BigSmoke1988 | 29.07.2015 14:33 | mbam Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlaufdatum: 29.07.2015
Suchlaufzeit: 11:42
Protokolldatei: mbam.txt
Administrator: Ja
Version: 2.1.8.1057
Malware-Datenbank: v2015.07.29.02
Rootkit-Datenbank: v2015.07.29.01
Lizenz: Kostenlose Version
Malware-Schutz: Deaktiviert
Schutz vor bösartigen Websites: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: User
Suchlauftyp: Bedrohungssuchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 410989
Abgelaufene Zeit: 25 Min., 18 Sek.
Speicher: Aktiviert
Start: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(keine bösartigen Elemente erkannt)
Module: 0
(keine bösartigen Elemente erkannt)
Registrierungsschlüssel: 14
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, In Quarantäne, [e3a35196800aa88e0a4fe4e4fb079a66],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, In Quarantäne, [e3a35196800aa88e0a4fe4e4fb079a66],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, In Quarantäne, [e3a35196800aa88e0a4fe4e4fb079a66],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{03771AEF-400D-4A13-B712-25878EC4A3F5}, In Quarantäne, [e3a35196800aa88e0a4fe4e4fb079a66],
PUP.Optional.Outbrowse, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{6D4506CE-F855-4657-AA38-DB6B1F733982}, In Quarantäne, [e3a35196800aa88e0a4fe4e4fb079a66],
PUP.Optional.FFPluginHp.A, HKLM\SOFTWARE\WOW6432NODE\FFPluginHp, In Quarantäne, [cfb70ed93f4b39fde35729e680837a86],
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\oursurfingSoftware, In Quarantäne, [2f5739ae4743c2741f1cbf50a063b64a],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SweetIM, In Quarantäne, [295d47a02a60191da1a078aabc475fa1],
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [b5d1885f6327fb3b0324771f3ec6f40c],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP, In Quarantäne, [d1b51ccbc8c28fa7a5d233ff897a02fe],
PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, In Quarantäne, [7b0b40a7f991bc7a6908e9404bb8e31d],
PUP.Optional.SweetIM.A, HKU\S-1-5-18\SOFTWARE\SweetIM, In Quarantäne, [dfa7ce19ed9d38fee0603be7778c2ed2],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT, In Quarantäne, [eb9b85626d1d26107f2476fa30d4c33d],
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-109140196-3676001305-2390646713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [8402af38107a00361a0cdabcd331827e],
Registrierungswerte: 7
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, In Quarantäne, [b5d1885f6327fb3b0324771f3ec6f40c]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}, In Quarantäne, [00865a8db2d8e6501b0c2e681be99070]
PUP.Optional.DefaultSearchProtected.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|defsearchp@gmail.com, C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\extensions\defsearchp@gmail.com, In Quarantäne, [afd77c6b8a004ee86ed35c4781830bf5]
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPDP|dir, C:\Program Files (x86)\SupTab, In Quarantäne, [d1b51ccbc8c28fa7a5d233ff897a02fe]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18\SOFTWARE\WNLT|URL, MYSTART, In Quarantäne, [eb9b85626d1d26107f2476fa30d4c33d]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-109140196-3676001305-2390646713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|DisplayName, oursurfing, In Quarantäne, [8402af38107a00361a0cdabcd331827e]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-109140196-3676001305-2390646713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}, In Quarantäne, [42445196a5e5df574dd9a4f2a65ec53b]
Registrierungsdaten: 16
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[7412b1365b2f1e182d44bb85867fa060]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (Chrome.exe), Schlecht: ("C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[691d38afec9eb1852d4555eb18ede41c]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[6224db0c870385b19bd884bc2cd938c8]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}),Ersetzt,[bcca6483404a44f293e2d36d2fd612ee]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[b1d546a1f49689ad670ead93f90c26da]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Löschen bei Neustart,[731321c64446e056fd78f34d6a9b3bc5]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}),Ersetzt,[6b1b37b093f7dc5ada9b0e32be479d63]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[a6e0994e77130432596b95a9fb0ab34d]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (firefox.exe), Schlecht: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[bbcb2eb9cdbd6acc2849d46cfa0bdb25]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (Chrome.exe), Schlecht: ("C:\Users\User\AppData\Local\Google\Chrome\Application\chrome.exe" hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[fb8b895e44465cdac8aaa59bdc2925db]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\IEXPLORE.EXE\SHELL\OPEN\COMMAND, C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (iexplore.exe), Schlecht: (C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.oursurfing.com/?type=sc&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[5a2c598eeb9f70c68ae97cc4ec192ed2]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Search_URL, hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}),Ersetzt,[c5c1945353377bbb690c3709669f34cc]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[4e38da0d9eeca492eb8a7dc3ca3b29d7]
PUP.Optional.OurSurfing.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}),Ersetzt,[6521e007a8e23600f67f6fd1000533cd]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[9aec8d5abccedb5b14b0d16df11439c7]
PUP.Optional.OurSurfing.ShrtCln, HKU\S-1-5-21-109140196-3676001305-2390646713-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733, Gut: (www.google.com), Schlecht: (hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733),Ersetzt,[3c4ac1265d2d310595d9e65a54b18977]
Ordner: 1
PUP.Optional.OurSurfing.ShrtCln, C:\Users\User\AppData\Roaming\oursurfing, In Quarantäne, [5f27b136c6c44fe7df2aa167f60d29d7],
Dateien: 4
Backdoor.Pcclient, C:\Users\User\AppData\Roaming\Tencent\QQPhoneManager\Applications\5.4.1.4826\uninstall.exe, In Quarantäne, [4e38d710ccbea1959b91a7315da7fd03],
Adware.Agent.ZGen, C:\Program Files (x86)\Steganos Safe OEM\dllregister.exe, In Quarantäne, [bdc9f5f2a4e667cf05e3e89b0cf44db3],
PUP.Optional.Incredibar.A, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_dlnembnfbcpjnepmfjmngjenhhajpdfd_0.localstorage, In Quarantäne, [0086c6214a4087afee3f8bbd4cb7e818],
PUP.Optional.OurSurfing, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Gut: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Schlecht: ("session":{"restore_on_startup":4,"startup_urls":["hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733"]},"sync":{"remaining_rollback_tries":0}}), Ersetzt,[fe88ebfc1f6b25119b8563178283d729]
Physische Sektoren: 0
(keine bösartigen Elemente erkannt)
(end) Adw Code:
# AdwCleaner v4.208 - Bericht erstellt 29/07/2015 um 14:18:10
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-26.2 [Server]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (x64)
# Benutzername : User - USER-PC
# Gestarted von : C:\Users\User\Desktop\Troj\AdwCleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : QQPCRTP
Dienst Gelöscht : TAOAccelerator
Dienst Gelöscht : TSDefenseBt
Dienst Gelöscht : TSSysKit
[#] Dienst Gelöscht : QMUdisk
Dienst Gelöscht : TS888x64
[#] Dienst Gelöscht : QQSysMonX64
[#] Dienst Gelöscht : TSCPM
[#] Dienst Gelöscht : TFsFlt
[#] Dienst Gelöscht : TAOKernelDriver
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\tencent
Ordner Gelöscht : C:\ProgramData\TXQMPC
[!] Ordner Gelöscht : C:\Program Files (x86)\tencent
Ordner Gelöscht : C:\Program Files (x86)\Common Files\tencent
Ordner Gelöscht : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\tencent
[!] Ordner Gelöscht : C:\Program Files\Common Files\tencent
Ordner Gelöscht : C:\Users\User\AppData\Roaming\download Manager
[!] Ordner Gelöscht : C:\Users\User\AppData\Roaming\tencent
Datei Gelöscht : C:\Windows\SysWOW64\drivers\TS888x64.sys
Datei Gelöscht : C:\Windows\System32\drivers\TAOAccelerator64.sys
Datei Gelöscht : C:\Windows\System32\drivers\TAOKernel64.sys
Datei Gelöscht : C:\Windows\System32\drivers\TFsFltX64.sys
Datei Gelöscht : C:\Users\User\AppData\Roaming\WBPU-TTL.DAT
Datei Gelöscht : C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\????\????\????.lnk
***** [ Geplante Tasks ] *****
Task Gelöscht : amiupdaterExd
Task Gelöscht : amiupdaterExi
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ooebklgpfnbcnpokahmdidgbmlcdepkm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKCU\Software\Mozilla\Extends
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\DownloadProxy.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\CLASSES\METNSD
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\browser.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{51BEE30D-EEC8-4BA3-930B-298B8E759EB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00B11DA2-75ED-4364-ABA5-9A95B1F5E946}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{70DE12EA-79F4-46BC-9812-86DB50A2FD64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{459DD0F7-0D55-D3DC-67BC-E6BE37E9D762}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C43F0D7D-78F0-47B8-954C-8FB36960B785}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{50F4150A-48B2-417A-BE4C-C83F580FB904}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7270EC6-0113-4A78-B610-E501D0A9E48E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7C260B4B-F7A0-40B5-B403-BEFCDC6A4C3B}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\SAFARI.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{31318F3A-247E-4617-B6C3-68DD641E5970}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{61343D3C-E5E2-45A3-888E-04417E409584}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9E8FF1DC-B5A6-4C1C-89BC-C2324FC93ACE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B3483607-6F90-4590-9413-D5C80EE24F0C}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BBBD24E6-D0FC-4676-B1CB-2975A031C373}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D0935462-01FC-4ABA-BC04-9D284E9896E6}
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKLM\SOFTWARE\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\Myfree Codec
Schlüssel Gelöscht : HKU\.DEFAULT\Software\IM
Schlüssel Gelöscht : HKU\.DEFAULT\Software\ImInstaller
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Mozilla Firefox v39.0 (x86 de)
[v9p8jd8p.default-1392456050303\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.enable_search1", false);
[v9p8jd8p.default-1392456050303\prefs.js] - Zeile Gelöscht : user_pref("extensions.quick_start.sd.closeWindowWithLastTab_prev_state", false);
-\\ Google Chrome v
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://dict.leo.org.anonymize-me.de/?anonymto=687474703A2F2F646963742E6C656F2E6F72672F657364653F6C703D65736465267365617263683D7B7365617263685465726D737D&st={searchTerms}&clid=4dee7c27-05fd-49f6-84b2-6819f6b0330a&pid=murb&k=0
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://preisvergleich.t-online.de.anonymize-me.de/?anonymto=687474703A2F2F7072656973766572676C656963682E742D6F6E6C696E652E64652F616E6765626F74652F7B7365617263685465726D737D3F736F69643D3432353334373538&st={searchTerms}&clid=4dee7c27-05fd-49f6-84b2-6819f6b0330a&pid=murb&k=0
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://suche.aol.de.anonymize-me.de/?anonymto=687474703A2F2F73756368652E616F6C2E64652F73756368652F7765622F7365617263682E6A73703F696E766F636174696F6E547970653D746F70736561726368626F782E776562686F6D6526713D7B7365617263685465726D737D&st={searchTerms}&clid=4dee7c27-05fd-49f6-84b2-6819f6b0330a&pid=murb&k=0
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://suche.t-online.de.anonymize-me.de/?anonymto=687474703A2F2F73756368652E742D6F6E6C696E652E64652F666173742D6367692F7473633F&st={searchTerms}&clid=4dee7c27-05fd-49f6-84b2-6819f6b0330a&pid=murb&k=0
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.amazon.de.anonymize-me.de/?anonymto=687474703A2F2F7777772E616D617A6F6E2E64652F67702F7365617263683F69653D55544638266B6579776F7264733D7B7365617263685465726D737D267461673D746F6E6C696E652D62726F777365725F746F6F6C626172335F7365617263682D323126696E6465783D626C656E646564266C696E6B436F64653D757232&st={searchTerms}&clid=4dee7c27-05fd-49f6-84b2-6819f6b0330a&pid=murb&k=0
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://www.oursurfing.com/web/?type=ds&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733&q={searchTerms}
[C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Gelöscht [Homepage] : hxxp://www.oursurfing.com/?type=hp&ts=1438089347&z=42cc6248b58a28ec20d6b47g0z2ccb7e4b6t6cezeb&from=amt&uid=WDCXWD5000AADS-00S9B0_WD-WCAV9797273372733
*************************
AdwCleaner[R0].txt - [21008 Bytes] - [27/05/2014 23:26:06]
AdwCleaner[R1].txt - [10198 Bytes] - [29/07/2015 14:16:11]
AdwCleaner[S0].txt - [18865 Bytes] - [27/05/2014 23:28:38]
AdwCleaner[S1].txt - [8702 Bytes] - [29/07/2015 14:18:10]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [8761 Bytes] ########## JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.4 (07.27.2015:1)
OS: Windows 7 Home Premium x64
Ran by User on 29.07.2015 at 14:56:50,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
Successfully deleted: [Service] qqpcrtp [Reboot required]
Successfully deleted: [Service] tsdefensebt [Reboot required]
~~~ Tasks
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Scan
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster SkipUAC (User)
Successfully deleted: [Task] C:\Windows\system32\tasks\Driver Booster Update
Successfully deleted: [Task] C:\Windows\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2012
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ qqpctray
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-109140196-3676001305-2390646713-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\system32\drivers\tfsfltx64.sys
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{03A12485-EE2A-4708-8604-F19C2124098F}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{07EC5F0F-9B2D-4F66-A19F-10D648C3999E}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{08EF3FC4-5198-4D48-901D-6EC2638FCE79}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{10A17F28-E710-4DD9-82CB-C397C710FEBE}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{10E6443B-B6E0-4F14-B0A8-4EFD62387567}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{15943E53-57BA-4214-8552-752EBD1711E1}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{1A128519-4A27-4A11-B9DB-CC16C268D2BE}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{1E52AEEE-4F41-4987-BE7B-016B5D78DD93}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{1ED2190A-E0DC-4594-BA25-CDAE24711E7B}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{252211C5-9746-40C8-8D1E-7C7A2B7987D3}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{282C9820-88FB-4E60-AB08-68F04EC70557}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{29E57D36-1EA6-4DDD-AEB8-C431C1257F47}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{2C44D6F5-0015-464F-A871-708F01419DB5}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{3665E6A5-E3E9-4730-8E23-C4F76530CA1D}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{375B35E1-4300-4E49-B52F-5746455F745D}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{37C6700D-06AA-4E02-A198-52D1C141828D}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{3E04AB86-6560-4913-A47A-9EC43D0FF4F5}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{3FEC79FA-1362-4A82-B85B-D0F642E9C18C}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{401425C8-185E-4C03-8327-4AE9393C0D63}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{493B4209-A1BE-45EE-9412-C9CC2A456EE0}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{4CB5F79B-F892-4196-8CE0-6F9D6217911A}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{51613D76-91FF-4F0B-BE29-16F60938D737}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{516DD784-BBEB-4C07-B8AA-9BF14DA66F0D}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{52F016D9-7A62-4E13-AEE9-C85081C5095C}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{58CECCCA-25BC-4285-9180-DE517412D385}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{60A73B9B-5508-4FF0-AEE3-03C23709B5E4}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{65D9FCF4-BD5D-42A5-80F1-1DE844EFE89E}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{6CAF5C1E-C640-4DE1-97DA-51F87E8293D5}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{6F57F188-9A8F-42F5-AC4B-F785E3F24516}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{732EA62B-BD44-4BEB-8AA4-D8D1D48A1CC6}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{73995B0B-960A-40ED-A45B-3DFBC2DADCBF}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{7A958E61-AE9E-4C80-ACEA-EFEC5425D30A}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{7AE78356-21F1-4012-ADA3-B456CA3B57C2}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{7DBC426D-0376-4C74-92E9-8CB4A515828F}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{7FA9C0FC-E864-4E7F-9F29-50EC690AF879}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{7FE2B04A-BE4C-409E-8419-30D34B732B8B}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{85FD18EF-1A65-4B80-B3FB-363A678DC434}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{87140FA1-7A17-434F-AEA4-2BDDAC5F7D09}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{8957A311-A185-4A3B-8B34-6B69D3ECE4D0}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{8B065CC7-4865-4563-B330-B87C296F09F1}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{8E2B2E86-502D-4C5B-83FE-B80CF046EC96}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{953A93F5-24D5-416E-B61E-34BEA5B070C1}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{973BB0EE-1C47-4D36-936C-26D34F562E03}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{9D0BE09E-7009-411A-832F-9A0EB75A7840}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{9F6EDA38-A37E-4309-B530-D4FFC1C4715B}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{A21DF9D7-FED5-4747-B47E-65681B0B8FB6}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{A32C8E75-8FB5-4FE1-9094-0BAB12552F72}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{A7011C3A-998A-4D01-A514-10E2BB240549}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{AE79AD67-5110-4F5F-8A29-C29BD47EC6E9}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{AEB6F3DB-5669-437D-AEAA-7A4D8860EB91}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{AF52D568-E3CB-4947-BF79-6FAF58289CAA}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{B3A62E18-3266-4BAB-9182-355B33D4E221}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{B4604B80-A491-47BF-AE91-E0AEE582CF9C}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{B8D418F6-2C1D-4BFE-8560-7EB49561B1C9}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{B9B573F8-2366-470E-B18A-E98165D543FC}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{BCA2030B-28F7-4FBD-BB1D-8D732102818F}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{C2A66014-26A5-4221-8F8C-7162D8329B09}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{CA554C5A-7FBB-4429-BABC-C3929B863CC0}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{CBC11A77-C962-4CFB-AA8B-BC567B11E3A8}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{D0889556-2B8B-4CA4-90CC-C6EFFC5C296B}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{D598BF34-ED5A-4403-ACA3-511D06E6E62B}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{DFD1AA74-5048-4586-ADF2-7AA85F24C216}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{E0504EA5-6B4C-4D22-B9F3-DE7364C79651}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{E920B147-FCAC-4289-870C-4995A4DB1CA5}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{E96797EB-BCA5-4D1C-98D2-949806414988}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{EBE42D18-C3A3-4C71-A9AB-88ACF5226144}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{EC2B5283-61B9-4DC8-841A-C70E36D9C61F}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{F2B008FB-1CD1-4906-A6A7-308354221570}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{F30BFDC6-45C4-4054-8D37-D9C0F60B2E9F}
Successfully deleted: [Empty Folder] C:\Users\User\Appdata\Local\{FEAE7ED7-A193-45CF-8EDF-C1F9E52F6EF1}
Successfully deleted: [Folder] C:\Program Files (x86)\IObit\Driver Booster
Successfully deleted: [Folder] C:\Program Files (x86)\myfree codec
Successfully deleted: [Folder] C:\ProgramData\IObit\Driver Booster
Successfully deleted: [Folder] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\driver booster 2
Successfully deleted: [Folder] C:\ProgramData\productdata
Successfully deleted: [Folder] C:\ProgramData\tencent
Successfully deleted: [Folder] C:\ProgramData\txqmpc
Successfully deleted: [Folder] C:\Users\User\Appdata\Local\crashrpt
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\IObit\Driver Booster
Successfully deleted: [Folder] C:\Users\User\AppData\Roaming\tencent
~~~ FireFox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/npandroidassistant
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@qq.com/qqpcmgr
Successfully deleted the following from C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\v9p8jd8p.default-1392456050303\prefs.js
user_pref(extensions.quick_start.sd.closeWindowWithLastTab_prev_state, false);
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\v9p8jd8p.default-1392456050303\minidumps [33 files]
~~~ Chrome
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\User\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.07.2015 at 15:03:44,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:28-07-2015
durchgeführt von User (Administrator) auf USER-PC (29-07-2015 15:31:00)
Gestartet von C:\Users\User\Desktop\Troj
Geladene Profile: User (Verfügbare Profile: User)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Prozesse (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
(Splashtop Inc.) C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Hobbyist Software) C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe
(Piriform Ltd) C:\Program Files (x86)\CCleaner\CCleaner64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Steganos Software GmbH) C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Nicht auf der Ausnahmeliste) ==================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415816 2010-02-18] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\G-series Software\LCDMon.exe [709120 2006-03-06] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\G-series Software\LGDCore.exe [1777664 2006-03-06] (Logitech Inc.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [Ocs_SM] => C:\Users\User\AppData\Roaming\OCS\SM\SearchAnonymizer.exe
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [102400 2010-05-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-06-03] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl8] => C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe [91432 2009-07-16] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD8LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe [50472 2009-04-16] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2011-09-28] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\fwupdate.exe [548864 2008-09-19] (BL)
HKLM-x32\...\Run: [UpdatePSTShortCut] => C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [210216 2009-10-23] (CyberLink Corp.)
HKLM-x32\...\Run: [dcmsvc] => C:\Program Files (x86)\dcmsvc\dcmsvc.exe [30440 2009-04-07] ()
HKLM-x32\...\Run: [SSS2009 File Redirection Starter] => C:\Program Files (x86)\Steganos Privacy Suite 11\fredirstarter.exe [17408 2010-12-20] (Steganos GmbH)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [SAFE2012 File Redirection Starter] => C:\Program Files (x86)\Steganos Safe 2012\fredirstarter.exe [17408 2012-11-19] (Steganos Software GmbH)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2013-05-20] (DivX, LLC)
HKLM-x32\...\Run: [Steganos HotKeys] => C:\Program Files (x86)\Steganos Privacy Suite 14\SteganosHotKeyService.exe [100864 2013-12-18] (Steganos Software GmbH)
HKLM-x32\...\Run: [SSS14 File Redirection Starter] => C:\Program Files (x86)\Steganos Privacy Suite 14\fredirstarter.exe [17920 2013-12-18] (Steganos Software GmbH)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-07-25] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe [1492264 2011-11-18] (Nero AG)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-06-17] (Apple Inc.)
HKLM-x32\...\Run: [PDFPrint] => C:\Program Files (x86)\PDF24\pdf24.exe [217632 2015-07-07] (Geek Software GmbH)
HKLM-x32\...\Run: [Ax] => C:\Program Files (x86)\Ax\Ax.exe [176128 2015-07-27] (ruixing)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [SSS2009 Browser Monitor] => C:\Program Files (x86)\Steganos Privacy Suite 11\SteganosBrowserMonitor.exe [50688 2010-12-20] (Steganos GmbH)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [Akamai NetSession Interface] => "C:\Users\User\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [ISUSPM Startup] => c:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [196608 2004-04-17] (InstallShield Software Corporation)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [MobileDocuments] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [SansaDispatch] => C:\Users\User\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [613888 2013-03-18] (SanDisk Corporation)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [SSS14 Browser Monitor] => C:\Program Files (x86)\Steganos Privacy Suite 14\SteganosBrowserMonitor.exe [70656 2013-12-18] (Steganos Software GmbH)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2015-04-26] (Apple Inc.)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [Amazon Music] => C:\Users\User\AppData\Local\Amazon Music\Amazon Music Helper.exe [3162944 2014-06-05] ()
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [Hobbyist Software VLC Streamer] => C:\Program Files (x86)\Hobbyist Software\VLC Streamer\VLC Streamer Configuration.exe [1193288 2014-08-18] (Hobbyist Software)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [CCleaner Monitoring] => C:\Program Files (x86)\CCleaner\CCleaner64.exe [8418584 2015-07-17] (Piriform Ltd)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1562264 2014-07-25] (Samsung)
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Run: [RoboForm] => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [110160 2015-07-16] (Siber Systems)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\forteManager.lnk [2010-08-12]
ShortcutTarget: forteManager.lnk -> C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe ()
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk [2010-08-17]
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: [.QMDeskTopGCIcon] -> {B7667919-3765-4815-A66D-98A09BE662D6} => C:\Program Files (x86)\Tencent\QQPCMgr\10.10.16434.218\QMGCShellExt64.dll Keine Datei
==================== Internet (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt..)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-109140196-3676001305-2390646713-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-07-16] (Siber Systems Inc.)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: RoboForm Toolbar Helper -> {724d43a9-0d85-11d4-9908-00400523e39a} -> C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-07-16] (Siber Systems Inc.)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll [2014-10-09] (Kaspersky Lab ZAO)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28] (Microsoft Corp.)
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\OnlineBanking\online_banking_bho.dll [2014-04-20] (Kaspersky Lab ZAO)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll [2014-04-20] (Kaspersky Lab ZAO)
Toolbar: HKLM - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-07-16] (Siber Systems Inc.)
Toolbar: HKLM - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar64.dll [2013-07-17] (Steganos Software GmbH)
Toolbar: HKLM-x32 - &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll [2015-07-16] (Siber Systems Inc.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar.dll [2013-12-18] (Steganos Software GmbH)
Toolbar: HKU\S-1-5-21-109140196-3676001305-2390646713-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboForm-x64.dll [2015-07-16] (Siber Systems Inc.)
Toolbar: HKU\S-1-5-21-109140196-3676001305-2390646713-1000 -> Steganos Password Manager Toolbar - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Privacy Suite 14\SPMIEToolbar64.dll [2013-07-17] (Steganos Software GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{82E0DEFB-A5AC-4896-9FA7-1339EE5CC0B7}: [DhcpNameServer] 192.168.178.1
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.6.2 -> C:\Windows\system32\npDeployJava1.dll [2012-08-21] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2013-09-17] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-04-18] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin-x32: @kaspersky.com/content_blocker -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/online_banking -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-10-09] ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll [2011-08-03] (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll [2013-02-14] (Sony Network Entertainment International LLC)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-109140196-3676001305-2390646713-1000: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-109140196-3676001305-2390646713-1000: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin HKU\S-1-5-21-109140196-3676001305-2390646713-1000: amazon.com/AmazonMP3DownloaderPlugin -> C:\Users\User\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll [2013-05-22] (Amazon.com, Inc.)
FF user.js: detected! => C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-109140196-3676001305-2390646713-1000\FireFox\user.js [2014-08-29]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-07-01] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-07-01] (Apple Inc.)
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\searchplugins\google-images.xml [2014-12-08]
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\searchplugins\google-maps.xml [2014-12-08]
FF Extension: Default SearchProtected - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\Extensions\1438089381_xpi [2015-07-28]
FF Extension: Kein Name - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\Extensions\1438089391_xpi [2015-07-28]
FF Extension: Classic Theme Restorer (Customize UI) - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\Extensions\ClassicThemeRestorer@ArisT2Noia4dev.xpi [2014-05-10]
FF Extension: Personas Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\Extensions\personas@christopher.beard.xpi [2014-06-13]
FF Extension: ReloadEvery - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2014-02-18]
FF Extension: Fox!Box - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\v9p8jd8p.default-1392456050303\Extensions\{df4e4df5-5cb7-46b0-9aef-6c784c3249f8}.xpi [2014-02-15]
FF Extension: Anti-Banner - C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2 [2015-06-02]
FF Extension: Modul zur Link-Untersuchung - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2 [2015-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2015-06-02]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2015-06-02]
FF HKLM-x32\...\Firefox\Extensions: [{09F060FA-566D-42D7-BF79-97AB30863433}] - C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin
FF Extension: Steganos Private Favorites - C:\Program Files (x86)\Steganos Privacy Suite 11\pfplugin [2010-12-14]
FF HKLM-x32\...\Firefox\Extensions: [{00F0643E-B367-4779-B45D-7046EBA37A88}] - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3
FF Extension: Steganos Password Manager - C:\Program Files (x86)\Steganos Privacy Suite 14\spmplugin3 [2013-12-22]
FF HKLM-x32\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\content_blocker@kaspersky.com [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\url_advisor@kaspersky.com [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\anti_banner@kaspersky.com [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\FFExt\online_banking@kaspersky.com [2014-08-29]
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: RoboForm Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2010-08-13]
FF HKU\S-1-5-21-109140196-3676001305-2390646713-1000\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
StartMenuInternet: FIREFOX.EXE - firefox.exe
FF ExtraCheck: C:\Program Files (x86)\mozilla firefox\firefox.cfg [2015-06-02] <==== ATTENTION
Chrome:
=======
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2011-12-24]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2011-12-24]
CHR Extension: (Kaspersky Protection) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-08-29]
CHR Extension: (Click&Clean) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhipcejejjmhhchfonmamedcbeod [2011-04-03]
CHR Extension: (Cr!Box) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gjodchcocbnbhfkjeapbdoflbiibnapp [2011-04-03]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2011-12-24]
CHR Extension: (RoboForm Password Manager) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnlccmojcmeohlpggmfnbbiapkmbliob [2014-02-20]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho
CHR HKLM-x32\...\Chrome\Extension: [pnlccmojcmeohlpggmfnbbiapkmbliob] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Chrome\rf-chrome.crx [2014-02-20]
StartMenuInternet: Google Chrome - Chrome.exe
==================== Services (Nicht auf der Ausnahmeliste) =================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 AVP15.0.0; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.0\avp.exe [233552 2014-04-20] (Kaspersky Lab ZAO)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S3 CGVPNCliSrvc; C:\Program Files\CyberGhost VPN\CGVPNCliService.exe [2438696 2012-04-26] (mobile concepts GmbH)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-04-20] (CyberLink)
S2 DvmMDES; C:\ASUS.SYS\config\DVMExportService.exe [319488 2009-07-17] (DeviceVM, Inc.) [Datei ist nicht signiert]
S2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [Datei ist nicht signiert]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [Datei ist nicht signiert]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [Datei ist nicht signiert]
S2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [Datei ist nicht signiert]
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 OkayFreedom VPN Starter Service; C:\Program Files (x86)\OkayFreedom\OkayFreedomService.exe [330168 2015-04-14] (Steganos Software GmbH)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [1931632 2015-04-13] (Electronic Arts)
S2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [Datei ist nicht signiert]
S2 Steganos Volatile Disk; C:\Windows\SysWOW64\STGRAMDiskHandler64.exe [450560 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt) [Datei ist nicht signiert]
S3 SXDS10; C:\Program Files (x86)\Common Files\soft Xpansion\sxds10.exe [229520 2011-12-08] (soft Xpansion) [Datei ist nicht signiert]
S2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [27768 2015-01-19] (VIA Technologies, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Nicht auf der Ausnahmeliste) ====================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
S3 camfilt2; C:\Windows\System32\DRIVERS\camfilt2.sys [139264 2007-08-29] (Guillemot Corporation)
U5 ewusbnet; C:\Windows\System32\Drivers\ewusbnet.sys [246224 2009-12-07] (Huawei Technologies Co., Ltd.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-22] (REALiX(tm))
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [457824 2014-02-20] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [141320 2014-10-09] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [243808 2014-04-10] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [793800 2014-10-09] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2014-03-25] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179296 2014-03-26] (Kaspersky Lab ZAO)
S3 LGDDCDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [14336 2009-04-24] () [Datei ist nicht signiert]
S3 LGII2CDevice; C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [18432 2009-04-24] () [Datei ist nicht signiert]
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
S3 OM0530; C:\Windows\System32\Drivers\ov530vx.sys [172928 2007-07-13] (OmniVision Technology Inc.)
S3 qcusbser; C:\Windows\System32\DRIVERS\hwusbser02.sys [120960 2010-12-07] (QUALCOMM Incorporated) [Datei ist nicht signiert]
R1 SLEE_16_DRIVER; C:\Windows\Sleen1664.sys [85952 2008-10-01] (Softwareentwicklung Remus - ArchiCrypt )
R1 SLEE_17_DRIVER; C:\Windows\Sleen1764.sys [108256 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\Sleen1864.sys [109144 2013-11-18] (Softwareentwicklung Remus - ArchiCrypt - )
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [34544 2015-02-09] (Synaptics Incorporated)
R1 STGMFEngine64; C:\Windows\system32\drivers\STGMFEngine64.sys [28576 2013-07-17] (Softwareentwicklung Remus - ArchiCrypt.com)
R2 {FE4C91E7-22C2-4D0C-9F6B-82F1B7742054}; C:\Program Files (x86)\CyberLink\PowerDVD8\000.fcl [146928 2010-01-13] (CyberLink Corp.)
U3 DfSdkS; No ImagePath
==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Ein Monat: Erstellte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-07-29 15:03 - 2015-07-29 15:03 - 00011177 _____ C:\Users\User\Desktop\JRT.txt
2015-07-29 13:08 - 2015-07-29 13:08 - 00014233 _____ C:\Users\User\Desktop\mbam.txt
2015-07-29 11:37 - 2015-07-29 13:06 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-29 11:36 - 2015-07-29 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-29 11:36 - 2015-07-29 11:39 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-29 11:36 - 2015-07-29 11:36 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-29 11:36 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-29 11:36 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-29 11:36 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-29 11:33 - 2015-07-29 14:55 - 00000000 ____D C:\Users\User\Desktop\Troj
2015-07-28 21:35 - 2015-07-29 14:24 - 00004812 _____ C:\Windows\PFRO.log
2015-07-28 20:14 - 2015-07-28 20:14 - 00000000 ____D C:\32788R22FWJFW
2015-07-28 20:07 - 2015-07-28 20:07 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-07-28 18:37 - 2015-07-29 15:31 - 00000000 ____D C:\FRST
2015-07-28 18:14 - 2015-07-29 14:24 - 00000336 _____ C:\Windows\setupact.log
2015-07-28 18:14 - 2015-07-28 18:14 - 00000000 _____ C:\Windows\setuperr.log
2015-07-28 16:39 - 2015-07-28 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-28 15:16 - 2015-07-28 18:13 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\腾讯软件
2015-07-28 15:13 - 2015-07-28 15:13 - 00000000 ____D C:\Users\User\Documents\ËѺüÓ°Òô
2015-07-28 15:11 - 2015-07-28 15:11 - 00000000 ____D C:\Users\User\AppData\Local\Temp尰
2015-07-28 15:10 - 2015-07-28 18:13 - 00000000 ___RD C:\RavBin
2015-07-28 15:10 - 2015-07-28 15:10 - 00003310 _____ C:\Windows\System32\Tasks\RsDelayLauncher_{8A34248E-7D35-4832-8378-7659E0B0A380}
2015-07-28 15:10 - 2014-07-30 04:44 - 00091928 ____N (Beijing Rising Information Technology Co., Ltd.) C:\Windows\SysWOW64\vpatch.dll
2015-07-28 15:09 - 2015-07-28 15:15 - 00000000 ____D C:\Program Files (x86)\Rising
2015-07-28 15:09 - 2015-07-28 15:10 - 00000000 ____D C:\ProgramData\Rising
2015-07-28 15:05 - 2015-07-28 18:13 - 00000000 ____D C:\Program Files (x86)\Ax
2015-07-28 09:49 - 2015-07-25 20:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-28 09:49 - 2015-07-25 20:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-28 09:49 - 2015-07-25 20:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-28 09:49 - 2015-07-25 20:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-28 09:49 - 2015-07-25 20:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-28 09:49 - 2015-07-25 20:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-28 09:49 - 2015-07-25 20:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-28 09:49 - 2015-07-25 19:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-24 09:51 - 2015-07-24 13:44 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-07-23 13:04 - 2015-07-23 13:04 - 00001548 _____ C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
2015-07-23 13:04 - 2015-07-23 13:04 - 00000000 ____D C:\Program Files (x86)\FreeCodecPack
2015-07-21 10:22 - 2015-07-15 05:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 10:22 - 2015-07-15 05:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 10:22 - 2015-07-15 05:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 10:22 - 2015-07-15 05:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 10:22 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-21 10:22 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-21 10:22 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-21 10:22 - 2015-07-15 04:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-21 10:22 - 2015-07-15 03:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-21 10:22 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-17 20:22 - 2015-07-17 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-17 20:21 - 2015-07-17 20:21 - 00000000 ____D C:\Program Files\iPod
2015-07-15 17:11 - 2015-07-09 19:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 17:11 - 2015-07-09 19:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 17:11 - 2015-07-09 19:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 17:11 - 2015-07-09 19:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 17:11 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-15 17:11 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-15 17:11 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-15 17:11 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-15 17:11 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-15 17:11 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-15 17:11 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-15 17:11 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-15 17:11 - 2015-07-02 22:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 17:11 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-15 17:11 - 2015-07-02 22:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 17:11 - 2015-07-02 22:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 17:11 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-15 17:11 - 2015-07-02 22:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 17:11 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-15 17:11 - 2015-07-02 21:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 17:11 - 2015-07-02 20:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 17:11 - 2015-06-27 04:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 17:11 - 2015-06-27 04:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 17:11 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-15 17:11 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-15 17:11 - 2015-06-25 10:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 17:11 - 2015-06-17 19:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 17:11 - 2015-06-17 19:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-15 17:11 - 2015-06-02 02:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-15 17:11 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-15 17:09 - 2015-06-25 20:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 17:09 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-15 17:09 - 2015-06-20 22:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 17:09 - 2015-06-20 21:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 17:09 - 2015-06-20 21:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 17:09 - 2015-06-20 21:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 17:09 - 2015-06-20 21:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 17:09 - 2015-06-20 21:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 17:09 - 2015-06-20 21:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 17:09 - 2015-06-20 21:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 17:09 - 2015-06-20 21:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 17:09 - 2015-06-20 21:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 17:09 - 2015-06-20 21:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 17:09 - 2015-06-20 21:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 17:09 - 2015-06-20 21:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 17:09 - 2015-06-20 21:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 17:09 - 2015-06-20 21:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 17:09 - 2015-06-20 21:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 17:09 - 2015-06-20 21:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 17:09 - 2015-06-20 20:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 17:09 - 2015-06-20 20:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 17:09 - 2015-06-20 20:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 17:09 - 2015-06-20 20:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 17:09 - 2015-06-20 20:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 17:09 - 2015-06-20 20:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 17:09 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-15 17:09 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-15 17:09 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-15 17:09 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-15 17:09 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-15 17:09 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-15 17:09 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-15 17:09 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-15 17:09 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-15 17:09 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-15 17:09 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-15 17:09 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-15 17:09 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-15 17:09 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-15 17:09 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-15 17:09 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-15 17:09 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-15 17:09 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-15 17:09 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-15 17:08 - 2015-07-04 20:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 17:08 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-15 17:08 - 2015-04-27 21:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 17:08 - 2015-04-27 21:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 17:08 - 2015-04-27 21:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 17:08 - 2015-04-27 21:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 17:08 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-15 17:08 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-15 17:08 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-15 17:08 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-15 17:07 - 2015-07-01 22:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 17:07 - 2015-07-01 22:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 17:07 - 2015-07-01 22:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 17:07 - 2015-07-01 22:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 17:07 - 2015-07-01 22:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 17:07 - 2015-07-01 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 17:07 - 2015-07-01 22:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 17:07 - 2015-07-01 22:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 17:07 - 2015-07-01 22:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 17:07 - 2015-07-01 22:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 17:07 - 2015-07-01 22:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-15 17:07 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-15 17:07 - 2015-07-01 22:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-15 17:07 - 2015-07-01 22:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-15 17:07 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-15 17:07 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-15 17:07 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-15 17:07 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-15 17:07 - 2015-07-01 21:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 17:07 - 2015-07-01 21:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 17:07 - 2015-07-01 21:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 17:06 - 2015-06-15 23:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 17:06 - 2015-06-15 23:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 17:06 - 2015-06-15 23:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 17:06 - 2015-06-15 23:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 17:06 - 2015-06-15 23:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 17:06 - 2015-06-15 23:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 17:06 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-15 17:06 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-15 17:06 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-15 17:06 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-15 17:06 - 2015-06-15 23:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 17:06 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-12 16:30 - 2015-07-12 16:30 - 00000000 ____D C:\Users\User\AppData\Local\PDF24
2015-07-12 16:29 - 2015-07-12 16:30 - 00000000 ____D C:\Program Files (x86)\PDF24
2015-07-12 16:29 - 2015-07-12 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF24
2015-07-12 16:26 - 2015-07-12 16:26 - 01198368 _____ C:\Users\User\Desktop\PDF24 Creator - CHIP-Installer.exe
2015-07-01 14:07 - 2015-07-01 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-01 14:07 - 2015-07-01 14:07 - 00000000 ____D C:\Program Files (x86)\QuickTime
==================== Ein Monat: Geänderte Dateien und Ordner ========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)
2015-07-29 15:05 - 2014-12-23 23:03 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-29 14:58 - 2014-12-22 16:05 - 00000000 ____D C:\Users\User\AppData\Roaming\IObit
2015-07-29 14:58 - 2014-12-22 16:05 - 00000000 ____D C:\ProgramData\IObit
2015-07-29 14:58 - 2014-12-22 16:05 - 00000000 ____D C:\Program Files (x86)\IObit
2015-07-29 14:40 - 2010-11-21 13:33 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-29 14:35 - 2010-08-04 16:51 - 00000177 ____H C:\dvmexp.idx
2015-07-29 14:35 - 2009-07-14 06:45 - 00023584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-29 14:35 - 2009-07-14 06:45 - 00023584 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-29 14:30 - 2014-09-17 09:53 - 01346687 _____ C:\Windows\WindowsUpdate.log
2015-07-29 14:29 - 2012-02-02 14:49 - 00000000 ____D C:\ProgramData\Kaspersky Lab
2015-07-29 14:25 - 2010-11-21 13:33 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-29 14:25 - 2010-08-06 12:07 - 00000271 _____ C:\Windows\lgfwup.ini
2015-07-29 14:25 - 2010-08-06 12:07 - 00000000 ____D C:\Program Files (x86)\lg_fwupdate
2015-07-29 14:25 - 2010-08-06 11:29 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
2015-07-29 14:24 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-29 14:22 - 2014-05-27 23:25 - 00000000 ____D C:\AdwCleaner
2015-07-29 12:39 - 2009-07-14 07:37 - 00000000 ____D C:\Windows\DigitalLocker
2015-07-29 12:36 - 2010-08-13 16:18 - 00000000 ____D C:\Program Files (x86)\Steganos Safe OEM
2015-07-29 12:14 - 2010-08-13 14:00 - 00000000 ____D C:\Users\User\Desktop\Ebay
2015-07-28 20:47 - 2010-08-13 16:16 - 17693696 ___SH C:\Users\User\Desktop\Thumbs.db
2015-07-28 19:00 - 2014-05-06 16:02 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-28 18:13 - 2011-04-03 00:28 - 00000000 ____D C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-28 18:13 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2015-07-28 17:49 - 2011-04-03 00:27 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-109140196-3676001305-2390646713-1000Core.job
2015-07-28 16:03 - 2010-09-06 17:42 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{9D17DEEE-9103-45A0-B49E-30A9DB1F30CF}
2015-07-28 15:38 - 2010-08-04 16:53 - 00168944 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-28 15:28 - 2011-03-24 15:40 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-28 15:28 - 2010-08-04 15:55 - 00001433 _____ C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-28 15:28 - 2009-07-14 06:45 - 00539824 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-28 14:57 - 2013-10-14 13:54 - 00000000 ____D C:\Users\User\AppData\Roaming\Skype
2015-07-27 15:56 - 2010-08-13 00:03 - 00000000 ____D C:\Program Files (x86)\CCleaner
2015-07-25 09:34 - 2015-04-04 16:05 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-25 09:24 - 2012-04-25 15:54 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-24 09:48 - 2009-07-14 19:58 - 00702942 _____ C:\Windows\system32\perfh007.dat
2015-07-24 09:48 - 2009-07-14 19:58 - 00150582 _____ C:\Windows\system32\perfc007.dat
2015-07-24 09:48 - 2009-07-14 07:13 - 01629348 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-23 13:05 - 2011-01-20 16:26 - 00000000 ____D C:\Users\User\AppData\Roaming\DVDVideoSoft
2015-07-23 13:04 - 2013-07-19 11:08 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2015-07-23 13:04 - 2010-09-27 22:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2015-07-17 20:22 - 2015-01-30 20:55 - 00000000 ____D C:\Program Files\iTunes
2015-07-17 20:21 - 2012-12-15 01:07 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-17 20:21 - 2010-08-15 13:53 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-17 16:06 - 2013-12-09 15:36 - 00000408 _____ C:\Windows\Tasks\One-Click Optimizer.job
2015-07-16 19:45 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2015-07-16 17:44 - 2013-04-05 20:14 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-16 17:44 - 2011-04-03 00:27 - 00003692 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-109140196-3676001305-2390646713-1000Core
2015-07-16 17:42 - 2014-12-25 20:43 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-16 17:38 - 2011-12-10 12:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RoboForm
2015-07-16 09:35 - 2010-11-21 13:33 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-16 09:35 - 2010-11-21 13:33 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 19:21 - 2015-04-15 12:41 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 19:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-15 19:06 - 2014-12-23 23:03 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 19:05 - 2014-12-23 23:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 19:05 - 2014-12-23 23:03 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-15 19:04 - 2010-08-17 13:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-15 17:45 - 2015-04-04 16:05 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-15 17:39 - 2013-08-14 15:19 - 00000000 ____D C:\Windows\system32\MRT
2015-07-11 23:25 - 2010-08-12 23:23 - 00000000 ____D C:\Windows\System32\Tasks\Games
2015-07-09 21:18 - 2014-08-17 22:04 - 00000000 ____D C:\Users\User\AppData\Local\Adobe
2015-07-09 20:54 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-06 13:07 - 2014-01-20 15:01 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-06 13:07 - 2013-10-14 13:53 - 00000000 ____D C:\ProgramData\Skype
2015-07-04 09:46 - 2015-06-02 23:22 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-03 08:43 - 2010-08-04 17:30 - 130333168 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-01 14:18 - 2015-04-11 09:31 - 00000000 ____D C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======
2010-08-17 21:57 - 2014-12-15 12:26 - 0001844 _____ () C:\Users\User\AppData\Roaming\wklnhst.dat
2010-11-16 20:00 - 2011-02-07 18:51 - 0005632 _____ () C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2010-08-12 21:54 - 2014-04-15 11:19 - 0007597 _____ () C:\Users\User\AppData\Local\Resmon.ResmonCfg
2011-08-12 12:06 - 2011-08-12 12:06 - 0017408 _____ () C:\Users\User\AppData\Local\WebpageIcons.db
Dateien, die verschoben oder gelöscht werden sollten:
====================
C:\Users\Public\dcmsvcsetup.exe
C:\Users\Public\invokesi.exe
C:\Users\User\WA_Update-3.0.5.0_Beta_2.exe
Einige Dateien in TEMP:
====================
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)
C:\Windows\System32\winlogon.exe => Datei ist digital signiert
C:\Windows\System32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\System32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\System32\services.exe => Datei ist digital signiert
C:\Windows\System32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\System32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\System32\rpcss.dll => Datei ist digital signiert
C:\Windows\System32\Drivers\volsnap.sys => Datei ist digital signiert
LastRegBack: 2015-07-23 13:27
==================== Ende von log ============================ |