KJ-Antje | 07.02.2014 18:25 | Hallo,
ich hab alle Tests wie beschrieben gemacht. Die Sache mit dem Desktop hat sich erledigt. Nach dem 2. Neustart war wieder alles ok.
Beim FRST-Scan kam eine Fehlermeldung, dass einige Dateien nicht kopiert werden konnten. Durch klick auf abbrechen lief der Scan aber zu Ende. Das logfile findest du am Ende.
Malwarebites Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2014.02.07.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
HP :: HERBERT [Administrator]
07.02.2014 14:05:38
mbam-log-2014-02-07 (14-05-38).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 243586
Laufzeit: 10 Minute(n), 17 Sekunde(n)
Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 3
HKLM\SOFTWARE\Plus-HD-3.2 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-3.2 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse: 1
C:\Program Files (x86)\Plus-HD-3.2 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 17
C:\Windows\Installer\5c9d8.msi (PUP.Optional.SmartBar.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\34330.xpi (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\background.html (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Installer.log (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-bg.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-buttonutil.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-buttonutil.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-codedownloader.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-enabler.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-helper.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2-updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Plus-HD-3.2.ico (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\Uninstall.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Plus-HD-3.2\utils.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende) Adw-Cleaner
AdwCleaner Logfile: Code:
# AdwCleaner v3.001 - Report created 29/08/2013 at 16:19:38
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : HP - HERBERT
# Running from : C:\Users\HP\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Updater Service for AMZN
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\eSafe
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\Amazon Browser Bar
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\Program Files (x86)\LyriXeeker
Folder Deleted : C:\Program Files (x86)\PC Speed Maximizer
Folder Deleted : C:\Program Files (x86)\SweetIM
Folder Deleted : C:\Users\HP\AppData\Local\Amazon Browser Bar
Folder Deleted : C:\Users\HP\AppData\Local\apn
Folder Deleted : C:\Users\HP\AppData\Local\Temp\Smartbar
Folder Deleted : C:\Users\HP\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\HP\AppData\Roaming\optimizer pro
Folder Deleted : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Video downloader
Folder Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\svovbrig.default\Smartbar
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\svovbrig.default\Extensions\firefox@webconnect.co.xpi
File Deleted : C:\Users\HP\Desktop\Optimizer Pro.lnk
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\svovbrig.default\searchplugins\Web Search.xml
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\svovbrig.default\\invalidprefs.js
File Deleted : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\svovbrig.default\user.js
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
Shortcut Disinfected : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
***** [ Registry ] *****
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB
Key Deleted : HKLM\SOFTWARE\Classes\AlxSSB.AlxTBSSB.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Key Deleted : HKLM\SOFTWARE\9ededcb33eb946
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1F02FB61-2BE5-4C16-8199-AEAA16EB0342}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69A72A8A-84ED-4A75-8CE7-263DBEF3E5D3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EA582743-9076-4178-9AA6-7393FDF4D5CE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51F04BD6-3888-4849-864C-617FAE709CE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C953EC4-8CFA-44FB-B32E-1249E5505091}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E4E394E0-D331-431F-B76D-E3A19193D5F6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DA9FC525-41ED-4C00-B046-946DA7CDD305}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F443A627-5009-4323-9C1D-7FD598D0D712}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E57091A7-B5F0-4C42-9329-72ED3E59ED31}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EA582743-9076-4178-9AA6-7393FDF4D5CE}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Value Deleted : HKLM\SOFTWARE\Policies\Google\Chrome\ExtensionInstallForcelist [1]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\delta LTD
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\distromatic
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\lyrixeeker
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\eSafeSecControl
Key Deleted : HKLM\Software\qvo6Software
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Amazon Browser Bar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Video downloader
Key Deleted : [x64] HKLM\SOFTWARE\Amazon Browser Bar
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\svovbrig.default\prefs.js ]
Line Deleted : user_pref("CT3202918.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3202918.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock\",\"url\":\"hxxp://feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3202918.1000234.TWC_TMP_city", "SULZBACH");
Line Deleted : user_pref("CT3202918.1000234.TWC_TMP_country", "DE");
Line Deleted : user_pref("CT3202918.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.FirstTime", "true");
Line Deleted : user_pref("CT3202918.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3202918.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3202918&SearchSource=2&q=");
Line Deleted : user_pref("CT3202918.UserID", "UN31543359960067097");
Line Deleted : user_pref("CT3202918.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3202918.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3202918.embeddedsData", "[{\"appId\":\"129773064360875682\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3202918.enableAlerts", "always");
Line Deleted : user_pref("CT3202918.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3202918.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3202918.fixUrls", true);
Line Deleted : user_pref("CT3202918.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.isNewTabEnabled", true);
Line Deleted : user_pref("CT3202918.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3202918.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3202918.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.keyword", true);
Line Deleted : user_pref("CT3202918.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.sweetim.com%2Funinstallbar.asp%3Fbarid%3D%7BE6DD2494-F39A-4B84-B397-22B6B68E4579%7D\",\"[...]
Line Deleted : user_pref("CT3202918.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\",\\\"WEATHER\\\",\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT3202918.search.searchAppId", "129773064360875682");
Line Deleted : user_pref("CT3202918.search.searchCount", "0");
Line Deleted : user_pref("CT3202918.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3202918.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3202918\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://FreezbGames.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"FreezbGames\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3202918.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1346109196070");
Line Deleted : user_pref("CT3202918.serviceLayer_services_appsMetadata_lastUpdate", "1346109195817");
Line Deleted : user_pref("CT3202918.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1346109196171");
Line Deleted : user_pref("CT3202918.serviceLayer_services_login_10.10.27.6_lastUpdate", "1347432892348");
Line Deleted : user_pref("CT3202918.serviceLayer_services_menu_434a494ed505ad77ce4cfa879a61a43c_lastUpdate", "1346109197080");
Line Deleted : user_pref("CT3202918.serviceLayer_services_menu_a43e6069358144da1b2908ca82c52bd7_lastUpdate", "1346109196975");
Line Deleted : user_pref("CT3202918.serviceLayer_services_optimizer_lastUpdate", "1346109196327");
Line Deleted : user_pref("CT3202918.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1346109196212");
Line Deleted : user_pref("CT3202918.serviceLayer_services_searchAPI_lastUpdate", "1346109195096");
Line Deleted : user_pref("CT3202918.serviceLayer_services_serviceMap_lastUpdate", "1347356652541");
Line Deleted : user_pref("CT3202918.serviceLayer_services_toolbarContextMenu_lastUpdate", "1346109196135");
Line Deleted : user_pref("CT3202918.serviceLayer_services_toolbarSettings_lastUpdate", "1347432892279");
Line Deleted : user_pref("CT3202918.serviceLayer_services_translation_lastUpdate", "1347356652761");
Line Deleted : user_pref("CT3202918.settingsINI", true);
Line Deleted : user_pref("CT3202918.smartbar.CTID", "CT3202918");
Line Deleted : user_pref("CT3202918.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3202918.smartbar.homepage", true);
Line Deleted : user_pref("CT3202918.smartbar.toolbarName", "FreezbGames ");
Line Deleted : user_pref("CT3202918.toolbarBornServerTime", "28-8-2012");
Line Deleted : user_pref("CT3202918.toolbarCurrentServerTime", "12-9-2012");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3202918&SearchSource=13");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.sweetim.com/search.asp?src=2&crg=3.27010003&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3202918");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultenginename", "Web Search");
Line Deleted : user_pref("browser.search.selectedEngine", "Web Search");
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.backgroundjs", "\n\n/*****************************************************************************[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.js", "\n\n /************************************************************************************\[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_78.name", "CrossriderInfo");
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Line Deleted : user_pref("extensions.a49ef6b77d54642d3a3a182912137df82350ffb92f05e4412b1997a670953a747com34330.34330.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Line Deleted : user_pref("extensions.crossrider.bic", "140c95db5d59a5a97aa05544e5f272c9");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "b80572e700000000000090f6520899e6");
Line Deleted : user_pref("extensions.delta.instlDay", "15945");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.617:08:45");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=280813_ctrl2&tsp=4988");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.helperbar.countryiso", "de");
Line Deleted : user_pref("extensions.helperbar.downloadprovider", "bundlore");
Line Deleted : user_pref("extensions.helperbar.installationid", "3fbb78ea-a8e8-8142-1ab4-816673da4088");
Line Deleted : user_pref("extensions.helperbar.installdate", "29/08/2013");
Line Deleted : user_pref("extensions.helperbar.publisher", "bundlore");
*************************
AdwCleaner[R0].txt - [31841 octets] - [29/08/2013 16:18:57]
AdwCleaner[S0].txt - [30175 octets] - [29/08/2013 16:19:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30236 octets] ########## --- --- ---
AdwCleaner Logfile: Code:
# AdwCleaner v3.018 - Bericht erstellt am 07/02/2014 um 14:35:44
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : HP - HERBERT
# Gestartet von : C:\Users\HP\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0923E315-2D8B-48CE-A37C-AE9A42F9711C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1A1BBE49-C6F1-40EA-9D2F-262F0AF6DDE3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2022154E-7E3E-4809-871E-1B45A6FC7058}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{292ECB89-350E-45D2-816F-52C15305B144}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{36CC2180-B6BF-4951-9578-6B0C40044AAA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44A36944-22C6-4A08-BC7C-161F3E540DBF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6247DD2C-8CF9-4041-A235-93691D71B8B4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{835BED79-DF7E-4096-B355-ED43FA2EA87B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8E863BD6-50DE-47D0-A6F1-3C1F6DB72451}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9DD36F1E-5111-41C5-ADED-A2A11A2FF3E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A2FB8217-E320-434E-BA79-513E357AD54F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A9CEBBF4-9129-479A-9231-E833ED3D3A8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AFD4D1F9-167C-4884-95AE-B5A9797B0D16}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B3EAD50C-ECB0-459A-9EDA-F505AB99675B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C47788B1-9604-4D7A-A684-F4D450F2D7D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{CA3B41D0-D4C1-4808-B248-75DA27238828}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D4A2FF6C-087F-4D40-8DFE-92AAD484BFB8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D88B9D5C-A9CF-4C69-906D-1CCA5D85A2EF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F83AF01C-AA2F-469F-8BE7-D178FB15FD07}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WebConnect
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v27.0 (de)
[ Datei : C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\o4dwrbz1.default\prefs.js ]
[ Datei : C:\Users\KaJa\AppData\Roaming\Mozilla\Firefox\Profiles\lvyr1mr2.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [37879 octets] - [29/08/2013 15:18:57]
AdwCleaner[R1].txt - [6097 octets] - [07/02/2014 14:31:15]
AdwCleaner[S0].txt - [36022 octets] - [29/08/2013 15:19:38]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [36083 octets] ########## --- --- ---
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.1 (02.04.2014:1)
OS: Windows 7 Home Premium x64
Ran by HP on 07.02.2014 at 14:41:43,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3418871380-3702506198-2498725809-1000\Software\sweetim
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\HP\AppData\Roaming\mozilla\firefox\profiles\o4dwrbz1.default\minidumps [8 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07.02.2014 at 14:54:53,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST
FRST Logfile:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-02-2014
Ran by HP (administrator) on HERBERT on 07-02-2014 18:15:53
Running from C:\Users\HP\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(EasyBits Software AS) C:\Windows\SysWOW64\ezSharedSvcHost.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
(Dropbox, Inc.) C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [StartCCC] - c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-05-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] - c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [612872 2014-01-03] (EasyBits Software AS)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [Nikon Message Center 2] - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [X]
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-04] (AVAST Software)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKU\S-1-5-21-3418871380-3702506198-2498725809-1000\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3418871380-3702506198-2498725809-1000\...\Policies\system: [DisableChangePassword] 0
Startup: C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\KaJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\HP\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {23F4C8FC-61B8-4FC0-9AA8-6CF90F056A4A} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks: - {E54729E8-643D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook64.dll [773192 2014-01-24] ()
ShellExecuteHooks-x32: - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook32.dll [484936 2014-01-24] ()
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\o4dwrbz1.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\HP\AppData\Roaming\Mozilla\Firefox\Profiles\o4dwrbz1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-10]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-09-03]
FF HKCU\...\Firefox\Extensions: [{12505464-a1b4-47a9-98ac-e7ed5e887d66}] - C:\Program Files (x86)\LyricsSeeker\131.xpi
FF Extension: No Name - C:\Program Files (x86)\LyricsSeeker\131.xpi [2013-08-29]
==================== Services (Whitelisted) =================
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-04] (AVAST Software)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
==================== Drivers (Whitelisted) ====================
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [78648 2014-02-04] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2014-02-04] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-02-04] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1038072 2014-02-04] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [421704 2014-02-04] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [80184 2014-02-04] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [207904 2014-02-04] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-07 18:15 - 2014-02-07 18:15 - 00013910 _____ () C:\Users\HP\Desktop\FRST.txt
2014-02-07 14:54 - 2014-02-07 14:54 - 00001101 _____ () C:\Users\HP\Desktop\JRT.txt
2014-02-07 14:20 - 2014-02-07 14:20 - 01166132 _____ () C:\Users\HP\Desktop\adwcleaner.exe
2014-02-07 13:44 - 2014-02-07 13:44 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-07 13:44 - 2014-02-07 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 13:44 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-07 13:06 - 2014-02-07 13:06 - 00001000 _____ () C:\Users\KaJa\Documents\MailShield.der
2014-02-06 20:20 - 2014-02-06 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 08:54 - 2014-02-07 18:15 - 00000000 ____D () C:\Users\Public\Documents\__Virus
2014-02-06 07:03 - 2014-02-06 06:27 - 05180173 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe
2014-02-06 06:53 - 2014-02-06 06:53 - 00000000 ____D () C:\Users\HP\AppData\Roaming\AVAST Software
2014-02-06 06:30 - 2014-02-06 07:19 - 00000000 ____D () C:\Qoobox
2014-02-06 06:30 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-06 06:30 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-06 06:30 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-06 06:30 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-06 06:30 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-06 06:30 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-06 06:30 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-06 06:30 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-06 06:22 - 2014-02-06 06:22 - 00000000 ____D () C:\ProgramData\Easybits
2014-02-05 18:23 - 2014-02-05 18:24 - 00481240 _____ () C:\Windows\Minidump\020514-19671-01.dmp
2014-02-05 14:40 - 2014-02-05 14:41 - 00481144 _____ () C:\Windows\Minidump\020514-19921-01.dmp
2014-02-05 14:00 - 2014-02-05 14:00 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-02-05 13:51 - 2014-02-07 18:15 - 00000000 ____D () C:\FRST
2014-02-05 13:49 - 2014-02-05 13:50 - 02080256 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-02-05 13:36 - 2014-02-06 06:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-04 15:07 - 2014-02-04 15:07 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-02-04 15:07 - 2014-02-04 15:07 - 00000000 ____D () C:\Program Files\Java
2014-02-04 15:03 - 2014-02-04 15:04 - 30796712 _____ (Oracle Corporation) C:\Users\KaJa\Downloads\jre-7u51-windows-x64.exe
2014-02-04 14:59 - 2014-02-04 14:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-04 14:59 - 2014-02-04 14:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-04 14:58 - 2014-02-04 14:58 - 02083288 _____ () C:\Users\KaJa\Downloads\winrar-x64-501d.exe
2014-02-04 13:01 - 2014-02-04 13:01 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\AVAST Software
2014-02-04 06:15 - 2014-02-04 06:15 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-03 22:06 - 2014-02-03 22:06 - 01769680 _____ () C:\Users\KaJa\Downloads\wrar501.exe
2014-02-03 22:05 - 2014-02-03 22:04 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-03 22:04 - 2014-02-03 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-03 22:04 - 2014-02-03 22:04 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-03 22:04 - 2014-02-03 22:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-03 22:00 - 2014-02-03 22:01 - 24097311 _____ () C:\Users\KaJa\Downloads\vlc-2.1.2-win32.exe
2014-02-03 21:52 - 2014-02-03 21:52 - 29141928 _____ (Oracle Corporation) C:\Users\KaJa\Downloads\jre-7u51-windows-i586.exe
2014-02-03 21:41 - 2014-02-03 21:42 - 18126032 _____ (Adobe Systems Inc.) C:\Users\KaJa\Downloads\AdobeAIRInstaller.exe
2014-02-02 08:46 - 2014-02-06 15:55 - 00024864 _____ () C:\Users\Public\Documents\MonatskostenFebruar.xlsx
2014-01-24 08:28 - 2014-01-24 08:29 - 00001883 _____ () C:\Users\Public\Desktop\Magic Desktop.lnk
2014-01-24 08:28 - 2014-01-24 08:29 - 00000000 ____D () C:\Program Files (x86)\EasyBits For Kids
2014-01-24 08:28 - 2014-01-24 08:28 - 00773192 _____ () C:\Windows\SysWOW64\ezUPBHook64.dll
2014-01-24 08:28 - 2014-01-24 08:28 - 00484936 _____ () C:\Windows\SysWOW64\ezUPBHook32.dll
2014-01-24 08:28 - 2014-01-24 08:28 - 00001022 _____ () C:\Users\Public\Desktop\Magic Control.lnk
2014-01-24 08:24 - 2014-01-24 08:24 - 00013788 _____ () C:\Users\KaJa\Documents\Magic Desktop Coupon.htm
2014-01-24 08:02 - 2014-01-24 08:03 - 23867560 _____ (Mozilla) C:\Users\KaJa\Downloads\Firefox Setup 26.0.exe
2014-01-22 21:16 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-22 21:16 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-22 21:16 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-22 21:16 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-22 21:16 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-22 21:16 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-22 21:16 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-22 21:16 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-22 21:16 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
==================== One Month Modified Files and Folders =======
2014-02-07 18:16 - 2014-02-07 18:15 - 00013910 _____ () C:\Users\HP\Desktop\FRST.txt
2014-02-07 18:15 - 2014-02-06 08:54 - 00000000 ____D () C:\Users\Public\Documents\__Virus
2014-02-07 18:15 - 2014-02-05 13:51 - 00000000 ____D () C:\FRST
2014-02-07 18:15 - 2012-08-14 18:52 - 00001102 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-07 17:57 - 2012-09-06 13:49 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-07 17:57 - 2012-07-27 12:39 - 02012042 _____ () C:\Windows\WindowsUpdate.log
2014-02-07 14:54 - 2014-02-07 14:54 - 00001101 _____ () C:\Users\HP\Desktop\JRT.txt
2014-02-07 14:44 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-07 14:44 - 2009-07-14 05:45 - 00016752 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-07 14:37 - 2013-01-29 13:46 - 00000000 ___RD () C:\Users\HP\Dropbox
2014-02-07 14:37 - 2013-01-29 13:41 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Dropbox
2014-02-07 14:37 - 2012-08-14 18:52 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-07 14:37 - 2012-07-27 20:43 - 00000000 ____D () C:\ProgramData\PDFC
2014-02-07 14:37 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-07 14:37 - 2009-07-14 05:51 - 00093572 _____ () C:\Windows\setupact.log
2014-02-07 14:35 - 2013-08-29 15:18 - 00000000 ____D () C:\AdwCleaner
2014-02-07 14:20 - 2014-02-07 14:20 - 01166132 _____ () C:\Users\HP\Desktop\adwcleaner.exe
2014-02-07 14:18 - 2013-08-29 10:19 - 00000000 ____D () C:\Program Files (x86)\vGrabber-software
2014-02-07 14:18 - 2013-08-29 10:11 - 00000000 ____D () C:\Program Files (x86)\LyricsSeeker
2014-02-07 14:17 - 2010-11-21 04:47 - 01306056 _____ () C:\Windows\PFRO.log
2014-02-07 13:50 - 2012-08-01 18:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-07 13:46 - 2013-09-18 19:18 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\BOM
2014-02-07 13:44 - 2014-02-07 13:44 - 00001115 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-02-07 13:44 - 2014-02-07 13:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-07 13:06 - 2014-02-07 13:06 - 00001000 _____ () C:\Users\KaJa\Documents\MailShield.der
2014-02-07 08:39 - 2013-10-09 19:16 - 00000000 ___RD () C:\Users\KaJa\Dropbox
2014-02-07 08:39 - 2013-10-09 19:15 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\Dropbox
2014-02-06 20:20 - 2014-02-06 20:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 20:13 - 2013-09-03 16:36 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-02-06 20:13 - 2012-09-06 13:49 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-06 20:13 - 2012-09-06 13:49 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-06 20:13 - 2012-07-27 20:39 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-06 15:55 - 2014-02-02 08:46 - 00024864 _____ () C:\Users\Public\Documents\MonatskostenFebruar.xlsx
2014-02-06 15:55 - 2013-09-11 13:11 - 00003922 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{2816F58B-7C38-4587-83DD-9A655093ECFC}
2014-02-06 15:55 - 2012-10-16 12:32 - 00000000 ____D () C:\Users\Public\Documents\Karen
2014-02-06 15:49 - 2012-07-27 20:12 - 00696620 _____ () C:\Windows\system32\perfh007.dat
2014-02-06 15:49 - 2012-07-27 20:12 - 00147916 _____ () C:\Windows\system32\perfc007.dat
2014-02-06 15:49 - 2009-07-14 06:13 - 01612484 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-06 09:32 - 2012-10-16 12:32 - 00000000 ____D () C:\Users\Public\Documents\Briefe
2014-02-06 08:56 - 2013-09-11 17:36 - 00000000 ____D () C:\Users\KaJa\AppData\Local\CrashDumps
2014-02-06 08:55 - 2012-07-27 12:37 - 00000000 ____D () C:\Users\HP
2014-02-06 07:19 - 2014-02-06 06:30 - 00000000 ____D () C:\Qoobox
2014-02-06 07:15 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-06 06:53 - 2014-02-06 06:53 - 00000000 ____D () C:\Users\HP\AppData\Roaming\AVAST Software
2014-02-06 06:29 - 2013-08-28 18:09 - 00000000 ____D () C:\Windows\erdnt
2014-02-06 06:27 - 2014-02-06 07:03 - 05180173 ____R (Swearware) C:\Users\HP\Desktop\ComboFix.exe
2014-02-06 06:22 - 2014-02-06 06:22 - 00000000 ____D () C:\ProgramData\Easybits
2014-02-06 06:22 - 2014-02-05 13:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-02-05 19:34 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-05 18:24 - 2014-02-05 18:23 - 00481240 _____ () C:\Windows\Minidump\020514-19671-01.dmp
2014-02-05 18:23 - 2013-01-19 11:04 - 652643793 _____ () C:\Windows\MEMORY.DMP
2014-02-05 18:23 - 2013-01-19 11:04 - 00000000 ____D () C:\Windows\Minidump
2014-02-05 14:41 - 2014-02-05 14:40 - 00481144 _____ () C:\Windows\Minidump\020514-19921-01.dmp
2014-02-05 14:00 - 2014-02-05 14:00 - 00000000 _____ () C:\Users\HP\defogger_reenable
2014-02-05 13:50 - 2014-02-05 13:49 - 02080256 _____ (Farbar) C:\Users\HP\Desktop\FRST64.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-02-04 15:07 - 2014-02-04 15:07 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-02-04 15:07 - 2014-02-04 15:07 - 00000000 ____D () C:\Program Files\Java
2014-02-04 15:04 - 2014-02-04 15:03 - 30796712 _____ (Oracle Corporation) C:\Users\KaJa\Downloads\jre-7u51-windows-x64.exe
2014-02-04 15:02 - 2012-08-13 02:04 - 00000000 ____D () C:\Users\HP\AppData\Local\Adobe
2014-02-04 14:59 - 2014-02-04 14:59 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-02-04 14:59 - 2014-02-04 14:59 - 00000000 ____D () C:\Program Files\WinRAR
2014-02-04 14:58 - 2014-02-04 14:58 - 02083288 _____ () C:\Users\KaJa\Downloads\winrar-x64-501d.exe
2014-02-04 14:58 - 2012-08-28 00:12 - 00000000 ____D () C:\Program Files (x86)\WinRAR
2014-02-04 13:01 - 2014-02-04 13:01 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\AVAST Software
2014-02-04 06:15 - 2014-02-04 06:15 - 00080184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 01038072 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 00421704 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 00334136 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-02-04 06:15 - 2013-09-03 16:36 - 00207904 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 00078648 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-02-04 06:15 - 2013-09-03 16:36 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-02-04 06:12 - 2013-09-03 16:28 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-04 06:11 - 2013-09-03 16:36 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-02-03 22:06 - 2014-02-03 22:06 - 01769680 _____ () C:\Users\KaJa\Downloads\wrar501.exe
2014-02-03 22:05 - 2013-11-04 21:07 - 00000000 ____D () C:\ProgramData\Oracle
2014-02-03 22:04 - 2014-02-03 22:05 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-02-03 22:04 - 2014-02-03 22:04 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-02-03 22:04 - 2014-02-03 22:04 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-02-03 22:04 - 2014-02-03 22:04 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-02-03 22:01 - 2014-02-03 22:00 - 24097311 _____ () C:\Users\KaJa\Downloads\vlc-2.1.2-win32.exe
2014-02-03 21:52 - 2014-02-03 21:52 - 29141928 _____ (Oracle Corporation) C:\Users\KaJa\Downloads\jre-7u51-windows-i586.exe
2014-02-03 21:43 - 2013-09-11 13:11 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\Adobe
2014-02-03 21:42 - 2014-02-03 21:41 - 18126032 _____ (Adobe Systems Inc.) C:\Users\KaJa\Downloads\AdobeAIRInstaller.exe
2014-02-03 21:42 - 2013-09-13 18:46 - 00000000 ____D () C:\Users\KaJa\AppData\Local\Adobe
2014-02-02 08:48 - 2013-01-29 13:42 - 00000000 ____D () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-02-02 08:48 - 2012-07-27 12:42 - 00000000 ___RD () C:\Users\HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-27 21:11 - 2013-09-18 18:25 - 00013802 _____ () C:\Users\Public\Documents\Mietzahlungen.xlsx
2014-01-24 08:40 - 2013-10-10 18:42 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\vlc
2014-01-24 08:29 - 2014-01-24 08:28 - 00001883 _____ () C:\Users\Public\Desktop\Magic Desktop.lnk
2014-01-24 08:29 - 2014-01-24 08:28 - 00000000 ____D () C:\Program Files (x86)\EasyBits For Kids
2014-01-24 08:28 - 2014-01-24 08:28 - 00773192 _____ () C:\Windows\SysWOW64\ezUPBHook64.dll
2014-01-24 08:28 - 2014-01-24 08:28 - 00484936 _____ () C:\Windows\SysWOW64\ezUPBHook32.dll
2014-01-24 08:28 - 2014-01-24 08:28 - 00001022 _____ () C:\Users\Public\Desktop\Magic Control.lnk
2014-01-24 08:28 - 2012-07-27 20:39 - 00325640 _____ (Easybits Software AS) C:\Windows\SysWOW64\ezseng.exe
2014-01-24 08:24 - 2014-01-24 08:24 - 00013788 _____ () C:\Users\KaJa\Documents\Magic Desktop Coupon.htm
2014-01-24 08:03 - 2014-01-24 08:02 - 23867560 _____ (Mozilla) C:\Users\KaJa\Downloads\Firefox Setup 26.0.exe
2014-01-23 16:58 - 2009-07-14 05:45 - 00766008 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-22 21:30 - 2013-07-16 21:21 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-22 21:28 - 2012-10-03 09:58 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-22 15:52 - 2013-09-03 16:36 - 00064288 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2014-01-21 21:12 - 2013-09-11 13:11 - 00000000 ___RD () C:\Users\KaJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-21 21:11 - 2013-10-09 19:16 - 00001017 _____ () C:\Users\KaJa\Desktop\Dropbox.lnk
2014-01-21 21:11 - 2013-10-09 19:15 - 00000000 ____D () C:\Users\KaJa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-21 21:11 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-01-21 06:22 - 2012-10-16 12:32 - 00000000 ____D () C:\Users\Public\Documents\Janis
2014-01-14 21:57 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLev.DAT
Some content of TEMP:
====================
C:\Users\HP\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 06:37
==================== End Of Log ============================ --- --- ---
--- --- ---
--- --- --- |