Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.25.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Nadine :: NADINE-PC [Administrator]
Schutz: Aktiviert
25.08.2013 11:29:01
mbam-log-2013-08-25 (11-29-01).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 214037
Laufzeit: 11 Minute(n), 9 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 10
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (Hijack.SearchPage) -> Bösartig: (hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=) Gut: (hxxp://www.google.com/) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 2
C:\Users\Nadine\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
C:\Users\Nadine\AppData\Roaming\OpenCandy\E5F331EA2EB04549B787CC0504B563B2 (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
Infizierte Dateien: 1
C:\Users\Nadine\AppData\Roaming\OpenCandy\E5F331EA2EB04549B787CC0504B563B2\TuneUpUtilities2013_2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt.
(Ende) wart, ich mach nochmal nen kompetten scan mit meiner externen festplatte... Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.25.03
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16660
Nadine :: NADINE-PC [Administrator]
Schutz: Aktiviert
25.08.2013 11:43:04
mbam-log-2013-08-25 (11-43-04).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|H:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 538489
Laufzeit: 2 Stunde(n), 25 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 2
C:\Users\Nadine\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\OpenCandy\E5F331EA2EB04549B787CC0504B563B2 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 4
C:\Users\Nadine\AppData\Local\DownloadGuide\Offers\iminent.exe (PUP.Iminent.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\siieftiwngqslcwvp.dll (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\FRST\Quarantine\siieftiwngqslcwvp.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Nadine\AppData\Roaming\OpenCandy\E5F331EA2EB04549B787CC0504B563B2\TuneUpUtilities2013_2200218_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Code:
# AdwCleaner v3.001 - Report created 25/08/2013 at 13:53:57
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Nadine - NADINE-PC
# Running from : C:\Users\Nadine\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Nadine\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Nadine\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Nadine\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Nadine\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Nadine\AppData\Roaming\pdfforge
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_30378\searchplugins\Askcom.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_30378\searchplugins\Web Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\distromatic
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=newtab&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=");
Line Deleted : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
[ File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_30378\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=newtab&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=");
Line Deleted : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
*************************
AdwCleaner[R0].txt - [9477 octets] - [25/08/2013 13:53:11]
AdwCleaner[S0].txt - [7287 octets] - [25/08/2013 13:53:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7347 octets] ########## Code:
# AdwCleaner v3.001 - Report created 25/08/2013 at 13:53:57
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (32 bits)
# Username : Nadine - NADINE-PC
# Running from : C:\Users\Nadine\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\Program Files\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Nadine\AppData\Local\DownloadGuide
Folder Deleted : C:\Users\Nadine\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Nadine\AppData\LocalLow\SimplyTech
Folder Deleted : C:\Users\Nadine\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Nadine\AppData\Roaming\pdfforge
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_30378\searchplugins\Askcom.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\searchplugins\Web Search.xml
File Deleted : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_30378\searchplugins\Web Search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Web Search.xml
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : HKCU\Software\Alexa Internet
Key Deleted : HKCU\Software\distromatic
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=newtab&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=");
Line Deleted : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
[ File : C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\Solo_30378\prefs.js ]
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.certified-toolbar.com?si=66920&st=newtab&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("browser.search.defaultengine", "Web Search");
Line Deleted : user_pref("browser.search.order.1", "Web Search");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=66920&st=chrome&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58&q=");
Line Deleted : user_pref("wtb6787.homepage", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("wtb6787.newtab", "hxxp://search.certified-toolbar.com?si=66920&st=home&tid=6787&ver=4.4&ts=1376960192695.000009&tguid=66920-6787-1376960192695-73C6C7E8565363645E1E025DE748BE58");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
*************************
AdwCleaner[R0].txt - [9477 octets] - [25/08/2013 13:53:11]
AdwCleaner[S0].txt - [7287 octets] - [25/08/2013 13:53:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7347 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x86
Ran by Nadine on 25.08.2013 at 14:09:05,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\simplytech
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\hometab_rasmancs
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{49A72782-B697-42EB-AD99-E255252E1297}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B3B3A6AC-74EC-BD56-BCDB-EFA4799FB9DF}
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Nadine\AppData\Roaming\mozilla\firefox\profiles\1w570ita.default\minidumps [71 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.08.2013 at 14:11:31,63
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 25-08-2013
Ran by Nadine (administrator) on 25-08-2013 14:14:12
Running from C:\Users\Nadine\Downloads
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(SafeNet Inc.) C:\Windows\system32\hasplms.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Entriq, Inc.) C:\Program Files\maxdome\DCBin\DCService.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Sun Microsystems, Inc.) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
() C:\Program Files\maxdome\DCBin\DCTrayApp.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-09-08] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [421160 2010-09-24] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [995176 2013-06-20] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [702024 2012-12-13] (Cisco Systems, Inc.)
HKCU\...\Run: [Skype] - C:\Program Files\Skype\Phone\Skype.exe [18642024 2013-02-28] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
ShortcutTarget: Adobe Gamma Loader.lnk -> C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\maxdome Download Manager.lnk
ShortcutTarget: maxdome Download Manager.lnk -> C:\Program Files\maxdome\DCBin\DCTrayApp.exe ()
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {C5E997AC-B9AF-4DD4-BE30-5F7ADC5B0090} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Winsock: Catalog5 05 C:\Program Files\Bonjour\mdnsNSP.dll [152864] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 172.16.42.1
Tcpip\..\Interfaces\{CBB0FF2F-4AE3-4CB4-BB33-C05B07EA4D9D}: [NameServer]10.156.33.53,129.187.5.1
FireFox:
========
FF ProfilePath: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_35 - C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\searchplugins\amazon.xml
FF Extension: No Name - C:\Users\Nadine\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: No Name - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\Extensions\complitly_0.sqlite
FF Extension: No Name - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\Extensions\WTB_GLOBAL.sqlite
FF Extension: No Name - C:\Users\Nadine\AppData\Roaming\Mozilla\Firefox\Profiles\1w570ita.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
========================== Services (Whitelisted) =================
R2 hasplms; C:\Windows\system32\hasplms.exe [3750400 2009-12-16] (SafeNet Inc.)
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-06-20] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [295376 2013-06-20] (Microsoft Corporation)
R2 Prosieben; C:\Program Files\maxdome\DCBin\DCService.exe [77032 2009-05-01] (Entriq, Inc.)
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [544840 2012-12-13] (Cisco Systems, Inc.)
R2 x10nets; C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
S3 acsock; C:\Windows\System32\DRIVERS\acsock.sys [92112 2012-12-13] (Cisco Systems, Inc.)
R2 aksfridge; C:\Windows\system32\drivers\aksfridge.sys [356864 2009-08-20] (Aladdin Knowledge Systems Ltd.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R2 hardlock; C:\Windows\system32\drivers\hardlock.sys [588800 2009-12-09] (SafeNet Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [211560 2013-06-18] (Microsoft Corporation)
S3 TrdCap; C:\Windows\System32\DRIVERS\TrdCap.sys [1554472 2010-06-09] (Trident Microsystems, Inc.)
R3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13976 2006-11-17] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-25 14:09 - 2013-08-25 14:09 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:08 - 2013-08-25 14:08 - 01021434 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe
2013-08-25 13:59 - 2013-08-25 13:59 - 01070459 _____ (Farbar) C:\Users\Nadine\Downloads\FRST.exe
2013-08-25 13:53 - 2013-08-25 13:54 - 00000000 ____D C:\AdwCleaner
2013-08-25 13:50 - 2013-08-25 13:51 - 00994642 _____ C:\Users\Nadine\Downloads\adwcleaner.exe
2013-08-25 11:27 - 2013-08-25 11:27 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 11:27 - 2013-08-25 11:27 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Malwarebytes
2013-08-25 11:27 - 2013-08-25 11:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 11:27 - 2013-08-25 11:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-25 11:27 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 11:26 - 2013-08-25 11:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 20:30 - 2013-08-25 13:11 - 00000000 ____D C:\Users\Nadine\Desktop\JCB-paper-newest
2013-08-24 14:40 - 2013-08-24 14:40 - 00000000 ____D C:\FRST
2013-08-23 22:33 - 2013-08-23 22:33 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-23 22:33 - 2013-08-23 22:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-21 17:12 - 2013-08-21 17:12 - 00000000 ____D C:\Program Files\Common Files\PDF Architect
2013-08-21 17:04 - 2013-08-22 18:37 - 00000000 ____D C:\Users\Nadine\Desktop\JCB-paper-neu
2013-08-20 03:05 - 2013-08-20 03:06 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\PDF Architect
2013-08-20 03:05 - 2013-08-20 03:05 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.4352.dll
2013-08-20 03:04 - 2013-08-20 03:05 - 00000000 ____D C:\Program Files\PDFCreator
2013-08-20 03:04 - 2013-08-20 03:04 - 00000993 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-08-20 03:04 - 2013-04-09 15:13 - 00095416 _____ (pdfforge GmbH) C:\Windows\system32\pdfcmon.dll
2013-08-20 03:04 - 2012-05-05 11:54 - 00662288 _____ (Microsoft Corporation) C:\Windows\system32\MSCOMCT2.OCX
2013-08-20 03:04 - 2012-05-05 11:54 - 00137000 _____ (Microsoft Corporation) C:\Windows\system32\MSMAPI32.OCX
2013-08-20 03:04 - 2012-05-05 11:54 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\MSMPIDE.DLL
2013-08-20 03:04 - 1998-07-06 18:56 - 00125712 _____ (Microsoft Corporation) C:\Windows\system32\VB6DE.DLL
2013-08-20 03:04 - 1998-07-06 18:55 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\MSCMCDE.DLL
2013-08-20 03:04 - 1998-07-06 18:55 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\MSCC2DE.DLL
2013-08-20 02:59 - 2013-08-20 03:01 - 17810632 _____ (pdfforge GmbH) C:\Users\Nadine\Downloads\PDFCreator-1_7_1_setup.exe
2013-08-20 02:58 - 2013-08-20 02:58 - 00000000 ____D C:\Users\Nadine\Downloads\freepdf
2013-08-20 02:56 - 2013-08-13 08:38 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-20 02:51 - 2013-08-20 02:51 - 00444400 _____ C:\Users\Nadine\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-19 23:52 - 2013-08-20 03:19 - 00000000 ____D C:\Users\Nadine\Desktop\JCB-paper
2013-08-19 20:20 - 2013-08-19 20:35 - 00000000 ____D C:\Users\Nadine\Desktop\Figure 1
2013-08-18 21:48 - 2013-08-18 21:48 - 00231188 _____ C:\Users\Nadine\Desktop\patients.pptx
2013-08-17 12:22 - 2013-08-23 22:32 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-14 10:32 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 10:32 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 10:32 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 10:32 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 10:32 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 10:32 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 10:32 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 10:31 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 10:31 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 10:31 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 09:58 - 2013-08-18 21:41 - 00000000 ____D C:\Users\Nadine\Desktop\Journal of Cell Biology
2013-08-14 00:52 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 00:52 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 00:52 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 00:52 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 00:52 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 00:52 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 00:52 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 00:52 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 00:52 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 00:52 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 00:52 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 00:52 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-11 16:27 - 2013-08-11 16:54 - 00000000 ____D C:\Users\Nadine\Desktop\Scratch-assay- representatives
2013-08-05 17:09 - 2013-08-09 23:30 - 00000000 ____D C:\Users\Nadine\Desktop\Paper Mucosal Immunology
2013-08-01 20:17 - 2013-08-01 20:23 - 00000000 ____D C:\Users\Nadine\Desktop\Basischarakterisierung CHOP
2013-08-01 20:15 - 2013-08-01 20:16 - 00000000 ____D C:\Users\Nadine\Desktop\NW67_continie_proliferationsraten_stabile zelllinien-wst rate
==================== One Month Modified Files and Folders =======
2013-08-25 14:11 - 2013-08-25 14:11 - 00001349 _____ C:\Users\Nadine\Desktop\JRT.txt
2013-08-25 14:09 - 2013-08-25 14:09 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:08 - 2013-08-25 14:08 - 01021434 _____ (Thisisu) C:\Users\Nadine\Downloads\JRT.exe
2013-08-25 14:02 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 14:02 - 2009-07-14 06:34 - 00013760 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 13:59 - 2013-08-25 13:59 - 01070459 _____ (Farbar) C:\Users\Nadine\Downloads\FRST.exe
2013-08-25 13:59 - 2010-09-04 11:30 - 01482214 _____ C:\Windows\WindowsUpdate.log
2013-08-25 13:55 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 13:55 - 2009-07-14 06:39 - 00118205 _____ C:\Windows\setupact.log
2013-08-25 13:54 - 2013-08-25 13:53 - 00000000 ____D C:\AdwCleaner
2013-08-25 13:51 - 2013-08-25 13:50 - 00994642 _____ C:\Users\Nadine\Downloads\adwcleaner.exe
2013-08-25 13:47 - 2011-02-05 20:57 - 00017226 _____ C:\Windows\PFRO.log
2013-08-25 13:40 - 2013-06-13 08:53 - 00000000 ____D C:\Users\Nadine\Desktop\Doktorarbeit_August-24
2013-08-25 13:11 - 2013-08-24 20:30 - 00000000 ____D C:\Users\Nadine\Desktop\JCB-paper-newest
2013-08-25 11:27 - 2013-08-25 11:27 - 00001071 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 11:27 - 2013-08-25 11:27 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Malwarebytes
2013-08-25 11:27 - 2013-08-25 11:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 11:27 - 2013-08-25 11:27 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-08-25 11:26 - 2013-08-25 11:26 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Nadine\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-24 20:56 - 2012-05-21 01:28 - 00002155 _____ C:\Windows\epplauncher.mif
2013-08-24 20:54 - 2011-11-08 13:24 - 00000000 ____D C:\Program Files\Microsoft Security Client
2013-08-24 20:46 - 2011-11-08 11:45 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-24 20:46 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-24 20:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-24 20:31 - 2010-09-04 13:10 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\Skype
2013-08-24 14:40 - 2013-08-24 14:40 - 00000000 ____D C:\FRST
2013-08-23 22:33 - 2013-08-23 22:33 - 00001109 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-08-23 22:33 - 2013-08-23 22:33 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-08-23 22:32 - 2013-08-17 12:22 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-08-23 22:08 - 2013-06-25 14:12 - 00765806 _____ C:\Users\Nadine\Desktop\Einleitung Copy.enl
2013-08-22 18:37 - 2013-08-21 17:04 - 00000000 ____D C:\Users\Nadine\Desktop\JCB-paper-neu
2013-08-21 17:12 - 2013-08-21 17:12 - 00000000 ____D C:\Program Files\Common Files\PDF Architect
2013-08-20 03:19 - 2013-08-19 23:52 - 00000000 ____D C:\Users\Nadine\Desktop\JCB-paper
2013-08-20 03:06 - 2013-08-20 03:05 - 00000000 ____D C:\Users\Nadine\AppData\Roaming\PDF Architect
2013-08-20 03:05 - 2013-08-20 03:05 - 00129536 _____ C:\Users\Public\AlexaNSISPlugin.4352.dll
2013-08-20 03:05 - 2013-08-20 03:04 - 00000000 ____D C:\Program Files\PDFCreator
2013-08-20 03:05 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2013-08-20 03:04 - 2013-08-20 03:04 - 00000993 _____ C:\Users\Public\Desktop\PDFCreator.lnk
2013-08-20 03:01 - 2013-08-20 02:59 - 17810632 _____ (pdfforge GmbH) C:\Users\Nadine\Downloads\PDFCreator-1_7_1_setup.exe
2013-08-20 02:58 - 2013-08-20 02:58 - 00000000 ____D C:\Users\Nadine\Downloads\freepdf
2013-08-20 02:51 - 2013-08-20 02:51 - 00444400 _____ C:\Users\Nadine\Downloads\DLG_free-pdf-perfect_chip_de-DE10.exe
2013-08-19 20:35 - 2013-08-19 20:20 - 00000000 ____D C:\Users\Nadine\Desktop\Figure 1
2013-08-19 20:35 - 2012-11-27 20:34 - 00000218 _____ C:\Windows\system32\kfgrbtv.tgz
2013-08-19 20:35 - 2012-11-27 20:34 - 00000114 _____ C:\Windows\system32\prsgrc.tgz
2013-08-19 20:35 - 2012-11-27 20:34 - 00000086 _____ C:\Windows\system32\ssprs.tgz
2013-08-19 20:35 - 2012-07-31 15:12 - 00000204 _____ C:\Windows\system32\kfgrbtv.dll
2013-08-19 20:35 - 2012-07-31 15:12 - 00000100 _____ C:\Windows\system32\prsgrc.dll
2013-08-18 21:55 - 2012-01-22 19:56 - 00000000 ____D C:\Users\Nadine\progress reports
2013-08-18 21:48 - 2013-08-18 21:48 - 00231188 _____ C:\Users\Nadine\Desktop\patients.pptx
2013-08-18 21:41 - 2013-08-14 09:58 - 00000000 ____D C:\Users\Nadine\Desktop\Journal of Cell Biology
2013-08-16 15:23 - 2013-03-26 20:23 - 00000000 ____D C:\Users\Nadine\Desktop\alle DSS statistics tissue plus cell infiltration
2013-08-16 15:18 - 2013-03-30 15:01 - 00000000 ____D C:\Users\Nadine\Desktop\paper discussion
2013-08-15 10:04 - 2012-09-10 15:51 - 00000000 ____D C:\Users\Nadine\Desktop\paper einleitung
2013-08-14 22:01 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-14 19:49 - 2013-07-11 19:00 - 00000000 ____D C:\Users\Nadine\Desktop\Paper Cell Development
2013-08-14 10:39 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 10:38 - 2013-07-25 00:09 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 10:36 - 2011-11-08 12:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-13 22:56 - 2012-09-09 22:24 - 00000000 ____D C:\Users\Public\Documents\maxdome
2013-08-13 22:56 - 2009-07-14 06:53 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-08-13 08:38 - 2013-08-20 02:56 - 00032328 _____ C:\Windows\Launcher.exe
2013-08-11 19:52 - 2012-01-22 19:51 - 00000000 ____D C:\Users\Nadine\Western Blots
2013-08-11 16:54 - 2013-08-11 16:27 - 00000000 ____D C:\Users\Nadine\Desktop\Scratch-assay- representatives
2013-08-09 23:30 - 2013-08-05 17:09 - 00000000 ____D C:\Users\Nadine\Desktop\Paper Mucosal Immunology
2013-08-01 20:23 - 2013-08-01 20:17 - 00000000 ____D C:\Users\Nadine\Desktop\Basischarakterisierung CHOP
2013-08-01 20:16 - 2013-08-01 20:15 - 00000000 ____D C:\Users\Nadine\Desktop\NW67_continie_proliferationsraten_stabile zelllinien-wst rate
2013-07-31 21:24 - 2012-01-22 19:51 - 00000000 ____D C:\Users\Nadine\Mikroskop
2013-07-31 21:16 - 2012-01-22 19:54 - 00000000 ____D C:\Users\Nadine\Volocity libraries
2013-07-29 22:30 - 2010-12-13 23:08 - 00000000 ____D C:\Users\Nadine\AppData\Local\Microsoft Games
2013-07-29 19:45 - 2013-05-30 20:01 - 00000000 ____D C:\Users\Nadine\Desktop\phd_data_graphpad-doktorarbeit
2013-07-28 22:28 - 2009-07-14 10:56 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-07-26 05:13 - 2013-08-14 10:32 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-14 10:32 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:13 - 2013-08-14 10:31 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-14 10:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 10:31 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:11 - 2013-08-14 10:32 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:11 - 2013-08-14 10:31 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 04:49 - 2013-08-14 10:32 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-14 10:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\Users\Nadine\Firefox_Setup_3.6.8.exe
C:\Users\Nadine\AppData\Local\Temp\ApnStub.exe
C:\Users\Nadine\AppData\Local\Temp\apptorun.exe
C:\Users\Nadine\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Nadine\AppData\Local\Temp\IR3WK2wg.exe.part
C:\Users\Nadine\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe
C:\Users\Nadine\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\Nadine\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\Nadine\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Nadine\AppData\Local\Temp\Quarantine.exe
C:\Users\Nadine\AppData\Local\Temp\Risweb32.exe
C:\Users\Nadine\AppData\Local\Temp\setup.exe
C:\Users\Nadine\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Nadine\AppData\Local\Temp\vpnui.exe_3.0.08057_20121213202647.mdmp
C:\Users\Nadine\AppData\Local\Temp\vpnui.exe_3.1.02026_20130314213617.mdmp
C:\Users\Nadine\AppData\Local\Temp\vpnui.exe_3.1.02026_20130407193225.mdmp
C:\Users\Nadine\AppData\Local\Temp\{93C46EA7-D02D-4461-96A5-60E6586CC176}\_Setup.dll
C:\Users\Nadine\AppData\Local\Temp\{0382A2B0-4B46-4E8D-9154-A0DBDEB11BA8}\InstallFlashPlayer.exe
C:\Users\Nadine\AppData\Local\Temp\SDIAG_6c2fc5e3-08ff-4462-8224-fa4f02e85401\DiagPackage.dll
C:\Users\Nadine\AppData\Local\Temp\SDIAG_6c2fc5e3-08ff-4462-8224-fa4f02e85401\de-DE\DiagPackage.dll.mui
C:\Users\Nadine\AppData\Local\Temp\SDIAG_12a06e36-1eea-4de0-90a6-52d4ef161a81\DiagPackage.dll
C:\Users\Nadine\AppData\Local\Temp\SDIAG_12a06e36-1eea-4de0-90a6-52d4ef161a81\de-DE\DiagPackage.dll.mui
C:\Users\Nadine\AppData\Local\Temp\nswDF2A.tmp\System.dll
C:\Users\Nadine\AppData\Local\Temp\nswDF2A.tmp\UserInfo.dll
C:\Users\Nadine\AppData\Local\Temp\nsm909.tmp\registry.dll
C:\Users\Nadine\AppData\Local\Temp\nsm8F29.tmp\brknctrlr.exe
C:\Users\Nadine\AppData\Local\Temp\nsm8F29.tmp\registry.dll
C:\Users\Nadine\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Nadine\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
C:\Users\Nadine\AppData\Local\Temp\is-PEVEQ.tmp\cinshlpr.dll
C:\Users\Nadine\AppData\Local\Temp\is-PEVEQ.tmp\InstallHelper.dll
C:\Users\Nadine\AppData\Local\Temp\is-1U0DD.tmp\Interop.IWshRuntimeLibrary.dll
C:\Users\Nadine\AppData\Local\Temp\is-1U0DD.tmp\System.Data.SQLite.dll
C:\Users\Nadine\AppData\Local\Temp\ED5B.tmp\vpndownloader.exe
C:\Users\Nadine\AppData\Local\Temp\E956.dir\InstallFlashPlayer.exe
C:\Users\Nadine\AppData\Local\Temp\CF03.tmp\vpndownloader.exe
C:\Users\Nadine\AppData\Local\Temp\C477.tmp\vpndownloader.exe
C:\Users\Nadine\AppData\Local\Temp\68F0.dir\InstallFlashPlayer.exe
C:\Users\Nadine\AppData\Local\Temp\4E01.dir\InstallFlashPlayer.exe
C:\Users\Nadine\AppData\Local\Temp\444.tmp\vpndownloader.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 00:13
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- ---
--- --- --- Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 25-08-2013
Ran by Nadine at 2013-08-25 14:14:34
Running from C:\Users\Nadine\Downloads
Boot Mode: Normal
==========================================================
==================== Installed Programs =======================
Adobe Flash Player 11 ActiveX (Version: 11.0.1.152)
Adobe Flash Player 11 Plugin (Version: 11.5.502.110)
Adobe Photoshop 7.0 (Version: 7.0)
Adobe Reader X (10.1.7) - Deutsch (Version: 10.1.7)
Amazon MP3-Downloader 1.0.17 (Version: 1.0.17)
Apple Application Support (Version: 1.3.2)
Apple Mobile Device Support (Version: 3.2.0.47)
Apple Software Update (Version: 2.1.2.120)
Audio Recorder Pro 3.70
Bonjour (Version: 2.0.3.0)
Canon MP640 series MP Drivers
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.02026)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
EndNote X5 (Version: 15.0.1.5774)
Free Audio CD Burner version 1.4
Free YouTube to MP3 Converter version 3.11.35.1031 (Version: 3.11.35.1031)
Gene set enrichment analysis (GSEA)
GraphPad Prism 6 (Trial) (Version: 6.01)
iTunes (Version: 10.0.1.22)
Java Auto Updater (Version: 2.0.7.1)
Java(TM) 6 Update 35 (Version: 6.0.350)
Konz 2012 (Version: 1.00.0000)
Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300)
maxdome Download Manager 4.1.300.78 (Version: 4.1.30078)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Antimalware Service DE-DE Language Pack (Version: 3.0.8402.2)
Microsoft Office Access MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Groove MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office InfoPath MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Professional Plus 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (English) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (French) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proof (Italian) 2010 (Version: 14.0.7015.1000)
Microsoft Office Proofing (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Office Word MUI (German) 2010 (Version: 14.0.7015.1000)
Microsoft Security Client (Version: 4.3.0215.0)
Microsoft Security Client DE-DE Language Pack (Version: 2.1.1116.0)
Microsoft Security Essentials (Version: 4.3.215.0)
Microsoft Silverlight (Version: 5.1.20513.0)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Mozilla Firefox 23.0.1 (x86 de) (Version: 23.0.1)
Mozilla Maintenance Service (Version: 23.0.1)
NVIDIA Display Control Panel (Version: 6.14.12.5912)
NVIDIA Drivers (Version: 1.10.62.40)
PDFCreator (Version: 1.7.1)
PlayReady PC Runtime x86 (Version: 1.3.0)
QuickTime (Version: 7.68.75.0)
Ralink RT2860 Wireless LAN Card (Version: 1.2.0.1)
ResearchSoft Direct Export Helper
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
SigmaPlot 11.1.0 (Version: 11.1.0)
Skype™ 6.3 (Version: 6.3.105)
Steuer 2011 (Version: 19.00.7304)
Uninstall 1.0.0.1
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
VLC media player 1.1.4 (Version: 1.1.4)
Volocity Demo (Version: 6.0)
X10 Hardware(TM)
==================== Restore Points =========================
01-08-2013 19:08:10 Windows Update
06-08-2013 08:24:23 Windows Update
09-08-2013 16:24:31 Windows Update
13-08-2013 21:07:21 Windows Update
14-08-2013 08:30:55 Windows Update
17-08-2013 15:43:59 Windows Update
20-08-2013 00:57:17 Free Pdf Perfect Prereq
20-08-2013 01:00:21 Free Pdf Perfect Prereq
20-08-2013 19:02:55 Windows Update
21-08-2013 15:11:28 Removed PDF Architect
24-08-2013 18:38:12 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {141BBBB3-3AB3-4FF0-B84D-ECC3DBDF2BE3} - System32\Tasks\{C7A74AEC-3746-4137-9E41-275A2B787648} => C:\Program Files\Skype\Phone\Skype.exe [2013-02-28] (Skype Technologies S.A.)
Task: {5662E137-2962-4078-AAE3-134E81F68888} - System32\Tasks\{F0D95CAE-9E8B-46F6-96F2-07AC4CC3FD68} => c:\program files\mozilla firefox\firefox.exe [2013-08-14] (Mozilla Corporation)
Task: {79EA93A8-0A45-4CD7-8E6B-9B8543E4D177} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-06-20] (Microsoft Corporation)
Task: {B0B48482-923D-4879-A3EF-2391E4EB7114} - System32\Tasks\Microsoft\Windows\WindowsBackup\Windows Backup Monitor => C:\Windows\system32\sdclt.exe [2010-11-20] (Microsoft Corporation)
Task: {BF720484-8103-4DF7-B237-F6214AF435D8} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => C:\Windows\system32\rundll32.exe [2009-07-14] (Microsoft Corporation)
Task: {E05A365A-B46C-4AB5-B6A6-A9A140402E17} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2702524975-4265628452-2668838540-1000
Task: {E11352BB-43DA-4DDA-BFB7-FB1FD0BA5CAC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe [2010-11-20] (Microsoft Corporation)
==================== Faulty Device Manager Devices =============
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
Name: FingerPrinter Reader
Description: FingerPrinter Reader
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Event log errors: =========================
Application errors:
==================
System errors:
=============
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Percentage of memory in use: 39%
Total physical RAM: 3066.88 MB
Available physical RAM: 1849.03 MB
Total Pagefile: 6132.05 MB
Available Pagefile: 4701.75 MB
Total Virtual: 2047.88 MB
Available Virtual: 1902.36 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:277.92 GB) (Free:160.71 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:20.16 GB) (Free:7.62 GB) FAT32
Drive z: () (Network) (Total:277.92 GB) (Free:160.71 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 45DC0011)
Partition 1: (Active) - (Size=278 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=0C)
==================== End Of Log ============================ Merci! |