Ziegenlouie | 01.08.2014 11:35 | mbam: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.08.2014
Suchlauf-Zeit: 11:25:44
Logdatei: Malwarebytes.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.08.01.01
Rootkit Datenbank: v2014.07.17.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 8.1
CPU: x64
Dateisystem: NTFS
Benutzer: Oleg
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 363288
Verstrichene Zeit: 14 Min, 53 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 0
(No malicious items detected)
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 0
(No malicious items detected)
Physische Sektoren: 0
(No malicious items detected)
(end) JRT: Code:
V~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8.1 x64
Ran by Oleg on 01.08.2014 at 12:12:52,39
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-00A7-7A786E7484D7}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
~~~ FireFox
Successfully deleted: [File] C:\Users\Oleg\AppData\Roaming\mozilla\firefox\profiles\6mc9z39k.default\extensions\toolbar_avira-v7@apn.ask.com.xpi
Successfully deleted the following from C:\Users\Oleg\AppData\Roaming\mozilla\firefox\profiles\6mc9z39k.default\prefs.js
user_pref("browser.search.defaultenginename", "v9");
user_pref("browser.search.selectedEngine", "v9");
Emptied folder: C:\Users\Oleg\AppData\Roaming\mozilla\firefox\profiles\6mc9z39k.default\minidumps [90 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.08.2014 at 12:16:22,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ AdwCleaner: Code:
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 11:55:12
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Oleg - OLEGPC
# Gestartet von : C:\Users\Oleg\Desktop\adwcleaner_3.302.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\searchplugins\ask-search.xml
Datei Gefunden : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\user.js
Datei Gefunden : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\searchplugins\ask-search.xml
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden : C:\WINDOWS\System32\roboot64.exe
Ordner Gefunden : C:\Program Files (x86)\GetPrivate
Ordner Gefunden : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gefunden : C:\Program Files (x86)\VideoConverter
Ordner Gefunden : C:\Program Files\003
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\Oleg\AppData\Local\Genesis
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\DigitalSites
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\DownLite
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\GetPrivate
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\qone8
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\Systweak
Ordner Gefunden : C:\Users\Oleg\Documents\PC Speed Maximizer
***** [ Tasks ] *****
Task Gefunden : Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\dsiteproducts
Schlüssel Gefunden : HKCU\Software\genesis
Schlüssel Gefunden : HKCU\Software\SupHpUISoft
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\dsiteproducts
Schlüssel Gefunden : [x64] HKCU\Software\genesis
Schlüssel Gefunden : [x64] HKCU\Software\SupHpUISoft
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gefunden : HKLM\Software\SupDp
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\V9Software
Schlüssel Gefunden : HKLM\Software\Vittalia
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
Zeile gefunden : user_pref("extensions.irmysearch.aflt", "irmsd0202ff");
Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gefunden : user_pref("extensions.irmysearch.cr", "1359495754");
Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "");
[ Datei : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.v9.com/?type=hp&ts=1406042674&from=irs&uid=ST1000LM024XHN-M101MBB_S2U5J9DCA55571&i=psd&t=3461115f8");
Zeile gefunden : user_pref("extensions.irmysearch.aflt", "irmsd0202ff");
Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gefunden : user_pref("extensions.irmysearch.cr", "1359495754");
Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.AL", 2);
Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "EU");
Zeile gefunden : user_pref("extensions.mysearchdial.cr", "1359495754");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "9CEA2E12ADBF676FF75DB2955182EE0A");
Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Zeile gefunden : user_pref("extensions.mysearchdial.id", "84A6C831D6605DF4");
Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16117");
Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutB[...]
Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.020:51:24");
Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Zeile gefunden : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:51:24");
*************************
AdwCleaner[R0].txt - [7761 octets] - [01/08/2014 11:55:12]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [7821 octets] ########## Code:
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 11:59:11
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Oleg - OLEGPC
# Gestartet von : C:\Users\Oleg\Desktop\adwcleaner_3.302.exe
# Option : Suchen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\searchplugins\ask-search.xml
Datei Gefunden : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\user.js
Datei Gefunden : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\searchplugins\ask-search.xml
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Datei Gefunden : C:\WINDOWS\System32\roboot64.exe
Ordner Gefunden : C:\Program Files (x86)\GetPrivate
Ordner Gefunden : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gefunden : C:\Program Files (x86)\VideoConverter
Ordner Gefunden : C:\Program Files\003
Ordner Gefunden : C:\ProgramData\WPM
Ordner Gefunden : C:\Users\Oleg\AppData\Local\Genesis
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\DigitalSites
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\DownLite
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\GetPrivate
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\qone8
Ordner Gefunden : C:\Users\Oleg\AppData\Roaming\Systweak
Ordner Gefunden : C:\Users\Oleg\Documents\PC Speed Maximizer
***** [ Tasks ] *****
Task Gefunden : Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\dsiteproducts
Schlüssel Gefunden : HKCU\Software\genesis
Schlüssel Gefunden : HKCU\Software\SupHpUISoft
Schlüssel Gefunden : HKCU\Software\systweak
Schlüssel Gefunden : [x64] HKCU\Software\dsiteproducts
Schlüssel Gefunden : [x64] HKCU\Software\genesis
Schlüssel Gefunden : [x64] HKCU\Software\SupHpUISoft
Schlüssel Gefunden : [x64] HKCU\Software\systweak
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gefunden : HKLM\Software\SupDp
Schlüssel Gefunden : HKLM\Software\systweak
Schlüssel Gefunden : HKLM\Software\V9Software
Schlüssel Gefunden : HKLM\Software\Vittalia
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
Zeile gefunden : user_pref("extensions.irmysearch.aflt", "irmsd0202ff");
Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gefunden : user_pref("extensions.irmysearch.cr", "1359495754");
Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "");
[ Datei : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\prefs.js ]
Zeile gefunden : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gefunden : user_pref("browser.startup.homepage", "hxxp://www.v9.com/?type=hp&ts=1406042674&from=irs&uid=ST1000LM024XHN-M101MBB_S2U5J9DCA55571&i=psd&t=3461115f8");
Zeile gefunden : user_pref("extensions.irmysearch.aflt", "irmsd0202ff");
Zeile gefunden : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gefunden : user_pref("extensions.irmysearch.cr", "1359495754");
Zeile gefunden : user_pref("extensions.irmysearch.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.AL", 2);
Zeile gefunden : user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
Zeile gefunden : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gefunden : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gefunden : user_pref("extensions.mysearchdial.cntry", "EU");
Zeile gefunden : user_pref("extensions.mysearchdial.cr", "1359495754");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gefunden : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gefunden : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gefunden : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gefunden : user_pref("extensions.mysearchdial.hdrMd5", "9CEA2E12ADBF676FF75DB2955182EE0A");
Zeile gefunden : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Zeile gefunden : user_pref("extensions.mysearchdial.id", "84A6C831D6605DF4");
Zeile gefunden : user_pref("extensions.mysearchdial.instlDay", "16117");
Zeile gefunden : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gefunden : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutB[...]
Zeile gefunden : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.020:51:24");
Zeile gefunden : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Zeile gefunden : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gefunden : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.sg", "none");
Zeile gefunden : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gefunden : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
Zeile gefunden : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gefunden : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gefunden : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gefunden : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:51:24");
*************************
AdwCleaner[R0].txt - [7917 octets] - [01/08/2014 11:55:12]
AdwCleaner[R1].txt - [7821 octets] - [01/08/2014 11:59:11]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [7881 octets] ########## Code:
# AdwCleaner v3.302 - Bericht erstellt am 01/08/2014 um 11:59:37
# Aktualisiert 30/07/2014 von Xplode
# Betriebssystem : Windows 8.1 (64 bits)
# Benutzername : Oleg - OLEGPC
# Gestartet von : C:\Users\Oleg\Desktop\adwcleaner_3.302.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\GetPrivate
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\VideoConverter
Ordner Gelöscht : C:\Program Files\003
Ordner Gelöscht : C:\Users\Oleg\AppData\Local\Genesis
Ordner Gelöscht : C:\Users\Oleg\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Oleg\AppData\Roaming\DownLite
Ordner Gelöscht : C:\Users\Oleg\AppData\Roaming\GetPrivate
Ordner Gelöscht : C:\Users\Oleg\AppData\Roaming\qone8
Ordner Gelöscht : C:\Users\Oleg\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Oleg\Documents\PC Speed Maximizer
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Datei Gelöscht : C:\WINDOWS\System32\roboot64.exe
Datei Gelöscht : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\searchplugins\ask-search.xml
Datei Gelöscht : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AdvancedSystemProtector_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\genesis
Schlüssel Gelöscht : HKCU\Software\SupHpUISoft
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\V9Software
Schlüssel Gelöscht : HKLM\Software\Vittalia
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v31.0 (x86 de)
[ Datei : C:\Users\Natalia\AppData\Roaming\Mozilla\Firefox\Profiles\wox9wbj9.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.enabledAddons", "ffxtlbr%40mysearchdial.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:31.0");
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0202ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1359495754");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");
[ Datei : C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.v9.com/?type=hp&ts=1406042674&from=irs&uid=ST1000LM024XHN-M101MBB_S2U5J9DCA55571&i=psd&t=3461115f8");
Zeile gelöscht : user_pref("extensions.irmysearch.aflt", "irmsd0202ff");
Zeile gelöscht : user_pref("extensions.irmysearch.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gelöscht : user_pref("extensions.irmysearch.cr", "1359495754");
Zeile gelöscht : user_pref("extensions.irmysearch.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd0202ff");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutBtAtDtC1N1R");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "EU");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "1359495754");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "9CEA2E12ADBF676FF75DB2955182EE0A");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "84A6C831D6605DF4");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16117");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1CzutB[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.020:51:24");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0202ff&cd=2XzuyEtN2Y1L1QzuzzyE0AyC0CzztAtC0DyCyCtDyD0D0FyEtN0D0Tzu0SyByBzztN1L2XzutBtFtBtFtCyDtFtCyCtAtCtN1L[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.020:51:24");
*************************
AdwCleaner[R0].txt - [7917 octets] - [01/08/2014 11:55:12]
AdwCleaner[R1].txt - [7977 octets] - [01/08/2014 11:59:11]
AdwCleaner[S0].txt - [7687 octets] - [01/08/2014 11:59:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7747 octets] ########## FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-07-2014 02
Ran by Oleg (administrator) on OLEGPC on 01-08-2014 12:33:33
Running from C:\Users\Oleg\Desktop
Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13192848 2012-08-30] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1215632 2012-08-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917176 2012-09-05] (Synaptics Incorporated)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-07-01] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BlockAndSurf] => C:\Program Files (x86)\di6BlockAndSurf\BlockAndSurf.exe
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1
HKU\S-1-5-21-1975092217-2097855841-1990509036-1001\...\Run: [AppLauncher] => C:\Program Files (x86)\Medion MediaPack 3\Ashampoo AppLauncher (Medion)\AppLauncher.exe [969656 2012-08-10] (Ashampoo)
HKU\S-1-5-21-1975092217-2097855841-1990509036-1001\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-1975092217-2097855841-1990509036-1002\...\MountPoints2: {8a370896-bd21-11e2-be89-806e6f6e6963} - "E:\BSAutoRun.exe"
HKU\S-1-5-21-1975092217-2097855841-1990509036-1002\...\MountPoints2: {8c190424-c075-11e3-bed2-84a6c831d660} - "H:\AUTORUN.EXE"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-10-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Oleg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Oleg\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Oleg\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll (Dropbox, Inc.)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKCU - {AA0837FB-D1A3-46CE-BCDA-48DF759C317B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
BHO: Avira SearchFree Toolbar -> {41564952-412D-5637-00A7-7A786E7484D7} -> C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: No Name -> {41564952-412D-5637-00A7-7A786E7484D7} -> No File
Toolbar: HKLM - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKLM-x32 - No Name - {41564952-412D-5637-00A7-7A786E7484D7} - No File
Toolbar: HKCU - Avira SearchFree Toolbar - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport_x64.dll (APN LLC.)
Toolbar: HKCU - No Name - {41545534-2D56-3743-00A7-7A786E7484D7} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default
FF NewTab: chrome://quick_start/content/index.html
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Suche App - C:\Users\Oleg\AppData\Roaming\Mozilla\Firefox\Profiles\6mc9z39k.default\Extensions\{47744fca-0011-4ba5-ba33-24ae19355a42}.xpi [2014-07-20]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-07-01] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1030224 2014-07-15] (Avira Operations GmbH & Co. KG)
S4 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-02-08] () [File not signed]
R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink)
R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-24] ()
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2012-10-19] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-24] (Intel® Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-07-01] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [130584 2014-05-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-11-30] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [42040 2014-07-15] (Avira Operations GmbH & Co. KG)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1337216 2012-10-01] (Motorola Solutions, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
R3 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-04-13] (Disc Soft Ltd)
S3 IT9135BDA; C:\Windows\System32\Drivers\IT9135BDA.sys [165504 2012-11-14] (ITE )
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-10-09] (Windows (R) Win 7 DDK provider)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-10-09] (Windows (R) Win 7 DDK provider)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 12:16 - 2014-08-01 12:16 - 00001277 _____ () C:\Users\Oleg\Desktop\JRT.txt
2014-08-01 12:12 - 2014-08-01 12:12 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 12:11 - 2014-08-01 12:11 - 01016261 _____ (Thisisu) C:\Users\Oleg\Desktop\JRT.exe
2014-08-01 12:07 - 2014-08-01 11:59 - 00007977 _____ () C:\Users\Oleg\Desktop\AdwCleaner[R1].txt
2014-08-01 12:07 - 2014-08-01 11:55 - 00007917 _____ () C:\Users\Oleg\Desktop\AdwCleaner[R0].txt
2014-08-01 12:05 - 2014-08-01 11:59 - 00007827 _____ () C:\Users\Oleg\Desktop\AdwCleaner[S0].txt
2014-08-01 11:54 - 2014-08-01 11:59 - 00000000 ____D () C:\AdwCleaner
2014-08-01 11:54 - 2014-08-01 11:54 - 01361309 _____ () C:\Users\Oleg\Desktop\adwcleaner_3.302.exe
2014-08-01 11:44 - 2014-08-01 11:44 - 00001153 _____ () C:\Users\Oleg\Desktop\mbam.txt.txt
2014-08-01 11:24 - 2014-08-01 11:25 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 11:24 - 2014-08-01 11:24 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 11:24 - 2014-08-01 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 11:24 - 2014-08-01 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 11:24 - 2014-08-01 11:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 11:24 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-08-01 11:24 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-08-01 11:24 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-08-01 11:23 - 2014-08-01 11:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Oleg\Desktop\mbam-setup-2.0.2.1012.exe.part
2014-08-01 11:20 - 2014-08-01 11:20 - 00000000 ____D () C:\Users\Natalia\Desktop\FRST-OlderVersion
2014-08-01 11:18 - 2014-08-01 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Natalia\Downloads\revosetup95.exe
2014-08-01 11:05 - 2014-08-01 11:06 - 00034766 _____ () C:\Users\Oleg\Desktop\Addition.txt
2014-08-01 10:42 - 2014-08-01 10:42 - 00000000 ____D () C:\Users\Oleg\Desktop\FRST-OlderVersion
2014-08-01 10:24 - 2014-08-01 11:19 - 00001288 _____ () C:\Users\Oleg\Desktop\Revo Uninstaller.lnk
2014-08-01 10:24 - 2014-08-01 10:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-01 10:23 - 2014-08-01 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oleg\Desktop\revosetup95.exe
2014-07-30 18:52 - 2014-07-30 18:52 - 00000000 __SHD () C:\Users\Natalia\AppData\Local\EmieUserList
2014-07-30 18:52 - 2014-07-30 18:52 - 00000000 __SHD () C:\Users\Natalia\AppData\Local\EmieSiteList
2014-07-30 13:56 - 2014-07-30 13:56 - 00006760 _____ () C:\Users\Natalia\Desktop\Ereignisse.txt
2014-07-30 11:16 - 2014-07-30 11:16 - 00380416 _____ () C:\Users\Natalia\Desktop\3262kclc.exe
2014-07-30 10:32 - 2014-07-30 10:32 - 00380416 _____ () C:\Users\Natalia\Desktop\Gmer-19357.exe
2014-07-30 10:29 - 2014-08-01 12:33 - 00014879 _____ () C:\Users\Oleg\Desktop\FRST.txt
2014-07-30 10:28 - 2014-08-01 10:42 - 02094080 _____ (Farbar) C:\Users\Oleg\Desktop\FRST64.exe
2014-07-30 10:27 - 2014-07-30 10:27 - 00050477 _____ () C:\Users\Oleg\Desktop\Defogger.exe
2014-07-30 10:27 - 2014-07-30 10:27 - 00000470 _____ () C:\Users\Oleg\Desktop\defogger_disable.log
2014-07-30 09:58 - 2014-08-01 11:21 - 00027744 _____ () C:\Users\Natalia\Desktop\Addition.txt
2014-07-30 09:57 - 2014-08-01 11:21 - 00029133 _____ () C:\Users\Natalia\Desktop\FRST.txt
2014-07-30 09:56 - 2014-08-01 12:33 - 00000000 ____D () C:\FRST
2014-07-30 09:56 - 2014-08-01 11:20 - 02094080 _____ (Farbar) C:\Users\Natalia\Desktop\FRST64.exe
2014-07-30 09:46 - 2014-07-30 11:10 - 00000470 _____ () C:\Users\Natalia\Desktop\defogger_disable.log
2014-07-30 09:46 - 2014-07-30 09:46 - 00000168 _____ () C:\Users\Oleg\defogger_reenable
2014-07-30 09:45 - 2014-07-30 09:45 - 00050477 _____ () C:\Users\Natalia\Desktop\Defogger.exe
2014-07-30 09:43 - 2014-07-30 09:43 - 00000000 ____D () C:\Users\Natalia\AppData\Roaming\DAEMON Tools Lite
2014-07-29 18:28 - 2014-07-29 18:28 - 00000869 _____ () C:\Users\Oleg\Downloads\Dokumente - Verknüpfung.lnk
2014-07-29 09:45 - 2014-07-29 09:45 - 00047086 _____ () C:\AnalysisLog.sr0
2014-07-27 17:23 - 2014-07-31 19:28 - 00070144 _____ () C:\WINDOWS\SysWOW64\tasks.dll
2014-07-27 16:47 - 2014-07-31 12:33 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Bioshock
2014-07-27 16:47 - 2014-07-27 17:01 - 00000000 ____D () C:\Users\Oleg\Documents\Bioshock
2014-07-27 16:45 - 2014-07-27 16:45 - 00000000 __RHD () C:\Users\Oleg\AppData\Roaming\SecuROM
2014-07-27 15:34 - 2014-07-27 15:34 - 00002260 _____ () C:\Users\Oleg\Desktop\BioShock.lnk
2014-07-27 15:31 - 2014-07-27 15:31 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2014-07-27 15:21 - 2014-07-27 15:21 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\InstallShield Installation Information
2014-07-27 15:20 - 2014-07-27 15:20 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\InstallShield
2014-07-27 15:20 - 2014-07-27 15:20 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\2K Games
2014-07-23 13:20 - 2014-07-23 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 17:24 - 2014-07-22 17:29 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-22 17:23 - 2014-07-22 17:23 - 01245152 _____ () C:\Users\Oleg\Downloads\rome_total_war_No-Cd.exe
2014-07-22 17:23 - 2014-07-22 17:23 - 00003250 _____ () C:\WINDOWS\System32\Tasks\GPUP
2014-07-22 16:37 - 2014-07-22 16:37 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-09 08:53 - 2014-06-19 03:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-07-09 08:53 - 2014-06-19 02:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-07-09 08:53 - 2014-06-19 01:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-07-09 08:53 - 2014-06-19 00:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-07-09 08:53 - 2014-06-17 00:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-07-09 08:53 - 2014-06-17 00:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-07-09 08:53 - 2014-06-06 16:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-07-09 08:53 - 2014-05-30 05:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-07-09 08:53 - 2014-05-29 14:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-07-09 08:53 - 2014-05-29 09:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-07-09 08:53 - 2014-05-29 08:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-07-09 08:53 - 2014-05-29 08:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-07-09 08:53 - 2014-05-29 07:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-07-09 08:53 - 2014-05-29 07:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-07-09 08:52 - 2014-06-19 02:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-07-09 08:52 - 2014-06-19 02:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-07-09 08:52 - 2014-06-19 01:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-07-09 08:52 - 2014-06-19 01:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-07-09 08:52 - 2014-06-19 01:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-07-09 08:52 - 2014-06-19 01:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-07-09 08:52 - 2014-06-19 01:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-07-09 08:52 - 2014-06-19 01:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-07-09 08:52 - 2014-06-19 01:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-07-09 08:52 - 2014-06-19 01:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-07-09 08:52 - 2014-06-19 00:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-07-09 08:52 - 2014-06-19 00:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-07-09 08:52 - 2014-06-19 00:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-07-09 08:52 - 2014-06-19 00:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-07-09 08:52 - 2014-06-19 00:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-07-09 08:52 - 2014-06-19 00:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-07-09 08:52 - 2014-06-19 00:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-07-09 08:52 - 2014-06-19 00:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-07-09 08:52 - 2014-06-19 00:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-07-09 08:52 - 2014-06-19 00:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-07-09 08:52 - 2014-06-19 00:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-07-09 08:52 - 2014-06-19 00:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-07-09 08:52 - 2014-06-19 00:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-07-09 08:52 - 2014-06-06 15:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2014-07-09 08:52 - 2014-06-06 14:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2014-07-09 08:52 - 2014-05-31 12:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-07-09 08:52 - 2014-05-31 12:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-07-09 08:52 - 2014-05-31 05:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-07-09 08:52 - 2014-05-31 05:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-07-09 08:52 - 2014-05-31 05:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:52 - 2014-05-31 05:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-07-09 08:52 - 2014-05-31 05:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-07-09 08:52 - 2014-05-31 05:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-07-09 08:52 - 2014-05-31 04:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-07-09 08:52 - 2014-05-31 04:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-07-09 08:52 - 2014-05-31 04:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-07-09 08:52 - 2014-05-31 04:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-07-09 08:52 - 2014-05-31 04:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-07-09 08:52 - 2014-05-31 04:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-07-09 08:52 - 2014-05-31 04:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-07-09 08:48 - 2014-07-09 08:48 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-08-01 12:33 - 2014-07-30 10:29 - 00014879 _____ () C:\Users\Oleg\Desktop\FRST.txt
2014-08-01 12:33 - 2014-07-30 09:56 - 00000000 ____D () C:\FRST
2014-08-01 12:24 - 2013-06-06 14:10 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1975092217-2097855841-1990509036-1002
2014-08-01 12:16 - 2014-08-01 12:16 - 00001277 _____ () C:\Users\Oleg\Desktop\JRT.txt
2014-08-01 12:12 - 2014-08-01 12:12 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-08-01 12:11 - 2014-08-01 12:11 - 01016261 _____ (Thisisu) C:\Users\Oleg\Desktop\JRT.exe
2014-08-01 12:02 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-08-01 12:01 - 2014-02-01 21:27 - 01935656 _____ () C:\WINDOWS\WindowsUpdate.log
2014-08-01 12:01 - 2013-11-14 00:18 - 00167706 _____ () C:\WINDOWS\PFRO.log
2014-08-01 12:01 - 2013-08-22 15:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
2014-08-01 12:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-08-01 11:59 - 2014-08-01 12:07 - 00007977 _____ () C:\Users\Oleg\Desktop\AdwCleaner[R1].txt
2014-08-01 11:59 - 2014-08-01 12:05 - 00007827 _____ () C:\Users\Oleg\Desktop\AdwCleaner[S0].txt
2014-08-01 11:59 - 2014-08-01 11:54 - 00000000 ____D () C:\AdwCleaner
2014-08-01 11:55 - 2014-08-01 12:07 - 00007917 _____ () C:\Users\Oleg\Desktop\AdwCleaner[R0].txt
2014-08-01 11:54 - 2014-08-01 11:54 - 01361309 _____ () C:\Users\Oleg\Desktop\adwcleaner_3.302.exe
2014-08-01 11:45 - 2014-04-13 13:37 - 00000000 ____D () C:\temp
2014-08-01 11:45 - 2014-03-20 18:30 - 00000000 ____D () C:\Users\Oleg\Zeuch
2014-08-01 11:44 - 2014-08-01 11:44 - 00001153 _____ () C:\Users\Oleg\Desktop\mbam.txt.txt
2014-08-01 11:25 - 2014-08-01 11:24 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-08-01 11:24 - 2014-08-01 11:24 - 00001122 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-08-01 11:24 - 2014-08-01 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-01 11:24 - 2014-08-01 11:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-08-01 11:24 - 2014-08-01 11:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-01 11:23 - 2014-08-01 11:23 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Oleg\Desktop\mbam-setup-2.0.2.1012.exe.part
2014-08-01 11:21 - 2014-07-30 09:58 - 00027744 _____ () C:\Users\Natalia\Desktop\Addition.txt
2014-08-01 11:21 - 2014-07-30 09:57 - 00029133 _____ () C:\Users\Natalia\Desktop\FRST.txt
2014-08-01 11:20 - 2014-08-01 11:20 - 00000000 ____D () C:\Users\Natalia\Desktop\FRST-OlderVersion
2014-08-01 11:20 - 2014-07-30 09:56 - 02094080 _____ (Farbar) C:\Users\Natalia\Desktop\FRST64.exe
2014-08-01 11:19 - 2014-08-01 10:24 - 00001288 _____ () C:\Users\Oleg\Desktop\Revo Uninstaller.lnk
2014-08-01 11:18 - 2014-08-01 11:18 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Natalia\Downloads\revosetup95.exe
2014-08-01 11:16 - 2014-05-28 17:14 - 00000000 ___RD () C:\Users\Natalia\OneDrive
2014-08-01 11:06 - 2014-08-01 11:05 - 00034766 _____ () C:\Users\Oleg\Desktop\Addition.txt
2014-08-01 10:42 - 2014-08-01 10:42 - 00000000 ____D () C:\Users\Oleg\Desktop\FRST-OlderVersion
2014-08-01 10:42 - 2014-07-30 10:28 - 02094080 _____ (Farbar) C:\Users\Oleg\Desktop\FRST64.exe
2014-08-01 10:24 - 2014-08-01 10:24 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-08-01 10:23 - 2014-08-01 10:23 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Oleg\Desktop\revosetup95.exe
2014-07-31 19:28 - 2014-07-27 17:23 - 00070144 _____ () C:\WINDOWS\SysWOW64\tasks.dll
2014-07-31 12:33 - 2014-07-27 16:47 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\Bioshock
2014-07-30 18:52 - 2014-07-30 18:52 - 00000000 __SHD () C:\Users\Natalia\AppData\Local\EmieUserList
2014-07-30 18:52 - 2014-07-30 18:52 - 00000000 __SHD () C:\Users\Natalia\AppData\Local\EmieSiteList
2014-07-30 13:56 - 2014-07-30 13:56 - 00006760 _____ () C:\Users\Natalia\Desktop\Ereignisse.txt
2014-07-30 11:16 - 2014-07-30 11:16 - 00380416 _____ () C:\Users\Natalia\Desktop\3262kclc.exe
2014-07-30 11:10 - 2014-07-30 09:46 - 00000470 _____ () C:\Users\Natalia\Desktop\defogger_disable.log
2014-07-30 10:32 - 2014-07-30 10:32 - 00380416 _____ () C:\Users\Natalia\Desktop\Gmer-19357.exe
2014-07-30 10:27 - 2014-07-30 10:27 - 00050477 _____ () C:\Users\Oleg\Desktop\Defogger.exe
2014-07-30 10:27 - 2014-07-30 10:27 - 00000470 _____ () C:\Users\Oleg\Desktop\defogger_disable.log
2014-07-30 09:46 - 2014-07-30 09:46 - 00000168 _____ () C:\Users\Oleg\defogger_reenable
2014-07-30 09:46 - 2014-02-01 21:33 - 00000000 ____D () C:\Users\Oleg
2014-07-30 09:45 - 2014-07-30 09:45 - 00050477 _____ () C:\Users\Natalia\Desktop\Defogger.exe
2014-07-30 09:43 - 2014-07-30 09:43 - 00000000 ____D () C:\Users\Natalia\AppData\Roaming\DAEMON Tools Lite
2014-07-29 18:28 - 2014-07-29 18:28 - 00000869 _____ () C:\Users\Oleg\Downloads\Dokumente - Verknüpfung.lnk
2014-07-29 09:45 - 2014-07-29 09:45 - 00047086 _____ () C:\AnalysisLog.sr0
2014-07-29 08:45 - 2014-02-01 21:33 - 00000000 ____D () C:\Users\Natalia
2014-07-29 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-29 07:47 - 2013-06-06 18:30 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-27 17:01 - 2014-07-27 16:47 - 00000000 ____D () C:\Users\Oleg\Documents\Bioshock
2014-07-27 16:45 - 2014-07-27 16:45 - 00000000 __RHD () C:\Users\Oleg\AppData\Roaming\SecuROM
2014-07-27 15:34 - 2014-07-27 15:34 - 00002260 _____ () C:\Users\Oleg\Desktop\BioShock.lnk
2014-07-27 15:32 - 2012-11-14 09:25 - 00230553 _____ () C:\WINDOWS\DirectX.log
2014-07-27 15:31 - 2014-07-27 15:31 - 00178800 _____ (Sony DADC Austria AG.) C:\WINDOWS\SysWOW64\CmdLineExt_x64.dll
2014-07-27 15:21 - 2014-07-27 15:21 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\InstallShield Installation Information
2014-07-27 15:20 - 2014-07-27 15:20 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\InstallShield
2014-07-27 15:20 - 2014-07-27 15:20 - 00000000 ____D () C:\Users\Oleg\AppData\Roaming\2K Games
2014-07-23 13:20 - 2014-07-23 13:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-22 17:43 - 2012-11-14 10:23 - 00000000 ____D () C:\Program Files (x86)\PHotkey
2014-07-22 17:29 - 2014-07-22 17:24 - 00000306 __RSH () C:\ProgramData\ntuser.pol
2014-07-22 17:24 - 2013-08-22 17:36 - 00000000 ___HD () C:\WINDOWS\system32\GroupPolicy
2014-07-22 17:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\GroupPolicy
2014-07-22 17:23 - 2014-07-22 17:23 - 01245152 _____ () C:\Users\Oleg\Downloads\rome_total_war_No-Cd.exe
2014-07-22 17:23 - 2014-07-22 17:23 - 00003250 _____ () C:\WINDOWS\System32\Tasks\GPUP
2014-07-22 16:37 - 2014-07-22 16:37 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-07-15 14:44 - 2013-09-09 10:38 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2014-07-15 08:29 - 2013-10-01 07:21 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1975092217-2097855841-1990509036-1003
2014-07-11 14:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-07-09 23:33 - 2013-08-15 16:06 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-07-09 23:32 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-09 23:32 - 2012-11-14 08:51 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-07-09 10:00 - 2013-08-22 16:44 - 00505248 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-07-09 09:57 - 2013-11-14 09:13 - 00000000 ____D () C:\Program Files\Windows Journal
2014-07-09 09:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-07-09 09:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 09:57 - 2013-08-22 17:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-07-09 09:57 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-07-09 09:57 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-09 09:55 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-09 08:48 - 2014-07-09 08:48 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
Some content of TEMP:
====================
C:\Users\Natalia\AppData\Local\Temp\avgnt.exe
C:\Users\Oleg\AppData\Local\Temp\83770uninstall.exe
C:\Users\Oleg\AppData\Local\Temp\avgnt.exe
C:\Users\Oleg\AppData\Local\Temp\drm_dialogs.dll
C:\Users\Oleg\AppData\Local\Temp\drm_dyndata_7340007.dll
C:\Users\Oleg\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqzngqc.dll
C:\Users\Oleg\AppData\Local\Temp\instloffer.exe
C:\Users\Oleg\AppData\Local\Temp\pcspeedmaxsetup.exe
C:\Users\Oleg\AppData\Local\Temp\Quarantine.exe
C:\Users\Oleg\AppData\Local\Temp\SecuExp.exe
C:\Users\Oleg\AppData\Local\Temp\Sqlite3.dll
C:\Users\Oleg\AppData\Local\Temp\uplibakm.xwa.exe
C:\Users\Oleg\AppData\Local\Temp\_isB42F.exe
C:\Users\Oleg\AppData\Local\Temp\_isF11E.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-08-01 12:24
==================== End Of Log ============================ --- --- --- |