Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 18.09.2014
Suchlauf-Zeit: 17:15:10
Logdatei: mbame.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.09.18.04
Rootkit Datenbank: v2014.09.18.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: usche
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 349559
Verstrichene Zeit: 18 Min, 17 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 2
PUP.Optional.Babylon.A, HKU\S-1-5-21-3842263682-3274598964-2826866350-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}, In Quarantäne, [c359a7488deebe788531ee99f50da45c],
PUP.Optional.DataMangr.A, HKLM\SOFTWARE\WOW6432NODE\DataMngr, In Quarantäne, [fb2117d844376fc732164dcda75c53ad],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 1
PUP.Optional.Updater.A, C:\Users\usche\AppData\Roaming\DSite\UpdateProc, In Quarantäne, [839923cc84f7d66073d9b9399f6355ab],
Dateien: 22
PUP.Optional.Updater.A, C:\Users\usche\AppData\Roaming\DSite\UpdateProc\config.dat, In Quarantäne, [839923cc84f7d66073d9b9399f6355ab],
PUP.Optional.Updater.A, C:\Users\usche\AppData\Roaming\DSite\UpdateProc\TTL.DAT, In Quarantäne, [839923cc84f7d66073d9b9399f6355ab],
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.admin", false);), Ersetzt,[57c5cd222655043277c8dd545fa63cc4]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.aflt", "babsst");), Ersetzt,[c3599b54dd9e4cea8bb4d45df01549b7]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");), Ersetzt,[ca5235baf883171fc57aa091bd489a66]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.autoRvrt", "false");), Ersetzt,[27f5e20d8fec7cba2c13f041e322a759]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.dfltLng", "en");), Ersetzt,[4fcd826d28531f17261967caed18f60a]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.excTlbr", false);), Ersetzt,[68b4a847c0bbc1755fe09a975fa62fd1]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.ffxUnstlRst", true);), Ersetzt,[8b916d82423989ad013e79b825e0f50b]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.id", "3c32bfc2000000000000701a04ad7fd4");), Ersetzt,[31eb9a5536450f273c0335fc8a7b18e8]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlDay", "15818");), Ersetzt,[95873eb1c8b3ea4cc679a091996ccc34]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.instlRef", "sst");), Ersetzt,[46d6ac43d9a2d75f132c11208a7bf010]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.newTab", false);), Ersetzt,[cf4d17d82e4dab8be85765cc8283916f]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prdct", "delta");), Ersetzt,[0418f5fac8b3e05617285bd61aeb1ce4]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.prtnrId", "delta");), Ersetzt,[25f7f7f8ff7cc96dbf80d95838cdb848]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.rvrt", "false");), Ersetzt,[a17bd7184932a1955be4f73afd0851af]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.smplGrp", "none");), Ersetzt,[1dff599696e53bfb45fa72bfd82d9967]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrId", "base");), Ersetzt,[4fcd9758abd0de584af591a047bea060]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.tlbrSrchUrl", "");), Ersetzt,[1efec42b95e6b581ee512e03d43148b8]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsn", "1.8.16.16");), Ersetzt,[79a3b43b1e5dea4c0a35f839d3327090]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsnTs", "1.8.16.1617:39:47");), Ersetzt,[c5574ca3354674c2b788b77a778e639d]
PUP.Optional.Delta.A, C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.delta.vrsni", "1.8.16.16");), Ersetzt,[8d8f648b6714eb4bbf80b879a85dd030]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.310 - Bericht erstellt am 18/09/2014 um 18:14:17
# Aktualisiert 12/09/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : usche - USCHE-PC
# Gestartet von : C:\Users\usche\Downloads\adwcleaner_3.310.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\simplitec
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\simplitec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip Malware Protector
Ordner Gelöscht : C:\Program Files (x86)\simplitec
Ordner Gelöscht : C:\Program Files (x86)\WinZip Malware Protector
Ordner Gelöscht : C:\Users\usche\Qtrax
Ordner Gelöscht : C:\Users\usche\AppData\Local\Systweak
Ordner Gelöscht : C:\Users\usche\AppData\Local\Temp\mt_ffx
Ordner Gelöscht : C:\Users\usche\AppData\LocalLow\HPAppData
Ordner Gelöscht : C:\Users\usche\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\usche\AppData\Roaming\DSite
Ordner Gelöscht : C:\Users\usche\AppData\Roaming\simplitec
Datei Gelöscht : C:\Users\Public\Desktop\simplicheck.lnk
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\simplicheck.lnk
Datei Gelöscht : C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\bProtector_extensions.rdf
Datei Gelöscht : C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\invalidprefs.js
Datei Gelöscht : C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\user.js
***** [ Tasks ] *****
Task Gelöscht : DSite
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_eclipsecrossword_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_eclipsecrossword_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_malwarebytes-anti-malware_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\simplitec
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\499E8534DA7E759419D2048CB780D3D5
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5DCE3C04E576AD15F972B67D0725120C
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\62255E52F19EC97429A42D59D49024FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\930D9472A978D7A4EB16BF4DECB173B7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AEB93799E8B47D14CA356E4343D632A4
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE7C2A75DF08824E9CEFDE20F655BD9
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17280
-\\ Mozilla Firefox v32.0.1 (x86 de)
[ Datei : C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.id", "3c32bfc2000000000000701a04ad7fd4");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15818");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.16.1617:39:47");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{BBDA0591-3099-440a-AA10-41764D9DB4DB}:3.0,smartwebprinting@hp.com:4.5,ffxtlbr@babylon.com:1.1.3,{23fcfd51-4958-4f00[...]
Zeile gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
*************************
AdwCleaner[R0].txt - [7104 octets] - [18/09/2014 18:13:08]
AdwCleaner[S0].txt - [6879 octets] - [18/09/2014 18:14:17]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6939 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.6 (09.18.2014:1)
OS: Windows 7 Home Premium x64
Ran by usche on 18.09.2014 at 18:30:27.61
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3842263682-3274598964-2826866350-1001\Software\sweetim
~~~ Files
Successfully deleted: [File] "C:\Users\usche\appdata\locallow\microsoft\silverlight\outofbrowser\index\portal.qtrax.com"
~~~ Folders
Successfully deleted: [Folder] "C:\Users\usche\music\qtrax media library"
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{02F8EB90-81D1-43A1-B9BA-19A224C32B20}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{06544868-A681-4363-8392-7773EEAC9024}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{09F280D2-E6E6-492A-A2D5-49B8765513CC}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{0D9783F9-C87C-4D3E-8EE7-3A498E85C5E7}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{0FEAB453-F207-4D67-96AC-F23F42283E85}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{1390512E-D9FF-450F-9882-C06AABF8DA42}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{14C938FC-013A-499E-917D-DEB64111B416}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{17A7FFFF-EE20-455D-92A7-86F55C8DA342}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{1A4BC8B3-325D-42E9-A0BB-6D8721EB6205}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{1BBE232B-AEF9-41CB-BA72-5A9FAA6F5A5B}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{1DED39A4-02D7-49C9-9746-F7E21ECEF5EC}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{1EFBFA46-FFFC-4650-84F8-C0340C40DD29}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{20E83C88-3D4A-49BE-9762-3489031CD84F}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{247C47F3-FC82-4B27-AC9C-63BCAFDCEABB}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{269C6011-162B-43EF-B22C-369902F8E745}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{321C8E44-AC87-4E1C-9360-86277AAEB6F9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{37FBCAD5-4C77-464D-B69C-EAE3A633EADB}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{3A91D98F-81DC-4451-ABD5-09427B36E6F8}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{3B71C8F9-1D11-4DC0-83F5-FC1FED0FBCF9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{3B7D4484-6FAA-480C-A840-F913AC884EBE}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{42403563-13E1-4590-B3A1-20AB68CED3CB}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{44DE23A0-8274-4F38-B576-FE5338AEBFBB}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{44F0048C-6A97-481C-B77D-8120F4956EA6}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{45EAFF3F-5034-4334-81F8-D85304D813A4}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{47329B5A-16EB-43C7-92B5-54F3D61FBD86}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{47644D81-3FD9-43EA-AD63-CD771BDA7C6A}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{483D8FD5-0C4A-4788-8704-CCED1F71A4F6}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{4BAA06BF-4126-4B35-97B6-80FA0907A4AE}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{4BEFB5D1-D33A-4660-8E22-4DDD6C077AC9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{4D97990D-106C-41C7-B51D-EC0AFDBEB901}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{50F43CB5-D6D0-4E04-ACFA-067D271F5842}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{54C04558-4A1B-4669-B49E-A5A557C9620D}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{54EC30EC-E79C-471E-8EF9-2FE16AAD6420}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{57997DE3-1F5D-4103-B6E9-E0C059A00EF1}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{57BFBAE4-6B75-4C8E-9609-1E7DD4BEF9E8}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{5EA07607-DD14-433F-A540-20ABA5572120}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{60A12426-C5C0-484D-87A6-2DB720E4C861}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{64E86B28-42A2-4C60-B399-0827A93F3029}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{653DB908-E2B4-4A0D-A033-7E44B00319D0}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{6669A8ED-3DF1-4421-AEB0-48663E5A30C2}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{66779312-4421-4A68-A2D2-D88CD0AA790B}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{67D8A794-0140-4EF1-87FF-7E15AC5AA7BC}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{6835C1E4-E762-488B-A2CA-81DB709B7600}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{6936DE19-8607-4F63-9410-CDD54ACFD8A4}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{6A3BE9A4-3501-41A3-BDE8-03C60ECE5E06}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7104B1AF-4B13-4B40-9C3E-FCF64414843A}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{71F23484-BF85-46D0-A991-80D3066BCE61}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{747816CC-16A8-4661-B06E-9C51DAAFE430}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{74AB8E73-4623-4E5F-8121-E6D5B437A002}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{750C0379-F777-4038-9285-8D57DC18E55E}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{76191CA2-5E4D-4732-8590-2E0C208E9C77}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{76AB68DB-5450-4B08-AD6D-0115ACC551E7}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7A2B7C50-65C3-4573-BD49-593FA91AD819}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7CC4F78D-C9DB-42EF-B319-48A1EB3768DA}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7D100E06-7E8E-47C2-B6C9-5E534DC8D3EA}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7E1713AB-9A13-49CF-B8EC-D1E107270BC4}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7F1ACC8F-1155-461C-B2B7-4CBDF28D7079}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{7F85F342-B957-4C39-96CB-1F471B3C6C5B}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{81471E83-1387-4391-B7FC-16800D11FC83}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{820640DE-D02C-4082-8F5E-FBFC930A6140}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{861EA8C6-E62E-435E-9BD1-12E37484B45C}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{86A2770B-33FB-437A-882E-11A98E0961CE}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{88460D37-F58E-491A-A206-B9C95C266DD8}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{89844253-2589-486A-8247-AA65DB04F9B1}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{8AA4F03D-3989-4445-9ECE-8D58D676A9D4}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{8B8B0196-3CF9-41BF-B53A-31298A0D0540}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{8C00A592-4CAA-4846-A636-79FB063EEE52}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{8C695493-0F0F-4FCC-BACC-B2C202AB6DA2}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{8EAF23D7-934A-4DC7-AF79-BCDB5A0F7430}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{907E55E1-CF05-4F81-A496-091D4AB48295}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{91B55A59-3A52-4671-B35E-E498B01C6540}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{91DCE5C2-A157-48D5-AA69-CB94D501B0E4}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{92720506-CF04-4DC8-87A3-1B1021FE639F}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{949984AD-1DEB-4589-9321-58679BCEF393}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{94E8963C-635D-4229-8AEA-C5F07D5CFB9B}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{971DF21C-C3FD-4728-BD8D-14085692F74D}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{980DF8AD-FF92-4C37-A90E-EFFB26534F4D}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{9A785213-EE5A-4935-9451-018BEADE2CCE}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{9DFE5FBB-85E5-4A8B-82B5-8034C89DC7DC}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{9E0D1088-0D35-4F8B-8320-95812122EE98}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{A4BF6BBD-F414-4688-92EC-8A6149132CD1}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{AAF5E70B-18A0-494E-88AC-DF7A07CE6F0E}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{ADAC9703-D7C5-499F-A352-E36DE098BABD}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{B15D6DD3-5558-42E3-AFDB-F9BBBCE3F7FD}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{BBD94751-806D-408E-AE58-41D0B05D8AD3}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{C0C5900D-6555-4A23-9FDD-0B1C2E2CDB19}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{C27C5BF4-DBE0-44A2-9198-2456D835C8B9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{C467AB83-82F4-4856-B2A8-959617E6F620}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{C470AEA5-DB2A-424D-8D60-15F055CE0DF9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{C96A788A-EC59-4C15-BEC5-E8833A2E67C3}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{CA1169B2-B684-4183-AD28-FE44C6FDDA7E}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{CAC316B6-EB15-4030-9824-1332FBB8F384}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{CB8B2BE2-697A-472D-9C6F-8DBF52E32DE7}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{CE2E0290-DBBA-4518-B9C2-73E1642B3631}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{CEA2AEF9-294F-46AA-B641-385DAF1C4B00}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{D2291A73-CAE1-4D4D-B628-E8E1193A0420}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{D5A848B0-9CF0-48FB-87E6-642C0921CA77}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{D7A93B92-9F33-41DD-9115-528F15A69DF8}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{DB763637-4130-47C1-AEED-419109CC92F9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{DEB2CDD4-4F7E-44E1-AB68-BEB2E301A373}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{E112E72D-2885-44D0-ACD8-028CF6D85C2C}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{ECA7AACE-A292-467C-913B-B8D7E0DC8DF4}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{F133C1E3-5D95-4207-BDDC-A89085217895}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{F291FB78-2258-4D71-8E75-C30C7E7561C2}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{F3C08D63-BE1E-444E-8AA9-73F3110BB42A}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{F73A2D2B-FD0B-493B-8ECB-98144D64C8E9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{F8986AEE-14E6-41FF-BE9C-CB4F249AAD13}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{FA93157A-CF78-4DA5-9E38-5558BAEDC7B9}
Successfully deleted: [Empty Folder] C:\Users\usche\appdata\local\{FF27319D-EF4E-4C17-A724-4717027B9D66}
~~~ FireFox
Emptied folder: C:\Users\usche\AppData\Roaming\mozilla\firefox\profiles\e40hyr28.default\minidumps [4914 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.09.2014 at 18:36:37.92
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by usche (administrator) on USCHE-PC on 18-09-2014 18:43:42
Running from C:\Users\usche\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
() C:\Program Files (x86)\Greenshot\Greenshot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Easybits) C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\hp\Digital Imaging\bin\hpqgpc01.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\HPHC_Service.exe
(Thisisu) C:\Users\usche\Desktop\JRT_NEW.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [PC-Doctor for Windows localizer] => C:\Program Files\PC-Doctor for Windows\localizer.exe [95728 2009-09-17] (PC-Doctor, Inc.)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Easybits Recovery] => C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [60464 2009-09-02] (EasyBits Software AS)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [Magic Desktop for HP notification] => C:\ProgramData\Easybits Magic Desktop for HP\mdhpSUN.exe [1258504 2013-12-28] (Easybits)
HKU\.DEFAULT\...\Run: [AviraSpeedup] => "C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe" -autorun
HKU\S-1-5-21-3842263682-3274598964-2826866350-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842263682-3274598964-2826866350-1001\...\Run: [Greenshot] => C:\Program Files (x86)\Greenshot\Greenshot.exe [540672 2010-07-01] ()
HKU\S-1-5-21-3842263682-3274598964-2826866350-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3842263682-3274598964-2826866350-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-21-3842263682-3274598964-2826866350-1001\...\Policies\system: [DisableChangePassword] 0
IFEO\ezsecshield.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpqdirec.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpqwrg.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hptcs.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\hpwucli.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\onplay.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\provider.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\skype.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
IFEO\teamviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2014\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bluewin.ch/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKCU - {C7D69E10-6CCC-4959-AFEF-EEDE56D0A4CD} URL = hxxp://www.google.de/search?q={searchTerms}
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {19F54E13-741B-423C-AB48-FD8C43BE2E46} - No File
DPF: HKLM-x32 {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: HKLM-x32 {9191F686-7F0A-441D-8A98-2FE3AC1BD913} hxxp://acs.pandasoftware.com/activescan/cabs/as2stubie.cab
DPF: HKLM-x32 {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
DPF: HKLM-x32 {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} hxxp://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52272 2009-12-29] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @pandasecurity.com/activescan -> C:\Program Files (x86)\Panda Security\ActiveScan 2.0\npwrapper.dll (Panda Security, S.L.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\Extensions\abs@avira.com [2014-09-13]
FF Extension: FoxTrick - C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\Extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba} [2014-08-13]
FF Extension: Test Pilot - C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\Extensions\testpilot@labs.mozilla.com.xpi [2011-11-10]
FF Extension: Adblock Plus - C:\Users\usche\AppData\Roaming\Mozilla\Firefox\Profiles\e40hyr28.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-12-23]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010-03-13]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-04-06]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-04-06]
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\usche\AppData\Local\Temp\tbch.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 ezSharedSvc; C:\Windows\SysWOW64\ezsvc7.dll [129584 2009-02-22] (EasyBits Sofware AS) [File not signed]
R2 HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [125440 2009-09-24] (Hewlett-Packard) [File not signed]
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [248832 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 LightScribeService; c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R1 81215181; C:\Windows\System32\DRIVERS\81215181.sys [157712 2009-09-25] (Kaspersky Lab)
R0 81215182; C:\Windows\System32\DRIVERS\81215182.sys [40464 2009-10-22] (Kaspersky Lab)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
U3 Exfvcpsmv; C:\Windows\system32\drivers\wimmount.sys [22096 2009-07-14] (Microsoft Corporation)
U3 Exfvcpsmv; C:\Windows\SysWOW64\drivers\wimmount.sys [19008 2009-07-14] (Microsoft Corporation)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-01-24] (CSR plc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 pavboot; C:\Windows\System32\drivers\pavboot64.sys [33800 2009-06-30] (Panda Security, S.L.)
S0 PxHelp20; C:\Windows\SysWOW64\DRIVERS\PxHelp20.sys [17136 2003-06-07] (Sonic Solutions) [File not signed]
S3 s217bus; C:\Windows\System32\DRIVERS\s217bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s217mdfl; C:\Windows\System32\DRIVERS\s217mdfl.sys [19496 2007-11-02] (MCCI Corporation)
S3 s217mdm; C:\Windows\System32\DRIVERS\s217mdm.sys [145448 2007-11-02] (MCCI Corporation)
S3 s217nd5; C:\Windows\System32\DRIVERS\s217nd5.sys [33832 2007-11-02] (MCCI Corporation)
S3 s217obex; C:\Windows\System32\DRIVERS\s217obex.sys [124968 2007-11-02] (MCCI Corporation)
S3 s217unic; C:\Windows\System32\DRIVERS\s217unic.sys [138792 2007-11-02] (MCCI)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2013-08-21] (TuneUp Software)
S3 USBTINSP; C:\Windows\System32\DRIVERS\tinspusb.sys [142848 2012-06-11] (Texas Instruments)
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-18 18:36 - 2014-09-18 18:36 - 00012805 _____ () C:\Users\usche\Desktop\JRT.txt
2014-09-18 18:30 - 2014-09-18 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 18:26 - 2014-09-18 18:26 - 01016035 _____ (Thisisu) C:\Users\usche\Downloads\JRT_6.1.5(1).exe
2014-09-18 18:22 - 2014-09-18 08:56 - 01016830 _____ (Thisisu) C:\Users\usche\Desktop\JRT_NEW.exe
2014-09-18 18:21 - 2014-09-18 18:21 - 01016035 _____ (Thisisu) C:\Users\usche\Downloads\JRT_6.1.5.exe
2014-09-18 18:13 - 2014-09-18 18:14 - 00000000 ____D () C:\AdwCleaner
2014-09-18 18:12 - 2014-09-18 18:12 - 01373475 _____ () C:\Users\usche\Downloads\adwcleaner_3.310.exe
2014-09-18 17:40 - 2014-09-18 17:40 - 00006265 _____ () C:\Users\usche\Desktop\mbame.txt
2014-09-18 17:39 - 2014-09-18 17:39 - 00006264 _____ () C:\Users\usche\Desktop\mbam.txt
2014-09-18 17:12 - 2014-09-18 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\usche\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-16 20:29 - 2014-09-17 08:53 - 00059391 _____ () C:\Users\usche\Downloads\Addition.txt
2014-09-16 20:27 - 2014-09-18 18:43 - 00018321 _____ () C:\Users\usche\Downloads\FRST.txt
2014-09-16 20:26 - 2014-09-18 18:43 - 00000000 ____D () C:\FRST
2014-09-16 20:25 - 2014-09-16 20:25 - 02105856 _____ (Farbar) C:\Users\usche\Downloads\FRST64.exe
2014-09-13 21:10 - 2014-09-13 21:11 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 03:34 - 2014-08-19 20:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:34 - 2014-08-19 19:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:34 - 2014-08-19 00:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:34 - 2014-08-19 00:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:34 - 2014-08-19 00:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:34 - 2014-08-19 00:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:34 - 2014-08-19 00:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:34 - 2014-08-19 00:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:34 - 2014-08-19 00:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:34 - 2014-08-19 00:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:34 - 2014-08-19 00:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:34 - 2014-08-19 00:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:34 - 2014-08-18 23:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:34 - 2014-08-18 23:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:34 - 2014-08-18 23:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:34 - 2014-08-18 23:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:34 - 2014-08-18 23:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:34 - 2014-08-18 23:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:34 - 2014-08-18 23:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:34 - 2014-08-18 23:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:34 - 2014-08-18 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:34 - 2014-08-18 23:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:34 - 2014-08-18 23:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:34 - 2014-08-18 23:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:34 - 2014-08-18 23:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:34 - 2014-08-18 23:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:34 - 2014-08-18 23:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:34 - 2014-08-18 23:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:34 - 2014-08-18 23:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:34 - 2014-08-18 23:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:34 - 2014-08-18 23:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:34 - 2014-08-18 23:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:34 - 2014-08-18 23:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:34 - 2014-08-18 23:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:33 - 2014-08-19 01:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:33 - 2014-08-19 00:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:33 - 2014-08-19 00:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:33 - 2014-08-19 00:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:33 - 2014-08-19 00:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:33 - 2014-08-19 00:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:33 - 2014-08-19 00:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:33 - 2014-08-18 23:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:33 - 2014-08-18 23:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:33 - 2014-08-18 23:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:33 - 2014-08-18 23:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:33 - 2014-08-18 23:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:33 - 2014-08-18 23:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:33 - 2014-08-18 23:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:33 - 2014-08-18 23:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:33 - 2014-08-18 23:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:33 - 2014-08-18 23:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:33 - 2014-08-18 22:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:33 - 2014-08-18 22:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:33 - 2014-08-18 22:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:33 - 2014-08-18 22:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:33 - 2014-08-18 22:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:02 - 2014-06-27 04:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:02 - 2014-06-27 03:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 09:14 - 2014-08-01 13:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:14 - 2014-08-01 13:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:14 - 2014-06-24 05:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:14 - 2014-06-24 04:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 09:13 - 2014-09-05 04:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-10 09:13 - 2014-09-05 04:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-10 09:13 - 2014-07-07 04:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:13 - 2014-07-07 04:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:13 - 2014-07-07 03:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:13 - 2014-07-07 03:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:13 - 2014-07-07 03:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-08-29 12:21 - 2014-08-29 12:21 - 13849784 _____ (Microsoft Corporation) C:\Users\usche\Downloads\mseinstall.exe
2014-08-29 11:32 - 2014-09-18 07:50 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-08-29 11:31 - 2014-08-29 11:31 - 04892480 _____ (WinZip International LLC ) C:\Users\usche\Downloads\wzmp_8.exe
2014-08-29 11:31 - 2014-08-29 11:31 - 00001195 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-29 11:31 - 2014-08-29 11:31 - 00000000 ____D () C:\Users\usche\AppData\Roaming\Nico Mak Computing
2014-08-29 11:31 - 2014-08-29 11:31 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-29 11:31 - 2013-03-15 17:10 - 00020480 _____ () C:\Windows\system32\wsusnative64.exe
2014-08-28 07:40 - 2014-08-23 04:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 07:40 - 2014-08-23 03:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 07:40 - 2014-08-23 02:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-25 08:31 - 2014-08-25 08:31 - 00176134 _____ () C:\Users\usche\Documents\Offerte_Wyhus.xlsx
2014-08-21 10:13 - 2014-08-21 10:13 - 00000000 ____D () C:\Users\usche\AppData\Local\Adobe
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-09-18 18:44 - 2014-09-16 20:27 - 00018321 _____ () C:\Users\usche\Downloads\FRST.txt
2014-09-18 18:43 - 2014-09-16 20:26 - 00000000 ____D () C:\FRST
2014-09-18 18:36 - 2014-09-18 18:36 - 00012805 _____ () C:\Users\usche\Desktop\JRT.txt
2014-09-18 18:30 - 2014-09-18 18:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-18 18:26 - 2014-09-18 18:26 - 01016035 _____ (Thisisu) C:\Users\usche\Downloads\JRT_6.1.5(1).exe
2014-09-18 18:25 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 18:25 - 2009-07-14 06:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 18:21 - 2014-09-18 18:21 - 01016035 _____ (Thisisu) C:\Users\usche\Downloads\JRT_6.1.5.exe
2014-09-18 18:21 - 2010-01-04 11:14 - 02056024 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 18:17 - 2013-02-20 01:26 - 00703296 _____ () C:\Windows\PFRO.log
2014-09-18 18:17 - 2013-02-20 01:26 - 00030943 _____ () C:\Windows\setupact.log
2014-09-18 18:17 - 2012-10-18 13:30 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 18:17 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 18:14 - 2014-09-18 18:13 - 00000000 ____D () C:\AdwCleaner
2014-09-18 18:14 - 2010-03-12 19:10 - 00000000 ____D () C:\Users\usche
2014-09-18 18:12 - 2014-09-18 18:12 - 01373475 _____ () C:\Users\usche\Downloads\adwcleaner_3.310.exe
2014-09-18 17:59 - 2014-06-09 21:37 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-18 17:52 - 2012-10-18 13:30 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 17:40 - 2014-09-18 17:40 - 00006265 _____ () C:\Users\usche\Desktop\mbame.txt
2014-09-18 17:39 - 2014-09-18 17:39 - 00006264 _____ () C:\Users\usche\Desktop\mbam.txt
2014-09-18 17:14 - 2014-05-01 09:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-18 17:14 - 2014-05-01 09:00 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-18 17:14 - 2014-05-01 09:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-18 17:14 - 2014-05-01 09:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-18 17:12 - 2014-09-18 17:12 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\usche\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-18 08:56 - 2014-09-18 18:22 - 01016830 _____ (Thisisu) C:\Users\usche\Desktop\JRT_NEW.exe
2014-09-18 07:50 - 2014-08-29 11:32 - 00003116 _____ () C:\Windows\System32\Tasks\WinZip Malware Protector_startup
2014-09-18 07:48 - 2013-02-19 18:37 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-17 08:53 - 2014-09-16 20:29 - 00059391 _____ () C:\Users\usche\Downloads\Addition.txt
2014-09-16 20:25 - 2014-09-16 20:25 - 02105856 _____ (Farbar) C:\Users\usche\Downloads\FRST64.exe
2014-09-15 03:11 - 2010-03-12 21:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-15 03:06 - 2013-04-23 17:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-15 03:00 - 2010-05-03 10:11 - 00000000 ____D () C:\Users\usche\AppData\Local\CrashDumps
2014-09-13 21:11 - 2014-09-13 21:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-13 16:21 - 2010-03-13 10:24 - 00000000 ____D () C:\Program Files (x86)\Macromedia
2014-09-13 16:13 - 2010-12-06 19:11 - 00000000 ____D () C:\Games
2014-09-13 13:07 - 2010-07-26 11:40 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-13 13:07 - 2010-05-16 12:26 - 00000000 ____D () C:\Program Files (x86)\UltraVNC
2014-09-13 13:06 - 2014-08-14 16:19 - 00000000 ____D () C:\Users\usche\AppData\Local\Ubisoft Game Launcher
2014-09-13 13:05 - 2011-12-13 20:25 - 00000000 ____D () C:\Users\usche\AppData\Roaming\Dropbox
2014-09-13 12:58 - 2012-06-30 17:54 - 00000000 ___RD () C:\Users\usche\Dropbox
2014-09-11 13:29 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 03:30 - 2012-12-29 00:01 - 01604848 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:30 - 2009-12-29 09:37 - 00703708 _____ () C:\Windows\system32\perfh007.dat
2014-09-11 03:30 - 2009-12-29 09:37 - 00151348 _____ () C:\Windows\system32\perfc007.dat
2014-09-11 03:29 - 2009-07-14 07:13 - 01604848 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 03:28 - 2013-02-25 19:44 - 00002119 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-09-11 03:28 - 2013-02-25 19:44 - 00001912 _____ () C:\Windows\epplauncher.mif
2014-09-11 03:27 - 2013-02-25 19:44 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-09-11 03:27 - 2013-02-25 19:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-09-11 03:21 - 2013-08-15 22:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:07 - 2011-11-11 10:11 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 03:01 - 2014-05-07 03:01 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-10 11:56 - 2014-06-09 21:37 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-10 11:56 - 2014-04-30 23:19 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:56 - 2014-04-30 23:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-05 04:10 - 2014-09-10 09:13 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-05 04:05 - 2014-09-10 09:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-29 12:21 - 2014-08-29 12:21 - 13849784 _____ (Microsoft Corporation) C:\Users\usche\Downloads\mseinstall.exe
2014-08-29 11:31 - 2014-08-29 11:31 - 04892480 _____ (WinZip International LLC ) C:\Users\usche\Downloads\wzmp_8.exe
2014-08-29 11:31 - 2014-08-29 11:31 - 00001195 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-08-29 11:31 - 2014-08-29 11:31 - 00000000 ____D () C:\Users\usche\AppData\Roaming\Nico Mak Computing
2014-08-29 11:31 - 2014-08-29 11:31 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-08-29 03:24 - 2009-07-14 06:45 - 00475632 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-27 12:46 - 2012-10-18 13:30 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-27 12:46 - 2010-07-15 10:15 - 00000000 ____D () C:\Users\usche\AppData\Local\Google
2014-08-26 11:33 - 2014-08-05 11:21 - 00011848 _____ () C:\Users\usche\Documents\Videodreh Stundenberechnung.xlsx
2014-08-25 08:31 - 2014-08-25 08:31 - 00176134 _____ () C:\Users\usche\Documents\Offerte_Wyhus.xlsx
2014-08-23 04:07 - 2014-08-28 07:40 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 03:45 - 2014-08-28 07:40 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 02:59 - 2014-08-28 07:40 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-21 10:13 - 2014-08-21 10:13 - 00000000 ____D () C:\Users\usche\AppData\Local\Adobe
2014-08-21 09:04 - 2014-03-25 19:07 - 00000000 ____D () C:\Users\usche\AppData\Local\PokerStars
2014-08-21 09:04 - 2014-03-25 19:07 - 00000000 ____D () C:\Program Files (x86)\PokerStars
2014-08-19 20:05 - 2014-09-11 03:34 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-19 19:39 - 2014-09-11 03:34 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 01:01 - 2014-09-11 03:33 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 00:29 - 2014-09-11 03:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 00:29 - 2014-09-11 03:34 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 00:26 - 2014-09-11 03:33 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 00:20 - 2014-09-11 03:33 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 00:19 - 2014-09-11 03:33 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 00:15 - 2014-09-11 03:34 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 00:15 - 2014-09-11 03:34 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 00:14 - 2014-09-11 03:34 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 00:14 - 2014-09-11 03:33 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 00:08 - 2014-09-11 03:34 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 00:08 - 2014-09-11 03:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 00:08 - 2014-09-11 03:33 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 00:05 - 2014-09-11 03:34 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 00:03 - 2014-09-11 03:34 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 00:03 - 2014-09-11 03:34 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 00:03 - 2014-09-11 03:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
Some content of TEMP:
====================
C:\Users\usche\AppData\Local\Temp\avgnt.exe
C:\Users\usche\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-09-16 15:49
==================== End Of Log ============================ --- --- --- |