Danke für die ganze Mühe wollte ich jetzt schon sagen :)AdwCleaner Logfile:
Code:
# AdwCleaner v2.303 - Datei am 27/06/2013 um 10:59:30 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Program Files\Mozilla Firefox\searchplugins\fcmdSrch.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\QuickStores.url
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\eBay.lnk
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\QuickStores.url
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\searchplugins\claro.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\searchplugins\daemon-search.xml
Ordner Gelöscht : C:\Program Files\Astroburn Toolbar
Ordner Gelöscht : C:\Program Files\Mozilla Firefox\Extensions\quickstores@quickstores.de
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\Users\admin\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\admin\AppData\Local\Smartbar
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\facemoods.com
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Smartbar
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\QuickStoresToolbar
Ordner Gelöscht : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\5355d98be03de944
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Fun Web Products
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FunWebProducts
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKCU\Software\Babylon
Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{5F970FDE-702B-4EF9-920C-5F2848A5AF26}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartbarBackup
Schlüssel Gelöscht : HKCU\Software\SmartbarLog
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B16632F1-24E0-4D99-A68D-70BFB6447C48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C0CEA572-2978-4DFC-A672-8100FF0E276A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C3110516-8EFC-49D6-8B72-69354F332062}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyGloss
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabylonTC.GingerApplication
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\BabyOptFile
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\facemoods.facemoodsHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5F339F0B-716F-408F-A627-DEEB5DEB4020}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{95734BDE-B702-45B9-86E5-27676729F904}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B7EA2226-F876-4BE4-B478-76EBAE2A668A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D0482C8E-BAEA-4943-911A-B661060F56A7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\QuickStores-Toolbar_is1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16521
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v15.0 (de)
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\prefs.js
C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.babylon.com/web/{searchTerms}?babsrc=browserse[...]
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 5);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "A38E0EFD516D402B5E4A138EAAB39649");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "5");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 5);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://www.claro-search.com/?affID=117453&tt=310[...]
Gelöscht : user_pref("extensions.claro.admin", false);
Gelöscht : user_pref("extensions.claro.aflt", "babsst");
Gelöscht : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Gelöscht : user_pref("extensions.claro.autoRvrt", "false");
Gelöscht : user_pref("extensions.claro.dfltLng", "en");
Gelöscht : user_pref("extensions.claro.excTlbr", false);
Gelöscht : user_pref("extensions.claro.id", "8c7bd15500000000000000ffaee193b0");
Gelöscht : user_pref("extensions.claro.instlDay", "15739");
Gelöscht : user_pref("extensions.claro.instlRef", "sst");
Gelöscht : user_pref("extensions.claro.prdct", "claro");
Gelöscht : user_pref("extensions.claro.prtnrId", "claro");
Gelöscht : user_pref("extensions.claro.rvrt", "false");
Gelöscht : user_pref("extensions.claro.tlbrId", "base");
Gelöscht : user_pref("extensions.claro.tlbrSrchUrl", "");
Gelöscht : user_pref("extensions.claro.vrsn", "1.8.8.5");
Gelöscht : user_pref("extensions.claro.vrsni", "1.8.8.5");
Gelöscht : user_pref("extensions.claro_i.excTlbr", false);
Gelöscht : user_pref("extensions.claro_i.newTab", false);
Gelöscht : user_pref("extensions.claro_i.smplGrp", "none");
Gelöscht : user_pref("extensions.claro_i.vrsnTs", "1.8.8.520:07:30");
Gelöscht : user_pref("extensions.enabledAddons", "info@maltegoetz.de:1.0.1,battlefieldheroespatcher@ea.com:5.0.[...]
Gelöscht : user_pref("extensions.facemoods._xpiupdate", true);
Gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Gelöscht : user_pref("extensions.facemoods.fcmdVrsn", "1.2.7.5.4");
Gelöscht : user_pref("extensions.facemoods.firstRun", false);
Gelöscht : user_pref("extensions.facemoods.first_time", false);
Gelöscht : user_pref("extensions.facemoods.id", "_#5309c6a9f4a54da38fb1d72a8eeac578");
Gelöscht : user_pref("extensions.facemoods.instlDay", "_#15205");
Gelöscht : user_pref("extensions.facemoods.lastActv", "18");
Gelöscht : user_pref("extensions.facemoods.prtnrId", "_#facemoods.com");
Gelöscht : user_pref("extensions.facemoods.sid", "_#5309c6a9f4a54da38fb1d72a8eeac578");
Gelöscht : user_pref("extensions.facemoods.update", "_#v1.4.0");
Gelöscht : user_pref("extensions.facemoods.vrsn", "_#1.4.17.5");
Gelöscht : user_pref("quickstores.toolbar.affid", "2017");
Gelöscht : user_pref("quickstores.toolbar.guid", "{629523A4-15E9-EA60-796B-BDCA9E7EF585}");
-\\ Google Chrome v27.0.1453.116
Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Chromium v directory_upgrade: true
}
Datei : C:\Users\admin\AppData\Local\Chromium\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v11.11.2109.0
Datei : C:\Users\admin\AppData\Roaming\Opera\Opera\operaprefs.ini
Gelöscht : Home URL=hxxp://my.daemon-search.com/
*************************
AdwCleaner[S1].txt - [12695 octets] - [27/06/2013 10:59:30]
########## EOF - C:\AdwCleaner[S1].txt - [12756 octets] ##########
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 7 Ultimate x86
Ran by admin on 27.06.2013 at 11:06:09,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\powerpoint\addins\babylonofficeaddin.officeaddin
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\office\word\addins\babylonofficeaddin.officeaddin
~~~ Files
Successfully deleted: [File] "C:\Program Files\adobe\reader 10.0\reader\plug_ins\babylon\babylonrpi.api"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\software informer"
Successfully deleted: [Folder] "C:\Users\admin\appdata\local\savings explorer"
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{1973821C-46EE-4909-BA77-7BE49B7E0B60}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{2C2C360B-DB6A-4F1D-9D02-ACF360E1512D}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{30CA67C0-2BFF-49F4-903A-CD9CF7159324}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3384BBB0-89C7-491B-A382-1FD929176DCD}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{34532DD2-9193-4556-ACEC-0583D5F36EB1}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3474FF63-D65C-4244-A874-3214C0C4AF19}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{38ADD6DA-93CC-4087-8886-A93B2CB2D5CE}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3C973DB2-84E9-4911-936C-3413154EA220}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{3E03D199-A188-43E9-87F9-2F95F13578D8}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{5225A59C-1B78-47BF-959A-BF96DB04B203}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{5967B3DF-6842-490E-9FA3-152705EE1BA0}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{610B4FCD-48F8-41FC-AAD9-8CBDDE6FBD5D}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{635EEF26-5C1A-405B-BB8C-C10C7F9F85B8}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{6F664FBD-7436-4A4B-84CB-2CFCC0C6AA3D}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{774BE833-D6C2-40D5-AD6E-747F3EECE813}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{8E6E78E4-83BD-4667-8CED-2A9D45C6B659}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{99C6482D-9410-47ED-9BAA-694B1C82280F}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{A9A499DA-A683-4427-898A-36DAB0A5648B}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{AB767807-176C-48D7-AA14-DEE506CA6EF3}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{ACB90F7F-3D24-41BC-8A76-787D201EF44D}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{AE5B0BDB-C062-4738-890B-BADF305EB690}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{BBCDC527-6571-4124-A579-0A797D3C0629}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{BEA1B732-9E9E-47F6-9C0B-A4D9F439C0A0}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{C68C5310-8A32-4067-ACF7-E2EF90AEDBBF}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{C923FD72-9A48-44D1-AFF0-AC7572DA3A65}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{D361B1F9-9BDE-4A08-9DF0-E1FEEFFC9620}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{D5DF602B-73DB-47A5-A53B-0BA699E8086A}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{DC0F68E2-3E25-4673-A0C2-5259DB148A35}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{E3CB90AA-D554-4F8F-B4F8-4BF6DBEEBC55}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{EB0AE14D-C287-4B26-8029-AB2B6D6CDA04}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{ECE61028-7833-4C58-B074-A8497E464D31}
Successfully deleted: [Empty Folder] C:\Users\admin\appdata\local\{F8521DC4-8FA2-4BBB-A4BE-AE95654E3D90}
~~~ FireFox
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\l3ixncps.default\searchplugins\absearch-search.xml
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions\\{184AA5E6-741D-464A-820E-94B3ABC2F3B4}
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\l3ixncps.default\minidumps [17 files]
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\policies\google\chrome\extensioninstallforcelist
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.06.2013 at 11:08:07,64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 26-06-2013 02
Ran by admin (administrator) on 27-06-2013 12:20:02
Running from C:\Users\admin\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Teruten) C:\Windows\system32\FsUsbExService.Exe
(Hi-Rez Studios) C:\Program Files\Hi-Rez Studios\HiPatchService.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
() C:\Windows\system32\PnkBstrA.exe
(StarWind Software) C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Samsung) C:\Program Files\Samsung\Kies\Kies.exe
(DT Soft Ltd) C:\Program Files\DAEMON Tools Lite\DTLite.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [4767304 2013-03-07] (AVAST Software)
HKLM\...\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime [421888 2012-10-25] (Apple Inc.)
HKLM\...\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-01-28] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" [152392 2013-02-20] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [958576 2013-04-04] (Adobe Systems Incorporated)
HKCU\...\Run: [KiesPDLR] C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844168 2013-05-07] (Samsung)
HKCU\...\Run: [KiesPreload] C:\Program Files\Samsung\Kies\Kies.exe /preload [1561968 2013-04-23] (Samsung)
HKCU\...\Run: [RocketDock] "C:\Program Files\RocketDock\RocketDock.exe" [495616 2007-09-02] ()
HKCU\...\Run: [Spotify Web Helper] "C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [1199576 2012-11-16] (Spotify Ltd)
HKCU\...\Run: [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [825808 2013-06-15] (Google Inc.)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun [3514176 2011-11-10] (DT Soft Ltd)
HKU\UpdatusUser\...\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade [ 2010-11-20] (Microsoft Corporation)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\Reboot.exe (Elitegroup Computer Systems Ltd.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yahoo.com
SearchScopes: HKCU - {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://search.yahoo.com/search?p={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MIF5BA~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
Toolbar: HKLM - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU -Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngine: Google
FF Homepage: hxxp://www.google.com/firefox
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.21.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.21.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin: adobe.com/AdobeExManDetect - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
FF Plugin: yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1 - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Battlefield Heroes Updater - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\battlefieldheroespatcher@ea.com
FF Extension: Personas - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\personas@christopher.beard
FF Extension: FireShot - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF Extension: DownloadHelper - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: info - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\info@maltegoetz.de.xpi
FF Extension: nasanightlaunch - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\nasanightlaunch@example.com.xpi
FF Extension: survey-remover - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\survey-remover@gmx.com.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3ixncps.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
Chrome:
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\27.0.1453.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft\u00AE Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Yahoo! activeX Plug-in Bridge) - C:\Program Files\Mozilla Firefox\plugins\npyaxmpb.dll (Yahoo! Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AdobeExManDetect) - C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
CHR Plugin: (AdobeAAMDetect) - C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Pando Web Plugin) - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (Uplay PC) - C:\Program Files\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
CHR Plugin: (Windows Live\u0099 Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (avast! WebRep) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\8.0.1483_0
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [45248 2013-03-07] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [136912 2013-03-07] (AVAST Software)
S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [96768 2012-06-27] (Freemake)
R2 HiPatchService; C:\Program Files\Hi-Rez Studios\HiPatchService.exe [8704 2012-08-15] (Hi-Rez Studios)
S2 KMService; C:\Windows\system32\srvany.exe [8192 2003-04-18] ()
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [598312 2011-03-29] (Nero AG)
S3 npggsvc; C:\Windows\system32\GameMon.des [4023760 2010-12-01] (INCA Internet Co., Ltd.)
S3 OpenVPNService; C:\Program Files\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [75136 2012-08-18] ()
R2 StarWindServiceAE; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [29816 2013-03-07] (AVAST Software)
R1 aswFW; C:\Windows\system32\drivers\aswFW.sys [101656 2013-03-07] (AVAST Software)
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [21576 2013-03-07] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2013-03-07] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12112 2013-03-07] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\drivers\aswNdis2.sys [199384 2013-03-07] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [60656 2013-03-07] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49248 2013-03-07] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [765736 2013-03-07] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [368176 2013-03-07] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [62376 2013-03-07] (AVAST Software)
S3 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [164736 2013-03-07] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-05-28] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [239168 2013-05-13] (DT Soft Ltd)
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-02-05] ()
S3 hamachi; C:\Windows\System32\DRIVERS\hamachi.sys [26176 2009-03-18] (LogMeIn, Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-05-28] ()
R3 Ltn_stk7070P; C:\Windows\System32\DRIVERS\Ltn_stk7070P.sys [466048 2007-10-19] (LITEON)
R3 Ltn_stkrc; C:\Windows\System32\DRIVERS\Ltn_stkrc.sys [13440 2007-10-19] (LITEON)
S3 taphss; C:\Windows\System32\DRIVERS\taphss.sys [32768 2010-09-22] (AnchorFree Inc)
R3 VIAHdAudAddService; C:\Windows\System32\drivers\viahduaa.sys [1086976 2009-09-17] (VIA Technologies, Inc.)
R3 VX1000; C:\Windows\System32\DRIVERS\VX1000.sys [1961072 2010-05-20] (Microsoft Corporation)
S3 athr; system32\DRIVERS\athr.sys [x]
R3 catchme; \??\C:\Users\admin\AppData\Local\Temp\catchme.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
U3 mbr; \??\C:\ComboFix\mbr.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-06-27 12:19 - 2013-06-27 12:19 - 01370369 ____A (Farbar) C:\Users\admin\Downloads\FRST.exe
2013-06-27 12:17 - 2013-06-27 12:17 - 00045704 ____A C:\ComboFix.txt
2013-06-27 12:03 - 2013-06-27 12:17 - 00000000 ____D C:\ComboFix
2013-06-27 11:08 - 2013-06-27 11:08 - 00005082 ____A C:\Users\admin\Documents\JRT.txt
2013-06-27 11:06 - 2013-06-27 11:06 - 00000000 ____D C:\Windows\ERUNT
2013-06-27 11:05 - 2013-06-27 11:05 - 00000000 ____D C:\JRT
2013-06-27 11:04 - 2013-06-27 11:04 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\admin\Downloads\JRT.exe
2013-06-27 10:59 - 2013-06-27 11:00 - 00012826 ____A C:\AdwCleaner[S1].txt
2013-06-26 20:44 - 2013-06-26 20:44 - 00648201 ____A C:\Users\admin\Downloads\adwcleaner.exe
2013-06-26 19:49 - 2013-06-27 11:01 - 00000994 ____A C:\Windows\PFRO.log
2013-06-26 19:11 - 2011-06-26 08:45 - 00256000 ____A C:\Windows\PEV.exe
2013-06-26 19:11 - 2010-11-07 19:20 - 00208896 ____A C:\Windows\MBR.exe
2013-06-26 19:11 - 2009-04-20 06:56 - 00060416 ____A (NirSoft) C:\Windows\NIRCMD.exe
2013-06-26 19:11 - 2000-08-31 02:00 - 00518144 ____A (SteelWerX) C:\Windows\SWREG.exe
2013-06-26 19:11 - 2000-08-31 02:00 - 00406528 ____A (SteelWerX) C:\Windows\SWSC.exe
2013-06-26 19:11 - 2000-08-31 02:00 - 00098816 ____A C:\Windows\sed.exe
2013-06-26 19:11 - 2000-08-31 02:00 - 00080412 ____A C:\Windows\grep.exe
2013-06-26 19:11 - 2000-08-31 02:00 - 00068096 ____A C:\Windows\zip.exe
2013-06-26 19:10 - 2013-06-26 19:10 - 05083236 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2013-06-26 19:09 - 2013-06-27 12:17 - 00000000 ____D C:\Qoobox
2013-06-26 19:09 - 2013-06-26 19:29 - 00000000 ____D C:\Windows\erdnt
2013-06-26 17:24 - 2013-06-26 17:24 - 00036050 ____A C:\Users\admin\Documents\FRST.txt
2013-06-26 17:24 - 2013-06-26 17:24 - 00027009 ____A C:\Users\admin\Documents\Addition.txt
2013-06-26 17:23 - 2013-06-26 17:23 - 00000000 ____D C:\FRST
2013-06-26 16:00 - 2013-06-26 16:00 - 00011889 ____A C:\Users\admin\Documents\hijackthis.log
2013-06-15 21:42 - 2013-06-15 21:43 - 12115496 ____A C:\Users\admin\Downloads\505 Drum Kit.zip
2013-06-15 21:41 - 2013-06-15 21:42 - 08067151 ____A C:\Users\admin\Downloads\Lil Jon Crunk Kit.zip
2013-06-15 21:40 - 2013-06-15 21:40 - 01152897 ____A C:\Users\admin\Downloads\East Coast Sound Kit.zip
2013-06-15 21:39 - 2013-06-15 21:39 - 05326278 ____A C:\Users\admin\Downloads\Soulja Boy Sound Kit.zip
2013-06-15 21:39 - 2013-06-15 21:39 - 02292849 ____A C:\Users\admin\Downloads\Hip Hop Sound Kit.zip
2013-06-15 21:38 - 2013-06-15 21:38 - 08461096 ____A C:\Users\admin\Downloads\Jay-Z Sound Kit.zip
2013-06-15 21:37 - 2013-06-15 21:38 - 09225984 ____A C:\Users\admin\Downloads\Lex Luger Drum Kit.zip
2013-06-15 21:32 - 2013-06-15 21:33 - 13388445 ____A C:\Users\admin\Downloads\Dr. Dre Sound Kit.zip
2013-06-08 11:30 - 2013-06-08 11:30 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-05-31 16:29 - 2013-06-27 11:03 - 00010792 ____A C:\Windows\AutoKMS.log
2013-05-31 16:27 - 2013-05-31 16:27 - 00169728 ____A C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-31 16:26 - 2013-05-31 16:26 - 03958584 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-31 15:44 - 2013-06-27 12:02 - 35548938 ____A C:\Windows\setupact.log
2013-05-31 15:44 - 2013-05-31 15:44 - 00000000 ____A C:\Windows\setuperr.log
2013-05-31 00:55 - 2013-05-31 00:55 - 00000000 ____D C:\Users\admin\AppData\Roaming\XBMC
2013-05-31 00:54 - 2013-05-31 00:54 - 00001823 ____A C:\Users\admin\Desktop\XBMC.lnk
2013-05-31 00:51 - 2013-05-31 00:52 - 00000000 ____D C:\Program Files\XBMC
==================== One Month Modified Files and Folders ========
2013-06-27 12:19 - 2013-06-27 12:19 - 01370369 ____A (Farbar) C:\Users\admin\Downloads\FRST.exe
2013-06-27 12:17 - 2013-06-27 12:17 - 00045704 ____A C:\ComboFix.txt
2013-06-27 12:17 - 2013-06-27 12:03 - 00000000 ____D C:\ComboFix
2013-06-27 12:17 - 2013-06-26 19:09 - 00000000 ____D C:\Qoobox
2013-06-27 12:13 - 2009-07-14 04:04 - 00000215 ____A C:\Windows\system.ini
2013-06-27 12:08 - 2012-03-30 12:04 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-27 12:04 - 2013-04-26 19:28 - 02028588 ____A C:\Windows\WindowsUpdate.log
2013-06-27 12:02 - 2013-05-31 15:44 - 35548938 ____A C:\Windows\setupact.log
2013-06-27 12:01 - 2011-03-05 00:00 - 00000000 ____D C:\Users\admin\Desktop\neben Programme
2013-06-27 11:24 - 2013-05-02 17:19 - 00001096 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-06-27 11:12 - 2011-03-11 13:17 - 00000000 ____D C:\Users\admin\AppData\Local\Adobe
2013-06-27 11:10 - 2009-07-14 06:34 - 00033984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 11:10 - 2009-07-14 06:34 - 00033984 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 11:08 - 2013-06-27 11:08 - 00005082 ____A C:\Users\admin\Documents\JRT.txt
2013-06-27 11:06 - 2013-06-27 11:06 - 00000000 ____D C:\Windows\ERUNT
2013-06-27 11:05 - 2013-06-27 11:05 - 00000000 ____D C:\JRT
2013-06-27 11:04 - 2013-06-27 11:04 - 00545954 ____A (Oleg N. Scherbakov) C:\Users\admin\Downloads\JRT.exe
2013-06-27 11:03 - 2013-05-31 16:29 - 00010792 ____A C:\Windows\AutoKMS.log
2013-06-27 11:03 - 2012-11-06 21:54 - 00078848 ____A C:\Windows\KMSEmulator.exe
2013-06-27 11:03 - 2012-11-06 21:54 - 00000202 ____A C:\Windows\Tasks\AutoKMSDaily.job
2013-06-27 11:03 - 2012-11-06 21:54 - 00000200 ____A C:\Windows\Tasks\AutoKMS.job
2013-06-27 11:02 - 2013-05-05 15:56 - 00000000 ____D C:\Users\admin\AppData\Roaming\Dropbox
2013-06-27 11:02 - 2013-05-02 17:18 - 00001092 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-06-27 11:02 - 2013-01-26 14:29 - 00000000 ___RD C:\Users\admin\Dropbox
2013-06-27 11:02 - 2011-04-06 14:03 - 00065536 _____ C:\Windows\System32\Ikeext.etl
2013-06-27 11:02 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 11:02 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\tracing
2013-06-27 11:01 - 2013-06-26 19:49 - 00000994 ____A C:\Windows\PFRO.log
2013-06-27 11:01 - 2013-04-26 19:29 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-27 11:00 - 2013-06-27 10:59 - 00012826 ____A C:\AdwCleaner[S1].txt
2013-06-26 23:27 - 2013-04-28 20:46 - 00000000 ____D C:\Users\admin\AppData\Roaming\Skype
2013-06-26 23:27 - 2011-06-02 17:47 - 00000000 ____D C:\Users\admin\AppData\Local\PMB Files
2013-06-26 23:27 - 2011-06-02 17:47 - 00000000 ____D C:\ProgramData\PMB Files
2013-06-26 20:44 - 2013-06-26 20:44 - 00648201 ____A C:\Users\admin\Downloads\adwcleaner.exe
2013-06-26 19:37 - 2009-07-14 04:37 - 00000000 __RHD C:\users\Default
2013-06-26 19:37 - 2009-07-14 04:37 - 00000000 ___RD C:\users\Public
2013-06-26 19:29 - 2013-06-26 19:09 - 00000000 ____D C:\Windows\erdnt
2013-06-26 19:10 - 2013-06-26 19:10 - 05083236 ____R (Swearware) C:\Users\admin\Downloads\ComboFix.exe
2013-06-26 19:01 - 2011-03-04 15:39 - 00000000 ____D C:\Users\admin\Desktop\Rocket Dock, Spiele
2013-06-26 18:59 - 2011-02-26 10:54 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-06-26 18:48 - 2013-04-26 13:20 - 00000000 ____D C:\Program Files\JDownloader 2
2013-06-26 17:50 - 2011-02-26 10:54 - 00000000 ____D C:\Program Files\Electronic Arts
2013-06-26 17:24 - 2013-06-26 17:24 - 00036050 ____A C:\Users\admin\Documents\FRST.txt
2013-06-26 17:24 - 2013-06-26 17:24 - 00027009 ____A C:\Users\admin\Documents\Addition.txt
2013-06-26 17:23 - 2013-06-26 17:23 - 00000000 ____D C:\FRST
2013-06-26 16:00 - 2013-06-26 16:00 - 00011889 ____A C:\Users\admin\Documents\hijackthis.log
2013-06-23 21:02 - 2012-12-06 21:35 - 00000000 ____D C:\Users\admin\AppData\Roaming\TS3Client
2013-06-22 18:46 - 2011-02-27 15:39 - 00000000 ____D C:\Program Files\Steam
2013-06-22 18:41 - 2011-02-27 15:39 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-06-19 21:26 - 2013-05-02 17:20 - 00002129 ____A C:\Users\Public\Desktop\Google Chrome.lnk
2013-06-15 23:11 - 2012-01-01 22:22 - 00000000 ____D C:\Program Files\Image-Line
2013-06-15 21:43 - 2013-06-15 21:42 - 12115496 ____A C:\Users\admin\Downloads\505 Drum Kit.zip
2013-06-15 21:42 - 2013-06-15 21:41 - 08067151 ____A C:\Users\admin\Downloads\Lil Jon Crunk Kit.zip
2013-06-15 21:40 - 2013-06-15 21:40 - 01152897 ____A C:\Users\admin\Downloads\East Coast Sound Kit.zip
2013-06-15 21:39 - 2013-06-15 21:39 - 05326278 ____A C:\Users\admin\Downloads\Soulja Boy Sound Kit.zip
2013-06-15 21:39 - 2013-06-15 21:39 - 02292849 ____A C:\Users\admin\Downloads\Hip Hop Sound Kit.zip
2013-06-15 21:38 - 2013-06-15 21:38 - 08461096 ____A C:\Users\admin\Downloads\Jay-Z Sound Kit.zip
2013-06-15 21:38 - 2013-06-15 21:37 - 09225984 ____A C:\Users\admin\Downloads\Lex Luger Drum Kit.zip
2013-06-15 21:33 - 2013-06-15 21:32 - 13388445 ____A C:\Users\admin\Downloads\Dr. Dre Sound Kit.zip
2013-06-15 18:33 - 2012-01-01 22:24 - 00000000 ____D C:\Program Files\VstPlugins
2013-06-15 15:08 - 2012-03-30 12:04 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-06-15 15:08 - 2011-05-15 12:56 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-06-15 01:39 - 2013-03-13 01:23 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-15 00:40 - 2010-11-20 23:01 - 01618320 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-08 14:36 - 2013-05-02 17:25 - 00000000 ___RD C:\Program Files\Skype
2013-06-08 14:36 - 2011-02-26 14:25 - 00000000 ____D C:\ProgramData\Skype
2013-06-08 11:30 - 2013-06-08 11:30 - 00000000 ____D C:\Users\Public\Documents\CrashDump
2013-06-06 16:03 - 2013-05-02 17:18 - 00000000 ____D C:\Program Files\Google
2013-06-06 16:03 - 2011-04-28 17:34 - 00000000 ____D C:\Users\admin\AppData\Local\Google
2013-06-02 13:30 - 2012-08-18 18:49 - 00138184 ____A C:\Windows\System32\Drivers\PnkBstrK.sys
2013-06-02 13:29 - 2012-08-18 18:18 - 00183112 ____A C:\Windows\System32\PnkBstrB.exe
2013-06-01 18:54 - 2013-05-05 15:59 - 00001017 ____A C:\Users\admin\Desktop\Dropbox.lnk
2013-06-01 12:50 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-05-31 17:20 - 2009-07-14 04:37 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-31 16:27 - 2013-05-31 16:27 - 00169728 ____A C:\Users\admin\AppData\Local\GDIPFONTCACHEV1.DAT
2013-05-31 16:26 - 2013-05-31 16:26 - 03958584 ____A C:\Windows\System32\FNTCACHE.DAT
2013-05-31 16:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\System32\DriverStore
2013-05-31 15:44 - 2013-05-31 15:44 - 00000000 ____A C:\Windows\setuperr.log
2013-05-31 15:24 - 2011-03-17 19:41 - 00000000 ____D C:\Users\admin\AppData\Roaming\DAEMON Tools Lite
2013-05-31 15:22 - 2013-05-04 03:02 - 00000000 ____D C:\Windows\Minidump
2013-05-31 00:55 - 2013-05-31 00:55 - 00000000 ____D C:\Users\admin\AppData\Roaming\XBMC
2013-05-31 00:54 - 2013-05-31 00:54 - 00001823 ____A C:\Users\admin\Desktop\XBMC.lnk
2013-05-31 00:52 - 2013-05-31 00:51 - 00000000 ____D C:\Program Files\XBMC
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-06-23 13:28
==================== End Of Log ============================
--- --- ---
AdwCleaner auf deinen Desktop.
SecurityCheck und:
