD3-F01C70BF5A2E} => pcalua.exe -a C:\Users\Administrator\Downloads\lide60vst6411111a_64de\SetupSG.exe -d C:\Users\Administrator\Downloads\lide60vst6411111a_64de
Task: {C16C9B9A-1A98-4E04-853D-49DEF186AAF9} - System32\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv => C:\Windows\TEMP\{4852DF42-EB4A-4874-B4BA-E918ED243D6D}.exe
Task: {F18D13E7-0E86-48D5-B580-49F1DF6EE397} - System32\Tasks\SuperEasyDriverUpdater_UPDATES => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job => C:\Windows\TEMP\{AC110DBB-C250-4FE1-B4A0-8D2F2D67B638}.exe <==== ATTENTION
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job => C:\Windows\TEMP\{4852DF42-EB4A-4874-B4BA-E918ED243D6D}.exe <==== ATTENTION
Task: C:\Windows\Tasks\SuperEasyDriverUpdater_UPDATES.job => C:\Program Files (x86)\SuperEasy Software\Driver Updater\supereasydu.exe

==================== Loaded Modules (whitelisted) ==============

2012-01-09 10:38 - 2012-01-09 10:38 - 00034304 _____ () C:\Windows\System32\sst6clm.dll
2014-08-11 14:51 - 2014-08-11 14:51 - 00159768 ____C () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
2012-02-20 21:23 - 2012-02-20 21:23 - 00456704 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
2012-02-20 21:23 - 2012-02-20 21:23 - 00051200 _____ () C:\Program Files\Common Files\Common Desktop Agent\CDASrvPS.dll
2015-01-21 03:06 - 2015-01-21 03:06 - 00057344 ____C () C:\Program Files\CCleaner\lang\lang-1031.dll
2012-07-11 09:32 - 2012-01-12 14:21 - 00078448 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2012-07-11 09:32 - 2012-01-12 14:21 - 00386160 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2012-08-04 22:16 - 2014-08-26 06:54 - 02640408 _____ () C:\Program Files (x86)\AVG Secure Search\vprot.exe
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2012-08-17 20:39 - 2013-08-18 01:13 - 01310136 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\kpcengine.2.2.dll
2014-08-11 14:51 - 2014-08-11 14:51 - 00519704 ____C () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\log4cplusU.dll
2012-08-17 20:38 - 2012-08-17 20:38 - 00479160 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\dblite.dll
2012-07-11 09:32 - 2011-11-29 19:00 - 00059392 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2012-07-11 09:31 - 2011-12-16 09:39 - 01198872 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2011-04-25 22:52 - 2011-04-25 22:52 - 00048640 ____C () C:\Program Files (x86)\AOL Desktop 9.6\zlib.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:373E1720

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2580177475-3764215397-4099907053-500 - Administrator - Enabled) => C:\Users\Administrator
Gast (S-1-5-21-2580177475-3764215397-4099907053-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============

Name: USB (Universal Serial Bus)-Controller
Description: USB (Universal Serial Bus)-Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/02/2015 03:38:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2015 07:51:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 10:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 06:52:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 04:36:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 03:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 00:08:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 11:53:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 00:50:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 10:43:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/27/2015 08:55:39 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/27/2015 08:46:44 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 10. Der interne Fehlerstatus lautet: 10.

Error: (02/23/2015 01:51:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Adobe Acrobat Update Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (02/23/2015 00:44:04 PM) (Source: volsnap) (EventID: 36) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (02/23/2015 01:38:39 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎23.‎02.‎2015 um 01:37:04 unerwartet heruntergefahren.

Error: (02/12/2015 07:40:20 PM) (Source: Schannel) (EventID: 4119) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung empfangen: 20.

Error: (02/12/2015 07:35:33 PM) (Source: Schannel) (EventID: 4120) (User: NT-AUTORITÄT)
Description: Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus lautet: 252.

Error: (01/26/2015 11:05:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2BOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C06F4FF-5D79-4EE7-88A6-8E9183E31850}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/26/2015 10:54:25 AM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2BOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C06F4FF-5D79-4EE7-88A6-8E9183E31850}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.

Error: (01/25/2015 11:30:10 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "O2BOX",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{9C06F4FF-5D79-4EE7-88A6-8E9183E31850}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.


Microsoft Office Sessions:
=========================
Error: (03/02/2015 03:38:12 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/02/2015 07:51:34 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 10:51:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 06:52:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 04:36:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 03:25:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 00:08:51 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 11:53:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 00:50:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/28/2015 10:43:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2015-02-12 07:58:09.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 07:58:09.859
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 07:56:57.771
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-02-12 07:56:57.646
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 07:59:19.984
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-12-11 07:59:19.922
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 08:03:23.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 08:03:23.674
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 08:03:23.658
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-11-13 08:03:23.658
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3450 CPU @ 3.10GHz
Percentage of memory in use: 33%
Total physical RAM: 8153.95 MB
Available physical RAM: 5399.06 MB
Total Pagefile: 16306.09 MB
Available Pagefile: 13216.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:119.14 GB) (Free:69.57 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: 71ED0789)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=119.1 GB) - (Type=07 NTFS)

==================== End Of Log ============================

schrauber 02.03.2015 17:09
Lade Dir bitte von hier Revo Uninstaller Download Revo Uninstaller (alternativ portable Revo Uninstaller) herunter.
  • Installiere und starte das Programm. (Bebilderte Anleitung zu Revo Uninstaller)
  • Klicke auf Optionen und wähle als Sprache Deutsch.
  • Suche im Uninstallerfeld nach den Programmen:

    BabylonObjectInstaller

    Iminent

    Update_DealPly

    VideoPerformer

    Yontoo 1.12.02


  • Wähle die Programme nacheinander aus und klicke jedes Mal auf Uninstall.
  • Wähle anschließend den Modus "Moderat" aus.
  • Reste löschen:
    Klicke auf dann auf und dann auf .

 





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Haniver87 02.03.2015 19:35
Okay, alles gemacht. Aber Iminent & Yontoo wurden bei mir von Revo Uninstaller nicht entdeckt/angezeigt.

Wie klappt das mit dem Code??? Einfach Code in eckigen Klammern, Log-Text dazwischen, /Code in eckigen Klammern?

Code:
ComboFix 15-03-01.01 - Administrator 02.03.2015  19:26:13.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.8154.6304 [GMT 1:00]
ausgeführt von:: c:\users\Administrator\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\Documents\EXTENSIONUPDATE.TMP
c:\windows\IsUn0407.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\rnaph.dll
c:\windows\SysWow64\WNLT
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((  Treiber/Dienste  )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Legacy_NPF
-------\Service_acedrv11
-------\Service_npf
.
.
(((((((((((((((((((((((  Dateien erstellt von 2015-02-02 bis 2015-03-02  ))))))))))))))))))))))))))))))
.
.
2015-03-02 18:28 . 2015-03-02 18:28        --------        dc----w-        c:\users\Default\AppData\Local\temp
2015-03-02 18:10 . 2015-03-02 18:10        --------        dc----w-        c:\program files (x86)\VS Revo Group
2015-03-02 14:40 . 2015-03-02 14:41        --------        dc----w-        C:\FRST
2015-03-01 23:20 . 2015-03-01 23:20        --------        dc----r-        C:\MSOCache
2015-02-28 21:36 . 2015-02-28 21:36        950272        ----a-w-        c:\windows\system32\perftrack.dll
2015-02-28 21:36 . 2015-02-28 21:36        91136        ----a-w-        c:\windows\system32\wdi.dll
2015-02-28 21:36 . 2015-02-28 21:36        76800        ----a-w-        c:\windows\SysWow64\wdi.dll
2015-02-28 21:36 . 2015-02-28 21:36        29696        ----a-w-        c:\windows\system32\powertracker.dll
2015-02-27 06:53 . 2015-01-29 09:07        11910896        -c--a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{09F12D02-996A-404B-B5C7-96ACF3F883A3}\mpengine.dll
2015-02-23 12:54 . 2015-02-23 12:54        --------        dc----w-        c:\program files\CCleaner
2015-02-12 06:54 . 2015-02-12 07:38        620032        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2015-02-12 06:54 . 2015-02-12 07:38        4300800        ----a-w-        c:\windows\SysWow64\jscript9.dll
2015-02-12 06:54 . 2015-02-12 07:38        814080        ----a-w-        c:\windows\system32\jscript9diag.dll
2015-02-12 06:54 . 2015-02-12 07:38        6041600        ----a-w-        c:\windows\system32\jscript9.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-02-17 17:44 . 2012-08-13 14:49        177864        -c--a-w-        c:\windows\system32\drivers\kneps.sys
2015-02-11 10:22 . 2012-07-14 23:56        116773704        -c--a-w-        c:\windows\system32\MRT.exe
2015-02-05 22:16 . 2012-07-16 07:32        71344        -c--a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-02-05 22:16 . 2012-07-16 07:32        701616        -c--a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2015-01-14 10:48 . 2015-01-14 07:24        52736        ----a-w-        c:\windows\system32\TSWbPrxy.exe
2015-01-14 10:48 . 2015-01-14 07:24        210432        ----a-w-        c:\windows\system32\profsvc.dll
2015-01-14 10:48 . 2015-01-14 07:24        52224        ----a-w-        c:\windows\SysWow64\nlaapi.dll
2015-01-14 10:48 . 2015-01-14 07:24        303616        ----a-w-        c:\windows\system32\nlasvc.dll
2015-01-14 10:48 . 2015-01-14 07:24        156672        ----a-w-        c:\windows\SysWow64\ncsi.dll
2015-01-14 10:48 . 2015-01-14 07:24        141312        ----a-w-        c:\windows\system32\drivers\mrxdav.sys
2014-12-22 23:41 . 2010-11-21 03:27        298120        -c----w-        c:\windows\system32\MpSigStub.exe
2014-12-10 08:02 . 2014-12-10 07:29        119296        ----a-w-        c:\windows\system32\drivers\tdx.sys
2014-12-10 08:01 . 2014-12-10 08:01        55808        ----a-w-        c:\windows\system32\rrinstaller.exe
2014-12-10 08:01 . 2014-12-10 08:01        50176        ----a-w-        c:\windows\SysWow64\rrinstaller.exe
2014-12-10 08:01 . 2014-12-10 08:01        4121600        ----a-w-        c:\windows\system32\mf.dll
2014-12-10 08:01 . 2014-12-10 08:01        3209728        ----a-w-        c:\windows\SysWow64\mf.dll
2014-12-10 08:01 . 2014-12-10 08:01        24576        ----a-w-        c:\windows\system32\mfpmp.exe
2014-12-10 08:01 . 2014-12-10 08:01        23040        ----a-w-        c:\windows\SysWow64\mfpmp.exe
2014-12-10 08:01 . 2014-12-10 08:01        206848        ----a-w-        c:\windows\system32\mfps.dll
2014-12-10 08:01 . 2014-12-10 08:01        2048        ----a-w-        c:\windows\SysWow64\mferror.dll
2014-12-10 08:01 . 2014-12-10 08:01        2048        ----a-w-        c:\windows\system32\mferror.dll
2014-12-10 08:01 . 2014-12-10 08:01        103424        ----a-w-        c:\windows\SysWow64\mfps.dll
2014-12-10 08:01 . 2014-12-10 07:28        165888        ----a-w-        c:\windows\system32\charmap.exe
2014-12-10 08:01 . 2014-12-10 07:28        155136        ----a-w-        c:\windows\SysWow64\charmap.exe
2014-12-10 08:01 . 2014-12-10 07:28        346624        ----a-w-        c:\windows\system32\WSManMigrationPlugin.dll
2014-12-10 08:01 . 2014-12-10 07:28        310272        ----a-w-        c:\windows\system32\WsmWmiPl.dll
2014-12-10 08:01 . 2014-12-10 07:28        266240        ----a-w-        c:\windows\system32\WSManHTTPConfig.exe
2014-12-10 08:01 . 2014-12-10 07:28        248832        ----a-w-        c:\windows\SysWow64\WSManMigrationPlugin.dll
2014-12-10 08:01 . 2014-12-10 07:28        214016        ----a-w-        c:\windows\SysWow64\WsmWmiPl.dll
2014-12-10 08:01 . 2014-12-10 07:28        2020352        ----a-w-        c:\windows\system32\WsmSvc.dll
2014-12-10 08:01 . 2014-12-10 07:28        198656        ----a-w-        c:\windows\SysWow64\WSManHTTPConfig.exe
2014-12-10 08:01 . 2014-12-10 07:28        181248        ----a-w-        c:\windows\system32\WsmAuto.dll
2014-12-10 08:01 . 2014-12-10 07:28        145920        ----a-w-        c:\windows\SysWow64\WsmAuto.dll
2014-12-10 08:01 . 2014-12-10 07:28        1177088        ----a-w-        c:\windows\SysWow64\WsmSvc.dll
2014-12-10 08:01 . 2014-12-10 07:28        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
2014-12-10 08:01 . 2014-12-10 07:28        2048        ----a-w-        c:\windows\system32\tzres.dll
2013-11-23 12:35 . 2013-11-23 12:35        283184        -c--a-w-        c:\program files\Firefox Setup Stub 25.0.1.exe
2012-04-17 23:19 . 2012-07-14 00:41        145454840        -c--a-r-        c:\program files\kis12.0.0.374de.exe
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2014-08-26 05:54        3627032        -c--a-w-        c:\program files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\18.1.9.799\AVG Secure Search_toolbar.dll" [2014-08-26 3627032]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-01-20 7404312]
"AOL Fast Start"="c:\program files (x86)\AOL Desktop 9.6\AOL.EXE" [2011-04-25 42320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2012-01-12 5028464]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-11-29 284440]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-01-27 291608]
"HostManager"="c:\program files (x86)\Common Files\AOL\1342303199\ee\AOLSoftware.exe" [2010-03-08 41800]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2014-08-26 2640408]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2013-10-10 356128]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-17 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
R3 appliand;Applian Network Service;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 PDNETCTL;ProDyne MicroPPPoE;c:\windows\system32\DRIVERS\pdnetctl.sys;c:\windows\SYSNATIVE\DRIVERS\pdnetctl.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys;c:\windows\SYSNATIVE\DRIVERS\hssdrv6.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
S2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
S3 appliandMP;appliandMP;c:\windows\system32\DRIVERS\appliand.sys;c:\windows\SYSNATIVE\DRIVERS\appliand.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2015-03-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-16 22:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CDAServer"="c:\program files\Common Files\Common Desktop Agent\CDASrv.exe" [2012-02-20 456704]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
ustart page = about:blank
mDefault_Search_URL = hxxp://start.qone8.com/web/?type=ds&ts=1383556867&from=amt&uid=SAMSUNGXSSDX830XSeries_S0VYNEAC506697&q={searchTerms}
mDefault_Page_URL = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://start.qone8.com/web/?type=ds&ts=1383556867&from=amt&uid=SAMSUNGXSSDX830XSeries_S0VYNEAC506697&q={searchTerms}
uSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\18.1.9\ViProtocol.dll
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\
FF - user.js: extensions.irmysearch.cd - 2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q
FF - user.js: extensions.mysearchdial.srchPrvdr - Mysearchdial
FF - user.js: extensions.mysearchdial.dnsErr - true
FF - user.js: extensions.mysearchdial_i.newTab - false
FF - user.js: extensions.mysearchdial.newTabUrl - hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q&cr=369729818&ir=
FF - user.js: extensions.mysearchdial.tlbrSrchUrl - hxxp://start.mysearchdial.com/?f=3&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q&cr=369729818&ir=&q=
FF - user.js: extensions.mysearchdial.id - 902B341DDACB913A
FF - user.js: extensions.mysearchdial.instlDay - 16150
FF - user.js: extensions.mysearchdial.vrsn - 1.8.29.0
FF - user.js: extensions.mysearchdial.vrsni - 1.8.29.0
FF - user.js: extensions.mysearchdial_i.vrsnTs - 1.8.29.019:39
FF - user.js: extensions.mysearchdial.prtnrId - mysearchdial
FF - user.js: extensions.mysearchdial.prdct - mysearchdial
FF - user.js: extensions.mysearchdial.aflt - ir_14_12_ff
FF - user.js: extensions.mysearchdial_i.smplGrp - none
FF - user.js: extensions.mysearchdial.tlbrId - base
FF - user.js: extensions.mysearchdial.instlRef - 140305_b
FF - user.js: extensions.mysearchdial.dfltLng -
FF - user.js: extensions.mysearchdial.appId - {CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
FF - user.js: extensions.mysearchdial.excTlbr - false
FF - user.js: extensions.mysearchdial.cr - 369729818
FF - user.js: extensions.mysearchdial.cd - 2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q
FF - user.js: extensions.mysearchdial.AL - 2
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - (no file)
Toolbar-Locked - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0407.EXE
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (Administrator)
"2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DAT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="DAT_auto_file"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DAT"\UserChoice]
@Denied: (2) (Administrator)
"Progid"="DAT\"_auto_file"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\Winword.exe"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fid"\UserChoice]
@Denied: (2) (Administrator)
"Progid"="fid\"_auto_file"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.flv"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpm"\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\audacity.exe"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="giffile"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.part\UserChoice]
@Denied: (2) (Administrator)
"Progid"="part_auto_file"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (Administrator)
"Progid"="pngfile"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\wmplayer.exe"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="VLC.webm"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="FirefoxHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_16_0_0_305_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.16"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_16_0_0_305.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\User Preferences - Do not modify. Direct modification is a violation of ISV software requirements.]
@Denied: (2) (Administrator)
"2E1C892BBCB432157F277FDF4D11FD173738EC8D13"=hex:01,00,00,00,d0,8c,9d,df,01,15,
  d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e3,c7,66,33,08,2c,fb,47,91,cf,c8,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\loggingserver.exe
c:\program files (x86)\AOL Desktop 9.6\waol.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2015-03-02  19:31:17 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2015-03-02 18:31
.
Vor Suchlauf: 13 Verzeichnis(se), 73.429.991.424 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 73.064.734.720 Bytes frei
.
- - End Of File - - F99DA3D2E34FB5B783A7B7B542C99DDE

schrauber 03.03.2015 07:22
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

Haniver87 03.03.2015 20:46
Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 03.03.2015
Suchlauf-Zeit: 20:20:41
Logdatei: mbam.txt
Administrator: Ja

Version: 2.00.4.1028
Malware Datenbank: v2015.03.03.05
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Administrator

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 358378
Verstrichene Zeit: 4 Min, 15 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert

Prozesse: 0
(Keine schädliche Elemente erkannt)

Module: 0
(Keine schädliche Elemente erkannt)

Registrierungsschlüssel: 0
(Keine schädliche Elemente erkannt)

Registrierungswerte: 0
(Keine schädliche Elemente erkannt)

Registrierungsdaten: 0
(Keine schädliche Elemente erkannt)

Ordner: 0
(Keine schädliche Elemente erkannt)

Dateien: 47
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.AL", 2);), Ersetzt,[a57c162b1872f046077218fd27dfd828]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ser Preferences

/* Do not edit this file.
 *
 * If y), Ersetzt,[e23f54edb6d4bf7795e4b164f115f10f]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (s

/* Do not edit this file.
 *
 * If you make changes to this file while the app), Ersetzt,[75ac79c89befb1858aef92837591c63a]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (e.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten whe), Ersetzt,[071a46fb0288e4525920d3422adc29d7]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (o this file while the application is running,
 * the), Ersetzt,[0021c180c2c895a1ff7a9e7748be659b]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you), Ersetzt,[34ed50f14347f442c7b251c463a324dc]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (eferences

/* Do not edit this file.
 *
 * If ), Ersetzt,[23fe71d07a101422384170a55caa05fb]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ferences

/* Do not edit this file.
 *
 * If you), Ersetzt,[d74ae45d91f94ee8651471a410f605fb]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make chan), Ersetzt,[e839be83513963d38fea63b2699d11ef]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes), Ersetzt,[49d86fd2aedc1a1ce099b95c0006d729]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make chang), Ersetzt,[c859ba873b4ffd391861d04542c4728e]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manual), Ersetzt,[f32e2d1445452c0afe7b47cefa0c02fe]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (itten when the application exits.
 *
 * To make a manual ), Ersetzt,[6eb320216624a690dc9d32e3ae5822de]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (

/* Do not edit this file.
 *
 * If you make changes to t), Ersetzt,[968b5ce5c6c4c0768bee34e1887ecd33]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (
/* Do not edit this file.
 *
 * If you make changes to this ), Ersetzt,[d74ae45d7d0dc17589f0090ca1659c64]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (* Do not edit this file.
 *
 * If you make changes), Ersetzt,[ae7396abfa9041f592e769ac986ef907]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (rences

/* Do not edit this file.
 *
 * If you make changes to this file while the application is running,
 * the changes will be overwritten when the application exits.
 *
 * To make a manua), Ersetzt,[8c95d46d652541f586f3fa1bfb0b1ce4]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: ( when the application exits.
 *
 * To make a manual ), Ersetzt,[3ce57bc6464439fd0e6b14019f67c33d]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (nces

/* Do not edit this file.
 *
 * If you make c), Ersetzt,[ef3262df850583b33e3bdc39c145be42]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[01203b0692f811258cedef26c1457f81]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ences

/* Do not edit this file.
 *
 * If you make ), Ersetzt,[8f92c08118722e0886f349cc21e58d73]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\prefs.js, Gut: (), Schlecht: (ces

/* Do not edit this file.
 *
 * If you make changes to th), Ersetzt,[18097fc2f6940b2bb2c7bd583bcbe61a]
PUP.Optional.MySearch.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q");), Ersetzt,[25fc62df5e2c0b2bcca5f520e026aa56]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");), Ersetzt,[d24fce73deac42f41f5bc74efc0a916f]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (h.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDt), Ersetzt,[0d14c9785d2d9a9c0b6f46cff115ed13]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (ons.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0D), Ersetzt,[a081d1700387f640d4a6bc59ee186d93]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q");
user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdi), Ersetzt,[33eec47db8d2f73f196116ff778f718f]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (", "Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchd), Ersetzt,[46db1829a9e140f63743ae67ec1a25db]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (ysearchdial");
user_pref("extensions.mysearchdial.dnsErr", ), Ersetzt,[50d1f54cb5d5fb3b2c4e5abb50b6936d]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (arch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0), Ersetzt,[cc5579c859315adc1b5fcd48d630d52b]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (rmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0At), Ersetzt,[7aa71c254842181e7a00af66a85eba46]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0At), Ersetzt,[0918152cbecc082e0e6cb95c38ce3fc1]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (rmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0Cy), Ersetzt,[6eb37cc5068479bd9ae0a0751de9f40c]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (d", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0), Ersetzt,[3de4f74a9deda78f0f6b799cec1a966a]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (rch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0C), Ersetzt,[948df150f39795a183f726eff41222de]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (earch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0C), Ersetzt,[cf5273cec0cac96dd1a9dc39c541ef11]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (ysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByD), Ersetzt,[2df4b78afb8f86b0235741d4a264eb15]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (rmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0), Ersetzt,[2af7b1903d4d1620b0ca29ec5ea82ed2]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (s.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtB), Ersetzt,[6eb3073acbbfd75f33473cd90df97b85]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (search.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0), Ersetzt,[ad740938c6c486b0bbbfd93c8b7bad53]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (ions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0F), Ersetzt,[0d1471d0305a9c9aa6d48b8a61a5f30d]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (zuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCy), Ersetzt,[7ba653ee840633032d4d66afc83e916f]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (s.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGt), Ersetzt,[2af785bcb5d582b4c9b1a2734bbb0cf4]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q");
user_pref("extensions), Ersetzt,[ea371c253a5080b6b4c663b2e0269f61]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (B0CyBtGyE0AtCtA0FyCyBzyyD2Q");
user_pref("), Ersetzt,[a57c31103753082ee8922beac3432bd5]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q&cr=369729818&ir=");), Ersetzt,[1b06c1804a4044f25f1c74a113f314ec]
PUP.Optional.MySearchDial.A, C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js, Gut: (), Schlecht: (ser_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
user_pref("extensions.mysearchdial.dnsErr", true);
user_pref("extensions.mysearchdial_i.newTab", false);
user_pref("extensions.mysea), Ersetzt,[33eeaa975139270f6318b85d6d9960a0]

Physische Sektoren: 0
(Keine schädliche Elemente erkannt)


(end)
Code:
# AdwCleaner v4.111 - Bericht erstellt 03/03/2015 um 20:30:11
# Aktualisiert 18/02/2015 von Xplode
# Datenbank : 2015-03-02.3 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : Administrator - MEIER-PC
# Gestarted von : C:\Users\Administrator\Downloads\AdwCleaner_4.111.exe
# Option : Löschen

***** [ Dienste ] *****

Dienst Gelöscht : vToolbarUpdater18.1.9

***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Iminent
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Program Files (x86)\Viewpoint
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Umbrella
Ordner Gelöscht : C:\Windows\SysWOW64\ARFC
Ordner Gelöscht : C:\Windows\SysWOW64\jmdp
Ordner Gelöscht : C:\Windows\System32\ARFC
Ordner Gelöscht : C:\Windows\System32\ljkb
Ordner Gelöscht : C:\Users\Administrator\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Administrator\AppData\LocalLow\Viewpoint
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\Iminent
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\RHEng
Ordner Gelöscht : C:\Users\Administrator\AppData\Roaming\SuperEasy Software
Ordner Gelöscht : C:\Users\Administrator\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Windows\System32\dmwu.exe
Datei Gelöscht : C:\Windows\System32\ImhxxpComm.dll
Datei Gelöscht : C:\Users\Administrator\AppData\LocalLow\SkwConfig.bin
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\invalidprefs.js
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\11-suche.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\user.js

***** [ Geplante Tasks ] *****

Task Gelöscht : DealPlyUpdate

***** [ Verknüpfungen ] *****

Verknüpfung Desinfiziert : C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registrierungsdatenbank ] *****

Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{01994268-3C10-4044-A1EA-7A9C1B739A11}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C58D664A-3DBC-4925-AE74-0382007DF113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C776D7F4-BA85-4B75-AAFC-3A0A11FE6E36}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\filescout
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Babylon
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\performersoft llc
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Viewpoint
Schlüssel Gelöscht : HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{81FCC50B-950F-4063-8E4A-D99CAA4FBB1F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Web Assistant
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\B05CCF18F0593604E8A49DC9AAF4BBF1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\B05CCF18F0593604E8A49DC9AAF4BBF1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04D01B4BB24CCD043B69431CCABB1A34
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0702826FCAC36EE52AC0441EEEEE2170
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1198E28F40C3E185E9958608554D4253
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\14C66209FCA938858B9729645C666684
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\15A073601B9AEC3549BE4A9314794615
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1F7C80F9CE5CDF44E9AADDC99402534C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\206AF45B775E3A445B3B2273827DA85F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\225C3CBCEB850204D860A6C7CC7724AF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2310FC151CD4F185798FA0996B3524D7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\28572D2E2DE533256AC6B560EA573C22
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29C79786B109AC443B0DC7BFD61B1896
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2ABB56EABB920EB59B04BDDD26A62083
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2DABA02DFED47E352A2FA2EBDD6F6187
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\311567B4A9A002050BB9423FD73FB880
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\373FCED70D7F84E5FB5F3F7B76BEE024
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3BE992C130B235E53A2937391FDCA35B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3DA5F64B3483DE549947A9164ACBAD21
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3ED93605BB9B6635E9D0D86615AF31F1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\43C098337DB065A49B665D4EA7F16D1C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4759B017032BA185F9BA6F7DBC95A2D4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4A78ABCBB54E46E5482A3EE0AD66C39E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4F9E947B6B895EB5A86757FC5D3DB862
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4FEEA83BF72B97E43A2DF0EE4BE4F261
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\509EC7EFB89B7D942997574AB14037A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50A730A9A3A61BF5BA70CA8A3B7C133B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\51A95A1D4CDE4F958A9451FBB39BF54A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\536133807DE80465BA6CD0A9742B7DE5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5E25036E68895D45B95E72D1C3C58C74
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60ECC80C54085B141A40437A96CA2618
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\60FD8CD5BE007315CA3B5C7E41F24017
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\618E7D05458C4F257909ED9C8CDC0D66
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\621C21014D3C152529E2460FA6304EE3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6241FF6F317CABD4EBBEE0DE9076BD94
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\636B9C23C79154B57AB561F39A139BFD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\65AAF0F0CB7F0B45F900FDF19CEAAF2B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6879A5E348601C45986308CA84958E94
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A6F3B7A9805E1F5492A1020EEDF2341
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B1F5D204E4EEB342A5AD1D7E60D61BF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7005A2A4DCF9DD7548137AB17E3A3AF3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\712EAF07EE73CC65C822CC3BAE3B2483
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75FF6D97AF9FC004A9521D4B83FA6321
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7947B301B2446E752A3FE06EAD7D26B5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7987CE52D13E16258B0E1E3DB1BB0974
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7BEED197C514FDA53901AE8DD8EF0891
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DFDCF03D46C34159BDE29FBDBF1ACF5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\87EC9ACEAFE8ECD52A529663CD35213F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\890F436B85B790A55A582B7307DA12CE
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8C13DA6755F685B529615C8E92B3CA39
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D07CD9CB3E6BE652872BF06A1CCA782
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\90841B1FC98200349925C88999866F17
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\94194FDD4DF523E53A888D65722A135D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\95266D07D008D2E4E9B6F8E0DD15432A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A4223BBC9438CAD49BBE10B4E344B1DD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A71991503412AEB42838B02C5ED9F9CD
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A72F23B1D745C27508518132197BC982
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A89E2B6FB14D8275DA63D075171DA184
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9C43CD4001E9E4518B274AF9A0EFDA9
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AABA081CF7F19915FBB80B3BAF47CE63
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AC2A0FFD0A1686D53A4E24D6E96949E4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE5BDB2750259915D8442D4591A7717B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B1A79C71D5DC1C150B76B6ED11195DFC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B6D497DB33974935488761F7C4C3D755
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B752EF3300008394886C402CC27B474F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B8C8BCC1206978D51A8B9EECBF806C53
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAD3576CEA646895B962F94754612791
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BB4091512C8F4295E99CE2D061ED2020
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BEE6BBC9A31531F598794A62120B51C7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C19162788CA4D235E829F88E2F771567
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C71F07DA356B66B5484A8E7F2ADEB7DC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C96AD15EE8E887B56BAF2136A9088503
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C9E6B66ECC49D155888399C51D05C49E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CA360F24F0B214744BE40657FDA0B727
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CB13D869D7D092348847B7481BB59E27
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE85F265816AE2D4E9B73C3E207E679C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5389AEEA4A1E20428D045E86BCF643B
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D5B62BB7BC607FB539585E2B7B6AFD16
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB027F01D4D53765C8E4FBE7DB77E07E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DC2EB492393411F5ABE8ED13C59FBF20
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDA2534BD056D1F44B6EC96AAA7F1F6E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DDCA763D4C48A105086B4CCCEE78043F
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DEF7558C7CD27EF46AF802AFBE402675
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E05B987540A9E2849AAF9E5B06C27DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E09F4A6B9D2A08B599AE9E38BFC93CD6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E27B6535D0D94A24E91047C7D86F27BC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E45D171E075A5425CBACF6631A45FA39
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E513C2076D90AD04F888BD762143F191
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E8F4C985459564F5B8DCFF2B3C7EBD27
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E96E33222BAC06B57A1FA9D72951C945
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EAA46CE9007F70A5CAFA5F26E5DDEBE5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE43FF091A8714A599F33EF2533FB59A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EE790015CF30DAA569960905FF1651A0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EEB44C47185BD304D80FDF5A4BBE8F54
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F214EB834D2EC474CA76C1CDE306CF3A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F25491036D0FA5D5FA6742F5742F151A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F2E0D3DD9E5E4B74CA43BCE77815E287
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F4D1BA8B482D9734E943EE260A7ADEF2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F6704141BAAF6884785EC6843143D6A7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7507D4D4C310125E9A22BD909A41FB6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F7652513C62FF63448CFF05163719DB7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F79C21D785419125595AC59458A6142D
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA15C90F092A60F53A4E0F88CED02968
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA1CF130B3D58B553833ACB6BE8AFAD4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB0F1A18E4F0DBD509A42F4D4C05C02A
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FD17ED194F1C2B457B4F6EF4AE8DEAF3
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\3192AA38321C641458DBDAF83979D193
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\B05CCF18F0593604E8A49DC9AAF4BBF1
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F1057DD419AED0B468AD8888429E139A

***** [ Internetbrowser ] *****

-\\ Internet Explorer v11.0.9600.17631

Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Mozilla Firefox v36.0 (x86 de)

[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.AL", 2);
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.aflt", "ir_14_12_ff");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.cr", "369729818");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.id", "902B341DDACB913A");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.instlDay", "16150");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.instlRef", "140305_b");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q&cr=369729818&ir=");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=ir_14_12_ff&cd=2XzuyEtN2Y1L1QzuzytDtB0BtAyEtC0DGtB0AtByDtG0CyB0CyBtGyE0AtCtA0FyCyBzyyD2Q&cr=369729818&ir=&q=");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.29.0");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.29.0");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.29.019:39:29");
[zp0ff7rc.default-1385207627188\prefs.js] - Zeile Gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"artur.dubovoy@gmail.com\":{\"d\":\"C:\\\\Users\\\\Administrator\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\zp0ff7rc.default-138520[...]

*************************

AdwCleaner[R0].txt - [44868 Bytes] - [03/03/2015 20:28:48]
AdwCleaner[S0].txt - [43736 Bytes] - [03/03/2015 20:30:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [43796  Bytes] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.3 (03.01.2015:1)
OS: Windows 7 Home Premium x64
Ran by Administrator on 03.03.2015 at 20:34:43,95
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Administrator\AppData\Roaming\mozilla\firefox\profiles\zp0ff7rc.default-1385207627188\minidumps [30 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.03.2015 at 20:36:37,03
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Administrator (administrator) on MEIER-PC on 03-03-2015 20:42:42
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1342303199\ee\aolsoftware.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1342303199\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2580177475-3764215397-4099907053-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,start page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\webde-suche.xml
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Flashblock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: Video Downloader professional - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\ffext_basicvideoext@startpage24.xpi [2013-11-23]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Kaspersky виртуелна тастатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-08-18]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-08-05] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
S3 PDNETCTL; C:\Windows\SysWOW64\DRIVERS\pdnetctl.sys [31941 2005-10-27] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 20:36 - 2015-03-03 20:36 - 00000828 ____C () C:\Users\Administrator\Desktop\JRT.txt
2015-03-03 20:34 - 2015-03-03 20:34 - 01388333 ____C (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2015-03-03 20:31 - 2015-03-03 20:31 - 00044665 ____C () C:\Users\Administrator\Desktop\AdwCleaner[S0].txt
2015-03-03 20:28 - 2015-03-03 20:30 - 00000000 ___DC () C:\AdwCleaner
2015-03-03 20:27 - 2015-03-03 20:27 - 02126848 ____C () C:\Users\Administrator\Downloads\AdwCleaner_4.111.exe
2015-03-03 20:25 - 2015-03-03 20:25 - 00014276 ____C () C:\Users\Administrator\Desktop\mbam.txt
2015-03-03 20:20 - 2015-03-03 20:20 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 20:20 - 2015-03-03 20:20 - 00001102 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 20:20 - 2015-03-03 20:20 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 20:20 - 2015-03-03 20:20 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 20:20 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 20:20 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 20:20 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-03 20:18 - 2015-03-03 20:18 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-03 08:12 - 2015-03-03 08:13 - 139706733 ____C () C:\Users\Administrator\Downloads\FF20150228.mp4
2015-03-03 08:09 - 2015-03-03 08:11 - 193558648 ____C () C:\Users\Administrator\Downloads\TM20150226.mp4
2015-03-03 08:08 - 2015-03-03 08:09 - 78993774 ____C () C:\Users\Administrator\Downloads\CamillaTominey20150227.mp4
2015-03-02 19:39 - 2015-03-02 19:40 - 120372269 ____C () C:\Users\Administrator\Downloads\Lorraine20150302.mp4
2015-03-02 19:37 - 2015-03-02 19:38 - 88882164 ____C () C:\Users\Administrator\Downloads\JaneWitherspoon20150302.mp4
2015-03-02 19:31 - 2015-03-02 19:31 - 00038440 ____C () C:\ComboFix.txt
2015-03-02 19:25 - 2015-03-02 19:31 - 00000000 ___DC () C:\Qoobox
2015-03-02 19:25 - 2015-03-02 19:31 - 00000000 ___DC () C:\ComboFix
2015-03-02 19:25 - 2015-03-02 19:30 - 00000000 ___DC () C:\Windows\erdnt
2015-03-02 19:25 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-03-02 19:25 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-03-02 19:15 - 2015-03-02 19:25 - 05612482 ___RC (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-03-02 19:10 - 2015-03-02 19:10 - 00001264 ____C () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2015-03-02 19:10 - 2015-03-02 19:10 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group
2015-03-02 19:09 - 2015-03-02 19:09 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2015-03-02 15:41 - 2015-03-02 15:41 - 00028914 ____C () C:\Users\Administrator\Downloads\Addition.txt
2015-03-02 15:40 - 2015-03-03 20:42 - 00017854 ____C () C:\Users\Administrator\Downloads\FRST.txt
2015-03-02 15:40 - 2015-03-03 20:42 - 00000000 ___DC () C:\FRST
2015-03-02 15:40 - 2015-03-02 15:40 - 02092544 ____C (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-03-02 00:20 - 2015-03-02 00:20 - 00000000 __RDC () C:\MSOCache
2015-03-01 12:09 - 2015-03-01 12:13 - 208123812 ____C () C:\Users\Administrator\Downloads\SWeaver20150228.mp4
2015-02-28 22:36 - 2015-02-28 22:36 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 21:34 - 2015-02-26 21:34 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 11:17 - 2015-02-25 11:17 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 11:17 - 2015-02-25 11:17 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 15:37 - 2015-03-03 20:30 - 00008568 ____C () C:\Windows\PFRO.log
2015-02-24 08:11 - 2015-02-24 08:12 - 158642802 ____C () C:\Users\Administrator\Downloads\AndreaMclean20150223.mp4
2015-02-23 22:21 - 2015-02-23 22:21 - 00341880 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 22:21 - 2015-02-23 22:21 - 00000020 __SHC () C:\Users\Administrator\ntuser.ini
2015-02-23 20:18 - 2015-03-03 20:30 - 00002240 ____C () C:\Windows\setupact.log
2015-02-23 20:18 - 2015-02-23 20:18 - 00000000 ____C () C:\Windows\setuperr.log
2015-02-23 20:05 - 2015-02-23 20:05 - 00086160 ____C () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 13:54 - 2015-02-23 13:54 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 13:54 - 2015-02-23 13:54 - 00000822 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 13:54 - 2015-02-23 13:54 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 13:54 - 2015-02-23 13:54 - 00000000 ___DC () C:\Program Files\CCleaner
2015-02-23 11:02 - 2015-02-23 11:04 - 222469916 ____C () C:\Users\Administrator\Downloads\Fastlane20150223.mp4
2015-02-22 23:28 - 2015-02-22 23:30 - 207051158 ____C () C:\Users\Administrator\Downloads\LauraWhitmore20150222.mp4
2015-02-22 23:25 - 2015-02-22 23:27 - 177803993 ____C () C:\Users\Administrator\Downloads\CeliaSawyer20150222.mp4
2015-02-22 18:56 - 2015-02-22 18:58 - 209058681 ____C () C:\Users\Administrator\Downloads\Soap20150222.mp4
2015-02-21 22:36 - 2015-02-21 22:37 - 156812637 ____C () C:\Users\Administrator\Downloads\LisaSnowdon20141129.mp4
2015-02-21 17:24 - 2015-02-21 17:26 - 146456450 ____C () C:\Users\Administrator\Downloads\LaurenSimon.mp4
2015-02-12 07:54 - 2015-02-12 08:38 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:02 - 2015-02-11 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:02 - 2015-02-11 11:25 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:02 - 2015-02-11 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:02 - 2015-02-11 11:25 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:02 - 2015-02-11 11:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-06 19:58 - 2015-02-06 19:58 - 00002233 ____C () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-03 20:37 - 2009-07-14 05:45 - 00029120 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-03 20:37 - 2009-07-14 05:45 - 00029120 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-03 20:36 - 2011-04-12 08:43 - 00699432 ____C () C:\Windows\system32\perfh007.dat
2015-03-03 20:36 - 2011-04-12 08:43 - 00149572 ____C () C:\Windows\system32\perfc007.dat
2015-03-03 20:36 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-03-03 20:33 - 2012-07-11 09:25 - 01223748 ____C () C:\Windows\WindowsUpdate.log
2015-03-03 20:31 - 2012-07-14 01:42 - 00000000 ___DC () C:\ProgramData\Kaspersky Lab
2015-03-03 20:30 - 2014-05-14 09:24 - 00001079 ____C () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-03-03 20:30 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-03-03 20:16 - 2012-07-16 08:32 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-03 20:11 - 2012-07-14 22:45 - 00000000 ___DC () C:\Users\Administrator\AppData\Roaming\vlc
2015-03-02 19:31 - 2009-07-14 04:20 - 00000000 _RHDC () C:\Users\Default
2015-03-02 19:29 - 2012-07-14 22:59 - 00000000 ___DC () C:\Program Files (x86)\AOL Desktop 9.6
2015-03-02 19:29 - 2009-07-14 03:34 - 77070336 _____ () C:\Windows\system32\config\software.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 16252928 _____ () C:\Windows\system32\config\system.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-03-01 12:06 - 2014-02-25 10:29 - 01594028 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-28 23:00 - 2012-07-14 02:15 - 00000000 __RDC () C:\Users\Administrator\Eigene Bilder
2015-02-28 23:00 - 2012-07-14 02:15 - 00000000 ___DC () C:\Users\Administrator
2015-02-28 22:41 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\tracing
2015-02-28 12:12 - 2013-11-13 20:26 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-02-27 07:49 - 2013-11-23 13:36 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 15:45 - 2014-04-02 15:56 - 00001855 ____C () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 13:54 - 2012-07-11 10:21 - 00000000 ___DC () C:\Windows\Panther
2015-02-23 01:32 - 2012-07-14 02:15 - 00001421 ____C () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-17 18:44 - 2012-08-13 15:49 - 00177864 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-02-17 07:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:29 - 2014-12-10 15:17 - 00000000 ___DC () C:\Windows\system32\appraiser
2015-02-11 11:29 - 2014-05-06 16:15 - 00000000 __SDC () C:\Windows\system32\CompatTel
2015-02-11 11:25 - 2012-07-15 00:43 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-02-11 11:24 - 2013-08-15 06:01 - 00000000 ___DC () C:\Windows\system32\MRT
2015-02-11 11:22 - 2012-07-15 00:56 - 116773704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 11:18 - 2012-07-27 13:45 - 00000099 ____C () C:\Users\Public\LMDebug.log
2015-02-08 01:30 - 2012-07-14 13:46 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\Microsoft Games
2015-02-06 19:59 - 2014-12-27 23:35 - 00000000 ___DC () C:\Users\Administrator\.gimp-2.8
2015-02-06 19:58 - 2014-12-26 23:44 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\gtk-2.0
2015-02-05 23:16 - 2012-07-16 08:32 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:16 - 2012-07-16 08:32 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 23:16 - 2012-07-16 08:32 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-11-23 13:35 - 2013-11-23 13:35 - 0283184 ____C (Mozilla) C:\Program Files\Firefox Setup Stub 25.0.1.exe
2012-07-14 01:41 - 2012-04-18 00:19 - 145454840 ___RC (Kaspersky Lab) C:\Program Files\kis12.0.0.374de.exe
2014-03-21 20:45 - 2014-03-31 15:45 - 0000067 ____C () C:\Users\Administrator\AppData\Roaming\WB.CFG
2015-02-06 19:58 - 2015-02-06 19:58 - 0002233 ____C () C:\Users\Administrator\AppData\Local\recently-used.xbel
2012-07-14 02:15 - 2012-07-14 02:15 - 0017408 ____C () C:\Users\Administrator\AppData\Local\WebpageIcons.db

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 13:19

==================== End Of Log ============================
--- --- ---

schrauber 04.03.2015 08:48

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

Haniver87 04.03.2015 10:58
Zitat:
Zitat von schrauber (Beitrag 1435914)
Noch Probleme? :)
Alles unverändert. :(

Code:
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=944e9c58abaa14489f3a38b89e031bd7
# engine=22746
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-03-04 09:44:17
# local_time=2015-03-04 10:44:17 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky Internet Security'
# compatibility_mode=1291 16777213 100 99 7006 80232179 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 142533 177092107 0 0
# scanned=155957
# found=6
# cleaned=0
# scan_time=1274
sh=3AEF532A0211CE7869F0EB51E940D9E0C7CAE321 ft=1 fh=c7560653d3ee2314 vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=6391F475328183373BB2BED2E5704E5088FF5C8A ft=1 fh=3d6e0b0b2f0f489a vn="Variante von Win32/Adware.Yontoo.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir"
sh=B0E4BC410F863D3B90071E5A9767F0E5353B0367 ft=1 fh=5ea18946fb786f82 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\JDownloader\toolbar.exe"
sh=DC935CCB0E757C9C719A73A1D67A70CF645516A6 ft=0 fh=0000000000000000 vn="Variante von Win32/Toolbar.Babylon.Q evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\9671f.msi"
sh=C8D09EDF4B276759AE98F62253492A70F1CBF333 ft=1 fh=a39f2738cae3dad4 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L37S7LGQ\update[1]"
sh=C8D09EDF4B276759AE98F62253492A70F1CBF333 ft=1 fh=a39f2738cae3dad4 vn="Variante von Win32/Toolbar.Perion.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\L37S7LGQ\update[1]"
Code:
Results of screen317's Security Check version 0.99.96 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Kaspersky Internet Security 
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 JavaFX 2.1.1   
 Java 7 Update 45 
 Java version 32-bit out of Date!
  Java 64-bit 8 Update 31 
 Adobe Flash Player 16.0.0.305 
 Adobe Reader XI 
 Mozilla Firefox (36.0)
````````Process Check: objlist.exe by Laurent```````` 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

FRST Logfile:

FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-03-2015
Ran by Administrator (administrator) on MEIER-PC on 04-03-2015 10:51:46
Running from C:\Users\Administrator\Downloads
Loaded Profiles: Administrator (Available profiles: Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(AOL Inc.) C:\Program Files (x86)\Common Files\AOL\1342303199\ee\aolsoftware.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AOL LLC) C:\Program Files (x86)\Common Files\AOL\acs\AOLacsd.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\waol.exe
(AOL Inc.) C:\Program Files (x86)\AOL Desktop 9.6\shellmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [CDAServer] => C:\Program Files\Common Files\Common Desktop Agent\CDASrv.exe [456704 2012-02-20] ()
HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5028464 2012-01-12] (VIA)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-11-29] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-01-27] (Intel Corporation)
HKLM-x32\...\Run: [HostManager] => C:\Program Files (x86)\Common Files\AOL\1342303199\ee\AOLSoftware.exe [41800 2010-03-08] (AOL Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AVP] => C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7404312 2015-01-20] (Piriform Ltd)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\Run: [AOL Fast Start] => C:\Program Files (x86)\AOL Desktop 9.6\AOL.EXE [42320 2011-04-25] (AOL Inc.)
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\...\RunOnce: [Adobe Speed Launcher] => 1425455251

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2580177475-3764215397-4099907053-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2580177475-3764215397-4099907053-500\Software\Microsoft\Internet Explorer\Main,start page = about:blank
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Reader -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @protectdisc.com/NPMPDRM -> C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( )
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\searchplugins\webde-suche.xml
FF Extension: Flash Video Downloader - YouTube HD Download [4K] - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\artur.dubovoy@gmail.com [2015-02-15]
FF Extension: Flashblock - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2014-12-10]
FF Extension: Video Downloader professional - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\ffext_basicvideoext@startpage24.xpi [2013-11-23]
FF Extension: Adblock Plus - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\zp0ff7rc.default-1385207627188\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-05]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\url_advisor@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Kaspersky виртуелна тастатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\virtual_keyboard@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com
FF Extension: Gevaarlijke websiteblokkering - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\content_blocker@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\anti_banner@kaspersky.com [2013-08-18]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\FFExt\online_banking@kaspersky.com [2013-08-18]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\urladvisor.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\online_banking_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\content_blocker_chrome.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\virtkbd.crx [2012-10-25]
CHR HKLM-x32\...\Chrome\Extension: [lpoimibckejjdjcfbdnajaicnklhfplh] - https://chrome.google.com/webstore/detail/lpoimibckejjdjcfbdnajaicnklhfplh [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.3.0.49\avg.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\ChromeExt\ab.crx [2012-10-25]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe [356128 2013-10-10] (Kaspersky Lab ZAO)
S3 ICCS; C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [160256 2011-08-30] (Intel Corporation) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-03] (Macrovision Corporation) [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2011-12-16] (Intel Corporation)
R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27760 2012-01-10] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 appliand; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
R3 appliandMP; C:\Windows\System32\DRIVERS\appliand.sys [33888 2011-06-26] (Applian Technologies Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 GVTDrv64; C:\Windows\GVTDrv64.sys [30528 2012-08-05] ()
R1 HssDRV6; C:\Windows\System32\DRIVERS\hssdrv6.sys [41704 2012-08-01] (AnchorFree Inc.)
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2013-12-11] (Kaspersky Lab ZAO)
U5 klflt; C:\Windows\System32\Drivers\klflt.sys [91008 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [628320 2014-05-20] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-12-11] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-10] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [54368 2013-08-18] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [177864 2015-02-17] (Kaspersky Lab ZAO)
S3 PDNETCTL; C:\Windows\SysWOW64\DRIVERS\pdnetctl.sys [31941 2005-10-27] () [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 10:50 - 2015-03-04 10:50 - 00000854 ____C () C:\Users\Administrator\Desktop\checkup.txt
2015-03-04 10:49 - 2015-03-04 10:49 - 00852594 ____C () C:\Users\Administrator\Downloads\SecurityCheck.exe
2015-03-04 10:20 - 2015-03-04 10:20 - 02347384 ____C (ESET) C:\Users\Administrator\Downloads\esetsmartinstaller_deu.exe
2015-03-03 20:34 - 2015-03-03 20:34 - 01388333 ____C (Thisisu) C:\Users\Administrator\Downloads\JRT.exe
2015-03-03 20:28 - 2015-03-03 20:30 - 00000000 ___DC () C:\AdwCleaner
2015-03-03 20:27 - 2015-03-03 20:27 - 02126848 ____C () C:\Users\Administrator\Downloads\AdwCleaner_4.111.exe
2015-03-03 20:20 - 2015-03-03 20:20 - 00129752 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-03-03 20:20 - 2015-03-03 20:20 - 00001102 ____C () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-03-03 20:20 - 2015-03-03 20:20 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-03-03 20:20 - 2015-03-03 20:20 - 00000000 ___DC () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-03-03 20:20 - 2014-11-21 06:14 - 00093400 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-03-03 20:20 - 2014-11-21 06:14 - 00063704 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-03-03 20:20 - 2014-11-21 06:14 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-03-03 20:18 - 2015-03-03 20:18 - 20447072 ____C (Malwarebytes Corporation ) C:\Users\Administrator\Downloads\mbam-setup-2.0.4.1028.exe
2015-03-03 08:12 - 2015-03-03 08:13 - 139706733 ____C () C:\Users\Administrator\Downloads\FF20150228.mp4
2015-03-03 08:09 - 2015-03-03 08:11 - 193558648 ____C () C:\Users\Administrator\Downloads\TM20150226.mp4
2015-03-03 08:08 - 2015-03-03 08:09 - 78993774 ____C () C:\Users\Administrator\Downloads\CamillaTominey20150227.mp4
2015-03-02 19:39 - 2015-03-02 19:40 - 120372269 ____C () C:\Users\Administrator\Downloads\Lorraine20150302.mp4
2015-03-02 19:37 - 2015-03-02 19:38 - 88882164 ____C () C:\Users\Administrator\Downloads\JaneWitherspoon20150302.mp4
2015-03-02 19:31 - 2015-03-02 19:31 - 00038440 ____C () C:\ComboFix.txt
2015-03-02 19:25 - 2015-03-02 19:31 - 00000000 ___DC () C:\Qoobox
2015-03-02 19:25 - 2015-03-02 19:31 - 00000000 ___DC () C:\ComboFix
2015-03-02 19:25 - 2015-03-02 19:30 - 00000000 ___DC () C:\Windows\erdnt
2015-03-02 19:25 - 2010-11-07 18:20 - 00208896 ____C () C:\Windows\MBR.exe
2015-03-02 19:25 - 2009-04-20 05:56 - 00060416 ____C (NirSoft) C:\Windows\NIRCMD.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00518144 ____C (SteelWerX) C:\Windows\SWREG.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00406528 ____C (SteelWerX) C:\Windows\SWSC.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00098816 ____C () C:\Windows\sed.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00080412 ____C () C:\Windows\grep.exe
2015-03-02 19:25 - 2000-08-31 01:00 - 00068096 ____C () C:\Windows\zip.exe
2015-03-02 19:15 - 2015-03-02 19:25 - 05612482 ___RC (Swearware) C:\Users\Administrator\Downloads\ComboFix.exe
2015-03-02 19:10 - 2015-03-02 19:10 - 00001264 ____C () C:\Users\Administrator\Desktop\Revo Uninstaller.lnk
2015-03-02 19:10 - 2015-03-02 19:10 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group
2015-03-02 19:09 - 2015-03-02 19:09 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\Administrator\Downloads\revosetup95.exe
2015-03-02 15:41 - 2015-03-02 15:41 - 00028914 ____C () C:\Users\Administrator\Downloads\Addition.txt
2015-03-02 15:40 - 2015-03-04 10:51 - 00018477 ____C () C:\Users\Administrator\Downloads\FRST.txt
2015-03-02 15:40 - 2015-03-04 10:51 - 00000000 ___DC () C:\FRST
2015-03-02 15:40 - 2015-03-02 15:40 - 02092544 ____C (Farbar) C:\Users\Administrator\Downloads\FRST64.exe
2015-03-02 00:20 - 2015-03-02 00:20 - 00000000 __RDC () C:\MSOCache
2015-03-01 12:09 - 2015-03-01 12:13 - 208123812 ____C () C:\Users\Administrator\Downloads\SWeaver20150228.mp4
2015-02-28 22:36 - 2015-02-28 22:36 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-28 22:36 - 2015-02-28 22:36 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-26 21:34 - 2015-02-26 21:34 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2015-02-25 11:17 - 2015-02-25 11:17 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-25 11:17 - 2015-02-25 11:17 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-24 15:37 - 2015-03-03 20:30 - 00008568 ____C () C:\Windows\PFRO.log
2015-02-24 08:11 - 2015-02-24 08:12 - 158642802 ____C () C:\Users\Administrator\Downloads\AndreaMclean20150223.mp4
2015-02-23 22:21 - 2015-02-23 22:21 - 00341880 ____C () C:\Windows\system32\FNTCACHE.DAT
2015-02-23 22:21 - 2015-02-23 22:21 - 00000020 __SHC () C:\Users\Administrator\ntuser.ini
2015-02-23 20:18 - 2015-03-04 08:47 - 00002352 ____C () C:\Windows\setupact.log
2015-02-23 20:18 - 2015-02-23 20:18 - 00000000 ____C () C:\Windows\setuperr.log
2015-02-23 20:05 - 2015-02-23 20:05 - 00086160 ____C () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 13:54 - 2015-02-23 13:54 - 00002788 ____C () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-02-23 13:54 - 2015-02-23 13:54 - 00000822 ____C () C:\Users\Public\Desktop\CCleaner.lnk
2015-02-23 13:54 - 2015-02-23 13:54 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-02-23 13:54 - 2015-02-23 13:54 - 00000000 ___DC () C:\Program Files\CCleaner
2015-02-23 11:02 - 2015-02-23 11:04 - 222469916 ____C () C:\Users\Administrator\Downloads\Fastlane20150223.mp4
2015-02-22 23:28 - 2015-02-22 23:30 - 207051158 ____C () C:\Users\Administrator\Downloads\LauraWhitmore20150222.mp4
2015-02-22 23:25 - 2015-02-22 23:27 - 177803993 ____C () C:\Users\Administrator\Downloads\CeliaSawyer20150222.mp4
2015-02-22 18:56 - 2015-02-22 18:58 - 209058681 ____C () C:\Users\Administrator\Downloads\Soap20150222.mp4
2015-02-21 22:36 - 2015-02-21 22:37 - 156812637 ____C () C:\Users\Administrator\Downloads\LisaSnowdon20141129.mp4
2015-02-21 17:24 - 2015-02-21 17:26 - 146456450 ____C () C:\Users\Administrator\Downloads\LaurenSimon.mp4
2015-02-12 07:54 - 2015-02-12 08:38 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-12 07:54 - 2015-02-12 08:38 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-11 09:02 - 2015-02-11 11:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-11 09:02 - 2015-02-11 11:25 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-11 09:02 - 2015-02-11 11:25 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-11 09:02 - 2015-02-11 11:25 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-11 09:02 - 2015-02-11 11:25 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-11 09:02 - 2015-02-11 11:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-11 09:02 - 2015-02-11 11:24 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-11 09:02 - 2015-02-11 11:24 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-11 09:02 - 2015-02-11 11:24 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-11 09:02 - 2015-02-11 11:22 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-11 09:02 - 2015-02-11 11:22 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-11 09:02 - 2015-02-11 11:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-06 19:58 - 2015-02-06 19:58 - 00002233 ____C () C:\Users\Administrator\AppData\Local\recently-used.xbel

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-04 10:31 - 2012-07-11 09:25 - 01249666 ____C () C:\Windows\WindowsUpdate.log
2015-03-04 10:16 - 2012-07-16 08:32 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-03-04 09:46 - 2012-07-14 22:45 - 00000000 ___DC () C:\Users\Administrator\AppData\Roaming\vlc
2015-03-04 09:04 - 2012-07-14 01:42 - 00000000 ___DC () C:\ProgramData\Kaspersky Lab
2015-03-04 08:54 - 2011-04-12 08:43 - 00699432 ____C () C:\Windows\system32\perfh007.dat
2015-03-04 08:54 - 2011-04-12 08:43 - 00149572 ____C () C:\Windows\system32\perfc007.dat
2015-03-04 08:54 - 2009-07-14 06:13 - 01620684 ____C () C:\Windows\system32\PerfStringBackup.INI
2015-03-04 08:54 - 2009-07-14 05:45 - 00029120 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-04 08:54 - 2009-07-14 05:45 - 00029120 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-04 08:47 - 2009-07-14 06:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2015-03-03 20:30 - 2014-05-14 09:24 - 00001079 ____C () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2015-03-02 19:31 - 2009-07-14 04:20 - 00000000 _RHDC () C:\Users\Default
2015-03-02 19:29 - 2012-07-14 22:59 - 00000000 ___DC () C:\Program Files (x86)\AOL Desktop 9.6
2015-03-02 19:29 - 2009-07-14 03:34 - 77070336 _____ () C:\Windows\system32\config\software.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 16252928 _____ () C:\Windows\system32\config\system.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00524288 _____ () C:\Windows\system32\config\default.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\security.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\sam.bak
2015-03-02 19:29 - 2009-07-14 03:34 - 00000215 ____C () C:\Windows\system.ini
2015-03-01 12:06 - 2014-02-25 10:29 - 01594028 ____C () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-28 23:00 - 2012-07-14 02:15 - 00000000 __RDC () C:\Users\Administrator\Eigene Bilder
2015-02-28 23:00 - 2012-07-14 02:15 - 00000000 ___DC () C:\Users\Administrator
2015-02-28 22:41 - 2009-07-14 04:20 - 00000000 ___DC () C:\Windows\tracing
2015-02-28 12:12 - 2013-11-13 20:26 - 00000000 ___DC () C:\ProgramData\Malwarebytes
2015-02-27 07:49 - 2013-11-23 13:36 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 15:45 - 2014-04-02 15:56 - 00001855 ____C () C:\Users\Public\Desktop\iTunes.lnk
2015-02-23 13:54 - 2012-07-11 10:21 - 00000000 ___DC () C:\Windows\Panther
2015-02-23 01:32 - 2012-07-14 02:15 - 00001421 ____C () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-17 18:44 - 2012-08-13 15:49 - 00177864 ____C (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2015-02-17 07:50 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-15 16:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-02-11 11:29 - 2014-12-10 15:17 - 00000000 ___DC () C:\Windows\system32\appraiser
2015-02-11 11:29 - 2014-05-06 16:15 - 00000000 __SDC () C:\Windows\system32\CompatTel
2015-02-11 11:25 - 2012-07-15 00:43 - 00000000 ___DC () C:\ProgramData\Microsoft Help
2015-02-11 11:24 - 2013-08-15 06:01 - 00000000 ___DC () C:\Windows\system32\MRT
2015-02-11 11:22 - 2012-07-15 00:56 - 116773704 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-11 11:18 - 2012-07-27 13:45 - 00000099 ____C () C:\Users\Public\LMDebug.log
2015-02-08 01:30 - 2012-07-14 13:46 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\Microsoft Games
2015-02-06 19:59 - 2014-12-27 23:35 - 00000000 ___DC () C:\Users\Administrator\.gimp-2.8
2015-02-06 19:58 - 2014-12-26 23:44 - 00000000 ___DC () C:\Users\Administrator\AppData\Local\gtk-2.0
2015-02-05 23:16 - 2012-07-16 08:32 - 00701616 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-02-05 23:16 - 2012-07-16 08:32 - 00071344 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-02-05 23:16 - 2012-07-16 08:32 - 00003822 ____C () C:\Windows\System32\Tasks\Adobe Flash Player Updater

==================== Files in the root of some directories =======

2013-11-23 13:35 - 2013-11-23 13:35 - 0283184 ____C (Mozilla) C:\Program Files\Firefox Setup Stub 25.0.1.exe
2012-07-14 01:41 - 2012-04-18 00:19 - 145454840 ___RC (Kaspersky Lab) C:\Program Files\kis12.0.0.374de.exe
2014-03-21 20:45 - 2014-03-31 15:45 - 0000067 ____C () C:\Users\Administrator\AppData\Roaming\WB.CFG
2015-02-06 19:58 - 2015-02-06 19:58 - 0002233 ____C () C:\Users\Administrator\AppData\Local\recently-used.xbel
2012-07-14 02:15 - 2012-07-14 02:15 - 0017408 ____C () C:\Users\Administrator\AppData\Local\WebpageIcons.db

Some content of TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-25 13:19

==================== End Of Log ============================
--- --- ---

--- --- ---

schrauber 04.03.2015 11:31
Zeig mal das Log von Kaspersky mit den Funden, damit ich die kompletten Pfade sehe.

Haniver87 04.03.2015 14:16
Wo finde ich denn das Kaspersky-Log? Und wie heißt das?

schrauber 04.03.2015 17:18
In Kaspersky selbst muss es dazu den Reiter oder nen Button geben. Ich kenne die Oberfläche von KAV nicht.

Haniver87 04.03.2015 18:49
Ich kann dir damit dienen:
http://thumbnails110.imagebam.com/39...5394750774.jpg

Okay so? Ich habe auch schon versucht, die Dinger alle per Hand zu löschen - zwecklos.

schrauber 05.03.2015 07:08
Argh, ich kann das Bild nicht vergrößern. Kannst Du das Bild bitte anhängen?

Haniver87 05.03.2015 08:14
Hier ist der direkte Link: hxxp://www.imagebam.com/image/92f455394750774


Alle Zeitangaben in WEZ +1. Es ist jetzt 05:42 Uhr.
Seite 1 von 3 1 23
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132