hallo,
hier wie gewünscht:
mbam: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 13.11.2014
Suchlauf-Zeit: 18:57:54
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.3.1025
Malware Datenbank: v2014.11.14.06
Rootkit Datenbank: v2014.11.12.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Konstantin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 392355
Verstrichene Zeit: 11 Min, 55 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Warnen
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente erkannt)
Module: 0
(Keine schädliche Elemente erkannt)
Registrierungsschlüssel: 11
PUP.Optional.Snapdo.T, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Löschen bei Neustart, [56581823c2ba69cd039b9a59d0329868],
PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, In Quarantäne, [56581823c2ba69cd039b9a59d0329868],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, In Quarantäne, [09a5ec4f82fac4726483b9d83ec634cc],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\supWPM, In Quarantäne, [7a349e9d1765bd79851d8eb2a2618977],
PUP.Optional.uTorrentTB.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, In Quarantäne, [931bbb80a0dcff37df225807ef1403fd],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT, In Quarantäne, [4866fe3df587c47251a5ba92d52ec13f],
PUP.Optional.V9.A, HKLM\SOFTWARE\WOW6432NODE\V9SOFTWARE\v9hp, In Quarantäne, [cce2b08b4d2f7abcf47c0369e91ad22e],
PUP.Optional.PriceGong.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, Löschen bei Neustart, [c9e5a8933b41ae880de571c12ed5de22],
PUP.Optional.DVDVideoSoftTB.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\nikpibnbobmbdbheedjfogjlikpgpnhp, Löschen bei Neustart, [bbf312297dffd561c843f84449bae818],
PUP.Optional.uTorrentTB.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pacgpkgadgmibnhpdidcnfafllnmeomc, Löschen bei Neustart, [8727e3585b21a98d0000ef7012f1f60a],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Löschen bei Neustart, [c2ecb388a7d566d01847d9868d76b44c],
Registrierungswerte: 3
PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [6945db604537b77f350e201f000342be]
PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, In Quarantäne, [cce23308c1bb45f166dd59e682814fb1]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\SEARCHPROTECT|InstallDir, C:\PROGRA~2\SearchProtect, In Quarantäne, [4866fe3df587c47251a5ba92d52ec13f]
Registrierungsdaten: 6
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Schlecht: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Ersetzt,[f4ba93a83b4158de26f9a1a7c3427987]
PUP.Optional.FaceMoods.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4, Gut: (www.google.com), Schlecht: (hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4),Ersetzt,[afffbc7fe8944cea4d8fb593bd4805fb]
PUP.Optional.HelperBar.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000),Ersetzt,[fcb2ae8de89490a61f2a90ae19ec6b95]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000),Löschen bei Neustart,[426ca497f389db5bf05e7ac459ac42be]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000),Löschen bei Neustart,[911d85b6c8b43402fb54cf6f0104b848]
PUP.Optional.HelperBar.A, HKU\S-1-5-21-2957903418-2105866368-1821185185-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000, Gut: (www.google.com), Schlecht: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=03/02/2014&type=hp1000),Löschen bei Neustart,[06a862d992eac76f6ddd73cbfc0958a8]
Ordner: 14
PUP.Optional.OpenCandy, C:\Users\Konstantin\AppData\Roaming\OpenCandy, In Quarantäne, [9e107ebdf4882c0a993fad56d92ac937],
PUP.Optional.OpenCandy, C:\Users\Konstantin\AppData\Roaming\OpenCandy\060E875FD4BD426F920F14135A4F4EA3, In Quarantäne, [9e107ebdf4882c0a993fad56d92ac937],
PUP.Optional.OpenCandy, C:\Users\Konstantin\AppData\Roaming\OpenCandy\AD429D76925D4081ACB8287E2E70BEEA, In Quarantäne, [9e107ebdf4882c0a993fad56d92ac937],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.FaceMoods.A, C:\Users\Konstantin\AppData\LocalLow\facemoods.com, In Quarantäne, [e2ccea51aad2251143a533d71be8669a],
PUP.Optional.FaceMoods.A, C:\Users\Konstantin\AppData\LocalLow\facemoods.com\facemoods, In Quarantäne, [e2ccea51aad2251143a533d71be8669a],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\Logs, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\SearchProtect, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\SearchProtect\Logs, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\SearchProtect\rep, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\UI, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\UI\rep, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
Dateien: 61
PUP.Optional.Linkury.A, C:\Users\Konstantin\AppData\Roaming\OpenCandy\060E875FD4BD426F920F14135A4F4EA3\Installer.exe, In Quarantäne, [ab03b487681489ad5cb9ed0e2bd97c84],
Spyware.Passwords.ED, C:\Windows\Installer\{B6A81E8B-C443-47F8-8B5F-8B460EF5F485}\api-ms-win-system-imgutil-l1-1-0.dll, In Quarantäne, [f3bba992166680b6d35f379cb64ba55b],
PUP.Optional.WebSearch.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\searchplugins\Web Search.xml, In Quarantäne, [88265ae1f5876dc9eb7074f224dfea16],
PUP.Optional.OpenCandy, C:\Users\Konstantin\AppData\Roaming\OpenCandy\AD429D76925D4081ACB8287E2E70BEEA\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe, In Quarantäne, [9e107ebdf4882c0a993fad56d92ac937],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\1.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\a.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\b.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\c.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\d.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\e.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\f.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\g.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\h.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\i.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\J.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\k.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\l.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\m.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\mru.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\n.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\o.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\p.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\q.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\r.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\s.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\t.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\u.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\v.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\w.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\x.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\y.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.PriceGong.A, C:\Users\Konstantin\AppData\LocalLow\PriceGong\Data\z.xml, In Quarantäne, [d9d5330846362610b59228df59aa0000],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\SearchProtect\rep\Cvc.dat, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\SearchProtect\rep\UserRepository.dat, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\SearchProtect\rep\UserSettings.dat, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.SearchProtect.A, C:\Users\Konstantin\AppData\Local\SearchProtect\UI\rep\UIRepository.dat, In Quarantäne, [e2cc66d5314b1422411bdb3e8e75db25],
PUP.Optional.HelperBar.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=ds&fr=linkury-tb&installDate=03/02/2014&type=hp1000&p=");), Ersetzt,[377760db9ce0fb3bbcd38bf30df86e92]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.BabylonToolbar.admin", false);), Ersetzt,[b3fb4bf038441f17c91009750cf9d62a]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
*
* If you mak), Ersetzt,[0ea093a81369cb6b3d9ce09e7a8b9868]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you make), Ersetzt,[238b33087c00b97d6574c0be09fcae52]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
*
* If you make), Ersetzt,[fdb156e5afcdc670ba1f394528dd17e9]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you make changes to this file whi), Ersetzt,[0ea08ead87f52e0834a5f08e60a56a96]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (his file.
*
* If you make changes to this file while ), Ersetzt,[f1bdec4fb6c68da91abffa8430d5e719]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
*
* If you make chan), Ersetzt,[8d215edd453756e015c41f5fed188080]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
*
* If you make changes to), Ersetzt,[cae45fdc8eee02342cad1d61fe07c23e]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (* Do not edit this file.
*
* If you make changes to th), Ersetzt,[98166ad166162f078257027c947146ba]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (es
/* Do not edit this file.
*
* If you make cha), Ersetzt,[1e9087b4403c62d46871c7b77590fb05]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (erences
/* Do not edit this file.
*
* If you make changes to this file while the application is), Ersetzt,[634b1724aeceb08602d74e3028dd946c]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ou make changes to this file while the application is r), Ersetzt,[3975f744d6a63600b029ccb2dc29718f]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
*
* If you make cha), Ersetzt,[f5b9bd7e89f3092d7c5d0a7423e29f61]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (nces
/* Do not edit this file.
*
* If you make ), Ersetzt,[f6b880bb2458c76fb326700e798ce11f]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ferences
/* Do not edit this file.
*
* If you make changes to this file while the ), Ersetzt,[d6d825161d5f80b63f9a1569f0155ca4]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (
*
* If you make changes to this file while the ap), Ersetzt,[842ad269502c3bfb5d7c601e26dff60a]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application ex), Ersetzt,[35794bf0324a270f3e9bcbb3e91cb050]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (he changes will be overwritten when the application exits), Ersetzt,[d5d952e9215beb4bf3e6b3cb54b1ca36]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ces
/* Do not edit this file.
*
* If you make cha), Ersetzt,[139b55e66418d462ab2e116df70e49b7]
PUP.Optional.Babylon.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (rences
/* Do not edit this file.
*
* If you make changes to th), Ersetzt,[8727c873b8c441f509d092ec07feb34d]
PUP.Optional.FaceMoods.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (user_pref("extensions.facemoods.aflt", "_#ddrnw");), Ersetzt,[426c58e3b9c3033311cefd81f90cef11]
PUP.Optional.FaceMoods.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
*
* If you ma), Ersetzt,[3777a69597e5b482e0ff700e5fa6d42c]
PUP.Optional.FaceMoods.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (ences
/* Do not edit this file.
*
* If you m), Ersetzt,[7e30b883aecea0963aa5047a2adbe11f]
PUP.Optional.Conduit.A, C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=3&q={searchTerms}");), Ersetzt,[86287ebd1d5f65d139fceb94e322a957]
Physische Sektoren: 0
(Keine schädliche Elemente erkannt)
(end)
adwcleaner: Code:
# AdwCleaner v4.101 - Bericht erstellt am 13/11/2014 um 19:23:55
# Aktualisiert 09/11/2014 von Xplode
# Database : 2014-11-13.1 [Live]
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Konstantin - KONSTANTIN-PC
# Gestartet von : C:\Users\Konstantin\Desktop\AdwCleaner_4.101.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DeviceVM
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\GreenTree Applications
Ordner Gelöscht : C:\Users\Konstantin\AppData\Local\apn
Ordner Gelöscht : C:\Users\Konstantin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Konstantin\AppData\Local\cool_mirage
Ordner Gelöscht : C:\Users\Konstantin\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Konstantin\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Konstantin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Konstantin\AppData\Roaming\DeviceVM
Ordner Gelöscht : C:\Users\Konstantin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Konstantin\AppData\Roaming\YourFileDownloader
Ordner Gelöscht : C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.com
[!] Ordner Gelöscht : C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[!] Ordner Gelöscht : C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
Datei Gelöscht : C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}.xpi
Datei Gelöscht : C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{C50CA3C4-5656-43C2-A061-13E717F73FC8}.xpi
Datei Gelöscht : C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\foxydeal.sqlite
***** [ Tasks ] *****
Task Gelöscht : Your File Updater
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{40C3CC16-7269-4B32-9531-17F2950FB06F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{542FA950-C57A-4E17-B3E1-D935DFE15DEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5B035F86-41B5-40F1-AAAD-3D219F30244E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6365AC7B-9920-4D8B-AF5D-3BDFEAC340A8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6A934270-717F-4BC3-BA59-BC9BED47A8D2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{74C012C4-00FB-4F04-9AFB-4AD5449D2018}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78888F8B-D5E4-43CE-89F5-C8C18223AF64}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{79B13431-CCAC-4097-8889-D0289E5E924F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8B8558F6-DC26-4F39-8417-34B8934AA459}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C8D5C57-3CAD-4CF9-BCAD-F873678DA883}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{981334CB-7B8B-431F-B86D-67B7426B125B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E393F82-2644-4AB6-B994-1AD39D6C59EE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A3A2A5C0-1306-4D1A-A093-9CECA4230002}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C1C2FC43-F042-4F17-AEDB-C5ABF3B42E4B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C8D424EF-CB21-49A0-8659-476FBAB0F8E8}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F7EC6286-297C-4981-9DCC-FD7F57BC24C9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\YourFileDownloader
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\adawarebp
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\V9Software
Schlüssel Gelöscht : HKLM\SOFTWARE\YourFileDownloader
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17420
-\\ Mozilla Firefox v32.0.3 (x86 de)
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultenginename", "Web Search");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultthis.engineName", "Winload Customized Web Search");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.selectedEngine", "Web Search");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("browser.uiCustomization.state", "{\"placements\":{\"PanelUI-contents\":[\"edit-controls\",\"zoom-controls\",\"new-window-button\",\"privatebrowsing-button\",\"save-page-button\",\"print-but[...]
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "9c75fa37000000000000f46d04d67a41");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15561");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480&tt=090812_bab_3212_6");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", true);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&tt=090812_bab_3212_6&babsrc=NT_ss&mntrId=9c75fa37000000000000f46d04d67a41");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.621:46:20");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.facemoods.firstRun", false);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.facemoods.lastActv", "11");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.Visibility", true);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.countryiso", "de");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.downloadprovider", "yahoooc");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.externalJsFiles", "{\"d\":\"[{\\\"ExcludeDomains\\\":[\\\"snap.do\\\",\\\"snapdo.com\\\"],\\\"hxxpInjection\\\":\\\"hxxp:\\\\\\/\\\\\\/i.linkuryjs.info\\\\\\/kury\\\\\\[...]
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installationid", "2029ea77-8fd6-82fc-9b23-b42ee2eb1e84");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.installdate", "03/02/2014");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.lastExternalJsUpdate", "1395191989366");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.publisher", "yahoooc");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.helperbar.type", "hp1000");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !important; background: url(\"I[...]
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
[gyjinz60.default\prefs.js] - Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
-\\ Google Chrome v38.0.2125.111
-\\ Chromium v
*************************
AdwCleaner[R0].txt - [13725 octets] - [13/11/2014 19:20:29]
AdwCleaner[S0].txt - [13847 octets] - [13/11/2014 19:23:55]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13908 octets] ##########
jrt: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.7 (11.08.2014:1)
OS: Windows 7 Professional x64
Ran by Konstantin on 13.11.2014 at 19:26:44,37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\Konstantin\appdata\local\cre"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Konstantin\appdata\local\{DB6C1509-B678-4B8E-8F86-A2670C141060}
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Konstantin\AppData\Roaming\mozilla\firefox\profiles\gyjinz60.default\minidumps [68 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13.11.2014 at 19:29:46,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
frst:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2014
Ran by Konstantin (administrator) on KONSTANTIN-PC on 13-11-2014 19:30:58
Running from C:\Users\Konstantin\Desktop
Loaded Profile: Konstantin (Available profiles: Konstantin)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe
() C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Ellora Assets Corp.) C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe
(Portrait Displays, Inc.) C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Akamai Technologies, Inc.) C:\Users\Konstantin\AppData\Local\Akamai\netsession_win.exe
(Razer USA Ltd.) C:\Program Files (x86)\Razer\Arctosa\razerhid.exe
() C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(BitLeader) C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
(Razer Inc.) C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
(TODO: <Company name>) C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
(Akamai Technologies, Inc.) C:\Users\Konstantin\AppData\Local\Akamai\netsession_win.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\wpCtrl.exe
() C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Floater.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [LGODDFU] => C:\Program Files (x86)\lg_fwupdate\lgfw.exe [27760 2012-07-19] (Bitleader)
HKLM-x32\...\Run: [Arctosa] => C:\Program Files (x86)\Razer\Arctosa\razerhid.exe [147456 2008-10-06] (Razer USA Ltd.)
HKLM-x32\...\Run: [DeathAdder] => C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe [248320 2011-02-19] ()
HKLM-x32\...\Run: [PivotSoftware] => C:\Program Files (x86)\Portrait Displays\Pivot Pro Plugin\Pivot_startup.exe [110192 2010-05-13] ()
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [703736 2014-10-23] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-05-20] (Razer Inc.)
HKU\S-1-5-21-2957903418-2105866368-1821185185-1000\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2009-05-05] (Acresso Corporation)
HKU\S-1-5-21-2957903418-2105866368-1821185185-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Konstantin\AppData\Local\Akamai\netsession_win.exe [4673432 2014-10-29] (Akamai Technologies, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
ProxyServer: 27.101.112.11:8080
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2957903418-2105866368-1821185185-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL =
SearchScopes: HKCU - DefaultScope {EE454960-359A-4ec8-BB11-3A00F9BCB897} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: DivX Plus Web Player HTML5 <video> -> {326E768D-4182-46FD-9C16-1449A49795F4} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: PlusIEEventHelper Class -> {551A852F-39A6-44A7-9C13-AFBEC9185A9D} -> C:\Program Files (x86)\Nuance\PDF Viewer Plus\Bin\PlusIEContextMenu.dll (Zeon Corporation)
BHO-x32: DivX HiQ -> {593DDEC6-7468-4cdd-90E1-42DADAA222E9} -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKU\S-1-5-21-2957903418-2105866368-1821185185-1000 -> No Name - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - No File
DPF: HKLM-x32 {8768D5EA-5412-4810-A032-09AD2A726C69} hxxp://bgweb.nowcdn.co.kr/Bin/DownStarter2.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
Tcpip\..\Interfaces\{BD2F1B63-60EC-4F63-A18D-8F98F94AC0EA}: [NameServer] 8.8.8.0,8.8.4.4
FireFox:
========
FF ProfilePath: C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default
FF NewTab: about:blank
FF Homepage: google.de
FF NetworkProxy: "http", "www-proxy.t-online.de"
FF NetworkProxy: "http_port", 80
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "210.101.131.232"
FF NetworkProxy: "socks_port", 8080
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.7 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.0.8 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @playstation.com/PsndlCheck,version=1.00 -> C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin-x32: @SonyCreativeSoftware.com/Media Go,version=1.0 -> C:\Program Files (x86)\Sony\Media Go\npmediago.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKU\S-1-5-21-2957903418-2105866368-1821185185-1000: @acestream.net/acestreamplugin,version=3.0.3 -> C:\Users\Konstantin\AppData\Roaming\ACEStream\player\npace_plugin.dll (Innovative Digital Technologies)
FF Plugin HKU\S-1-5-21-2957903418-2105866368-1821185185-1000: sony.com/MediaGoDetector -> C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Avira Browser Safety - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\abs@avira.com [2014-11-08]
FF Extension: Flash Video Downloader - YouTube Full HD Download - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\artur.dubovoy@gmail.com [2014-09-10]
FF Extension: AS Magic Player - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\magicplayer@acestream.org [2014-11-07]
FF Extension: Adblock Plus Pop-up Addon - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\adblockpopups@jessehakanen.net.xpi [2013-05-29]
FF Extension: Add-on Compatibility Reporter - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-10-13]
FF Extension: ProxTube - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\ich@maltegoetz.de.xpi [2014-09-13]
FF Extension: Illimitux - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\illimitux@illimitux.net.xpi [2011-10-13]
FF Extension: Telekom YouTube Turbo - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\info@maltegoetz.de.xpi [2013-05-29]
FF Extension: ProxTube - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7}.xpi [2014-09-07]
FF Extension: Fasterfox - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{c36177c0-224a-11da-8cd6-0800200c9a91}.xpi [2013-05-29]
FF Extension: Adblock Plus - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-05-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-09-27]
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011-05-26]
FF HKLM-x32\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011-05-26]
FF Extension: No Name - C:\Users\Konstantin\AppData\Roaming\Mozilla\Firefox\Profiles\gyjinz60.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi [Not Found]
Chrome:
=======
CHR HomePage: Default -> hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=2029ea77-8fd6-82fc-9b23-b42ee2eb1e84&searchtype=hp&fr=linkury-tb&installDate=03/02/2014&type=hp1000
CHR StartupUrls: Default -> "hxxp://www.google.de/"
CHR Profile: C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Duolingo) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2014-11-06]
CHR Extension: (Google Docs) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-12]
CHR Extension: (Google Drive) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-12]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-08-28]
CHR Extension: (Turn Off the Lights) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfbmjmiodbnnpllbbbfblcplfjjepjdn [2014-01-12]
CHR Extension: (YouTube) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-12]
CHR Extension: (Adblock Plus) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-01-12]
CHR Extension: (Google-Suche) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-12]
CHR Extension: (DivX HiQ) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fnjbmmemklcjgepojigaapkoodmkgbae [2014-01-12]
CHR Extension: (FVD Downloader) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp [2014-08-10]
CHR Extension: (Google Wallet) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-12]
CHR Extension: (DivX Plus Web Player HTML5 <video>) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm [2014-01-12]
CHR Extension: (Google Mail) - C:\Users\Konstantin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-12]
CHR HKLM-x32\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [ngnjhfpfhadncgafgbneeljaginimmmk] - C:\Users\KONSTA~1\AppData\Local\Temp\tbch.crx [2011-02-08]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [432888 2014-10-23] (Avira Operations GmbH & Co. KG)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
R2 ASDiskUnlocker; C:\Program Files (x86)\ASUS\Disk Unlocker\ASPFSVS64.exe [258688 2010-12-02] (ASUSTeK Computer Inc.)
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [915584 2010-12-02] ()
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [246256 2010-05-14] (CyberLink)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [121456 2010-06-30] ()
R2 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2014-09-04] (Ellora Assets Corp.) [File not signed]
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-04-22] (Hewlett-Packard Company) [File not signed]
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4023760 2010-12-01] (INCA Internet Co., Ltd.) [File not signed]
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [15129376 2013-12-10] (NVIDIA Corporation)
R2 PDFProFiltSrvPP; C:\Program Files (x86)\Nuance\PaperPort\PDFProFiltSrvPP.exe [144672 2010-03-08] (Nuance Communications, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [244904 2009-07-02] () [File not signed]
S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [183896 2013-07-08] (Sandboxie Holdings, LLC)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 1394hub; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ASFLTDrv.sys; C:\Program Files (x86)\ASUS\Disk Unlocker\ASFLTDrv64.sys [16512 2010-09-16] (ASUSTeK Computer Inc.)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
R1 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [19600 2012-08-21] (AVAST Software)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [119272 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131608 2014-10-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-01] (Avira Operations GmbH & Co. KG)
S3 Cardex; C:\Windows\SysWOW64\drivers\TBPANELX64.SYS [15648 2007-03-16] (Windows (R) Server 2003 DDK provider)
S3 CYUSB; C:\Windows\System32\Drivers\CYUSB.sys [47104 2009-08-10] (Cypress Semiconductor)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-02-03] (Disc Soft Ltd)
S3 HTCAND64; C:\Windows\System32\Drivers\ANDROIDUSB.sys [33736 2009-11-01] (HTC, Corporation) [File not signed]
S3 NPPTNT2; C:\Windows\SysWOW64\npptNT2.sys [4682 2004-12-30] (INCA Internet Co., Ltd.) [File not signed]
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-05] (NVIDIA Corporation)
R3 PdiPorts; C:\Windows\System32\DRIVERS\PdiPorts.sys [20592 2010-04-16] (Portrait Displays, Inc.)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [199384 2013-07-08] (Sandboxie Holdings, LLC)
R2 SecDrv; C:\Windows\SysWOW64\drivers\SECDRV.SYS [11376 2003-09-09] () [File not signed]
S3 TBPanel; No ImagePath
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
R1 VDiskBus; C:\Windows\System32\DRIVERS\VDiskBus64.sys [43136 2010-09-21] (ASUSTeK Computer Inc.)
S3 VLAN; C:\Windows\System32\DRIVERS\RtVLAN60.sys [29472 2010-01-14] (Windows (R) Codename Longhorn DDK provider)
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [59904 2009-07-14] (Microsoft Corporation)
S3 BRDriver64_1_3_3_E02B25FC; \??\C:\ProgramData\BitRaider\support\1.3.3\E02B25FC\BRDriver64.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 dump_wmimmc; \??\C:\Rappelz_infinite\GameGuard\dump_wmimmc.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 zlportio; \??\C:\Program Files (x86)\UltraStar\zlportio.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-13 19:29 - 2014-11-13 19:29 - 00001195 _____ () C:\Users\Konstantin\Desktop\JRT.txt
2014-11-13 19:26 - 2014-11-13 19:26 - 00014133 _____ () C:\Users\Konstantin\Desktop\AdwCleaner[S0].txt
2014-11-13 19:26 - 2014-11-13 19:26 - 00000000 ____D () C:\Windows\ERUNT
2014-11-13 19:20 - 2014-11-13 19:24 - 00000000 ____D () C:\AdwCleaner
2014-11-13 19:19 - 2014-11-13 19:19 - 00020158 _____ () C:\Users\Konstantin\Desktop\mbam.txt
2014-11-13 18:57 - 2014-11-13 19:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-13 18:56 - 2014-11-13 18:56 - 02140160 _____ () C:\Users\Konstantin\Desktop\AdwCleaner_4.101.exe
2014-11-13 18:56 - 2014-11-13 18:56 - 01706808 _____ (Thisisu) C:\Users\Konstantin\Desktop\JRT.exe
2014-11-12 20:42 - 2014-11-12 20:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-12 20:42 - 2014-11-12 20:42 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-12 20:42 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-12 20:42 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-12 20:32 - 2014-11-12 20:32 - 00031123 _____ () C:\ComboFix.txt
2014-11-12 20:10 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-12 20:10 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-12 20:10 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-12 20:10 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-12 20:10 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-12 20:10 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-12 20:10 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-12 20:10 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-12 20:08 - 2014-11-12 20:33 - 00000000 ____D () C:\Qoobox
2014-11-12 20:08 - 2014-11-12 20:32 - 00000000 ____D () C:\Windows\erdnt
2014-11-12 20:06 - 2014-11-12 20:07 - 05597734 ____R (Swearware) C:\Users\Konstantin\Desktop\ComboFix.exe
2014-11-12 20:02 - 2014-11-12 20:02 - 00001228 _____ () C:\Users\Konstantin\Desktop\Revo Uninstaller.lnk
2014-11-12 20:02 - 2014-11-12 20:02 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-11-12 20:00 - 2014-11-12 20:00 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Konstantin\Desktop\revosetup95.exe
2014-11-12 19:33 - 2014-11-12 19:33 - 00005321 _____ () C:\Users\Konstantin\Desktop\Gmer.txt
2014-11-12 19:23 - 2014-11-12 19:24 - 00049045 _____ () C:\Users\Konstantin\Desktop\Addition.txt
2014-11-12 19:10 - 2014-11-13 19:31 - 00000000 ____D () C:\FRST
2014-11-12 19:10 - 2014-11-13 19:30 - 00025821 _____ () C:\Users\Konstantin\Desktop\FRST.txt
2014-11-12 19:08 - 2014-11-12 19:08 - 00000552 _____ () C:\Users\Konstantin\Desktop\defogger_disable.log
2014-11-12 19:08 - 2014-11-12 19:08 - 00000168 _____ () C:\Users\Konstantin\defogger_reenable
2014-11-12 18:57 - 2014-11-12 18:57 - 02116608 _____ (Farbar) C:\Users\Konstantin\Desktop\FRST64.exe
2014-11-12 18:57 - 2014-11-12 18:57 - 00380416 _____ () C:\Users\Konstantin\Desktop\svtqs4qt.exe
2014-11-12 18:56 - 2014-11-12 18:56 - 00050477 _____ () C:\Users\Konstantin\Desktop\Defogger.exe
2014-11-12 18:49 - 2014-11-07 20:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-12 18:49 - 2014-11-07 20:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-12 18:49 - 2014-11-06 05:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-12 18:49 - 2014-11-06 05:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-12 18:49 - 2014-11-06 05:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-12 18:49 - 2014-11-06 04:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-12 18:49 - 2014-11-06 04:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-12 18:49 - 2014-11-06 04:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-12 18:49 - 2014-11-06 04:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-12 18:49 - 2014-11-06 04:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-12 18:49 - 2014-11-06 04:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-12 18:49 - 2014-11-06 04:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-12 18:49 - 2014-11-06 04:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-12 18:49 - 2014-11-06 04:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-12 18:49 - 2014-11-06 04:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-12 18:49 - 2014-11-06 04:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-12 18:49 - 2014-11-06 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-12 18:49 - 2014-11-06 04:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-12 18:49 - 2014-11-06 04:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-12 18:49 - 2014-11-06 04:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-12 18:49 - 2014-11-06 04:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-12 18:49 - 2014-11-06 04:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-12 18:49 - 2014-11-06 04:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-12 18:49 - 2014-11-06 04:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-12 18:49 - 2014-11-06 04:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-12 18:49 - 2014-11-06 04:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-12 18:49 - 2014-11-06 04:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-12 18:49 - 2014-11-06 04:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-12 18:49 - 2014-11-06 04:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-12 18:49 - 2014-11-06 04:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-12 18:49 - 2014-11-06 04:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-12 18:49 - 2014-11-06 04:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-12 18:49 - 2014-11-06 03:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-12 18:49 - 2014-11-06 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-12 18:49 - 2014-11-06 03:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-12 18:49 - 2014-11-06 03:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-12 18:49 - 2014-11-06 03:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-12 18:49 - 2014-11-06 03:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-12 18:49 - 2014-11-06 03:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-12 18:49 - 2014-11-06 03:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-12 18:49 - 2014-11-06 03:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-12 18:49 - 2014-11-06 03:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-12 18:49 - 2014-11-06 03:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-12 18:49 - 2014-11-06 03:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-12 18:49 - 2014-11-06 03:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-12 18:49 - 2014-11-06 03:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-12 18:49 - 2014-11-06 03:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-12 18:49 - 2014-11-06 03:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-12 18:49 - 2014-11-06 03:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-12 18:49 - 2014-11-06 03:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-12 18:49 - 2014-11-06 03:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-12 18:49 - 2014-11-06 03:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-12 18:49 - 2014-11-06 02:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-12 18:49 - 2014-11-06 02:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-12 18:49 - 2014-11-06 02:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-12 18:49 - 2014-11-06 02:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-12 18:49 - 2014-10-14 03:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-12 18:49 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-12 18:49 - 2014-10-14 03:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-12 18:49 - 2014-10-14 03:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-12 18:49 - 2014-10-14 03:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-12 18:49 - 2014-10-14 02:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-12 18:49 - 2014-10-14 02:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-12 18:49 - 2014-10-14 02:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-12 18:49 - 2014-10-14 02:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-12 18:49 - 2014-09-19 10:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-12 18:49 - 2014-09-19 10:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-12 18:49 - 2014-08-21 07:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-12 18:49 - 2014-08-21 07:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-12 18:49 - 2014-08-21 07:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-12 18:49 - 2014-08-21 07:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-12 18:48 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-12 18:48 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-12 18:48 - 2014-10-18 03:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-12 18:48 - 2014-10-18 02:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-12 18:48 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-12 18:48 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-12 18:48 - 2014-10-10 01:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-12 18:48 - 2014-10-03 03:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-12 18:48 - 2014-10-03 03:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-12 18:48 - 2014-10-03 03:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-12 18:48 - 2014-10-03 03:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-12 18:48 - 2014-10-03 03:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-12 18:48 - 2014-10-03 02:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-12 18:48 - 2014-10-03 02:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-12 18:48 - 2014-10-03 02:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-12 18:48 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-12 18:48 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-10 21:18 - 2014-11-10 21:20 - 151804352 _____ () C:\Users\Konstantin\Downloads\avira_free_antivirus_de_14.0.7.342.exe
2014-11-10 21:15 - 2014-11-10 21:16 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Konstantin\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-10 20:25 - 2014-11-13 19:26 - 00002305 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-10 20:25 - 2014-11-10 20:25 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\LavasoftStatistics
2014-11-10 20:25 - 2014-11-10 20:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2014-11-10 20:25 - 2014-11-10 20:25 - 00000000 ____D () C:\Program Files\Lavasoft
2014-11-10 20:24 - 2014-11-10 20:24 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Lavasoft
2014-11-10 20:23 - 2014-11-10 20:23 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-11-10 20:22 - 2014-11-10 20:22 - 01753736 _____ () C:\Users\Konstantin\Downloads\Adaware114_Installer.exe
2014-11-10 20:22 - 2014-11-10 20:22 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-11-07 15:50 - 2014-11-07 15:50 - 00001993 _____ () C:\Users\Konstantin\Desktop\Ace Player.lnk
2014-11-07 15:50 - 2014-11-07 15:50 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ace Stream Media
2014-11-07 15:46 - 2014-11-07 15:48 - 67621992 _____ () C:\Users\Konstantin\Downloads\Ace_Stream_Media_3.0.3.exe
2014-11-06 22:56 - 2014-11-06 22:56 - 00002715 _____ () C:\Users\Konstantin\Desktop\karibik1.wlmp
2014-11-06 22:33 - 2014-11-06 22:33 - 00001418 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
2014-11-06 22:33 - 2014-11-06 22:33 - 00000000 ____D () C:\Program Files\Windows Live
2014-11-06 22:01 - 2014-11-06 22:04 - 142602520 _____ (Microsoft Corporation) C:\Users\Konstantin\Downloads\wlsetup-all_16.4.3508.0205.exe
2014-11-06 21:44 - 2014-11-06 21:44 - 00002263 _____ () C:\Users\Konstantin\Desktop\Chrome App Launcher.lnk
2014-11-06 21:44 - 2014-11-06 21:44 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-04 00:22 - 2014-11-04 00:22 - 01125200 _____ () C:\Users\Konstantin\Downloads\Tor Browser Paket - CHIP-Installer.exe
2014-11-03 20:48 - 2014-11-10 21:11 - 00000000 ____D () C:\ProgramData\QebfOffit
2014-11-03 16:49 - 2014-09-05 03:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-11-03 16:49 - 2014-09-05 02:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-11-02 22:08 - 2013-10-02 03:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-11-02 22:08 - 2013-10-02 03:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-11-02 22:08 - 2013-10-02 03:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-11-02 22:08 - 2013-10-02 02:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-11-02 22:08 - 2013-10-02 02:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-11-02 22:08 - 2013-10-02 02:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-11-02 22:08 - 2013-10-02 02:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-11-02 22:08 - 2013-10-02 01:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-11-02 22:08 - 2013-10-02 01:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-11-02 22:08 - 2013-10-02 01:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-11-02 22:08 - 2013-10-02 01:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-11-02 22:08 - 2013-10-02 01:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-11-02 22:08 - 2013-10-02 00:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-11-02 22:08 - 2013-10-02 00:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-11-02 22:08 - 2013-10-02 00:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-11-02 22:08 - 2013-10-01 23:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-11-02 22:07 - 2014-07-02 18:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-11-02 22:02 - 2014-11-02 22:02 - 00000000 ____D () C:\ProgramData\Razer
2014-10-25 17:49 - 2014-11-08 18:18 - 00000000 ____D () C:\_acestream_cache_
2014-10-24 21:03 - 2014-10-24 21:12 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\RIFT
2014-10-24 21:03 - 2014-10-24 21:03 - 00000000 ____D () C:\Users\Konstantin\Documents\RIFT
2014-10-22 16:01 - 2014-10-27 19:18 - 00000000 ____D () C:\Users\Konstantin\Documents\ArcheAge
2014-10-22 16:01 - 2014-10-22 16:01 - 00000000 ____D () C:\ArcheAge
2014-10-21 21:07 - 2014-11-13 18:57 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\.ACEStream
2014-10-21 21:00 - 2014-11-07 15:51 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\ACEStream
2014-10-21 16:30 - 2014-11-02 19:14 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Glyph
2014-10-21 16:30 - 2014-11-02 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glyph
2014-10-21 16:30 - 2014-11-02 19:14 - 00000000 ____D () C:\Program Files (x86)\Glyph
2014-10-21 16:30 - 2014-10-21 16:30 - 00000000 ____D () C:\ProgramData\Glyph
2014-10-19 20:33 - 2014-10-19 20:33 - 00010219 _____ () C:\Users\Konstantin\Documents\Uninstall STAR WARS The Old Republic.log
2014-10-19 12:05 - 2014-10-19 12:05 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-10-19 12:05 - 2014-10-19 12:05 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-10-18 15:03 - 2014-10-18 15:03 - 00000000 ____D () C:\Users\Public\Documents\BitRaider
2014-10-18 15:03 - 2014-10-18 15:03 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\SWTORPerf
2014-10-18 15:01 - 2014-10-18 15:02 - 00014325 _____ () C:\Users\Konstantin\Documents\Install STAR WARS The Old Republic.log
2014-10-18 15:01 - 2014-10-18 15:01 - 00000000 ____D () C:\Program Files (x86)\Electronic Arts
2014-10-16 00:35 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-16 00:35 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-16 00:35 - 2014-08-29 03:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-16 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-16 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-16 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-16 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-16 00:35 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-16 00:35 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-16 00:35 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-16 00:35 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-16 00:35 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-16 00:35 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-16 00:35 - 2014-07-08 23:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-16 00:35 - 2014-07-08 23:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-16 00:35 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-16 00:35 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-16 00:35 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-16 00:35 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-16 00:35 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-16 00:35 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-16 00:34 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-16 00:34 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-16 00:34 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-16 00:34 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-16 00:34 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-16 00:34 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-11-13 19:25 - 2013-12-01 23:07 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-13 19:25 - 2013-07-28 19:56 - 00478180 _____ () C:\Windows\PFRO.log
2014-11-13 19:25 - 2013-05-11 15:43 - 00088274 _____ () C:\Windows\setupact.log
2014-11-13 19:25 - 2011-05-21 00:44 - 00000373 _____ () C:\Windows\lgfwup.ini
2014-11-13 19:25 - 2011-05-21 00:44 - 00000000 ____D () C:\Program Files (x86)\lg_fwupdate
2014-11-13 19:25 - 2011-05-21 00:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-13 19:25 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-13 19:24 - 2013-05-11 15:45 - 01063923 _____ () C:\Windows\WindowsUpdate.log
2014-11-13 19:24 - 2009-07-14 05:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-13 19:24 - 2009-07-14 05:45 - 00015040 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-13 19:23 - 2011-05-20 23:13 - 00001005 _____ () C:\Users\Konstantin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-11-13 18:58 - 2013-12-01 23:08 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-13 18:58 - 2009-07-14 18:58 - 00714884 _____ () C:\Windows\system32\perfh007.dat
2014-11-13 18:58 - 2009-07-14 18:58 - 00157018 _____ () C:\Windows\system32\perfc007.dat
2014-11-13 18:58 - 2009-07-14 06:13 - 01663824 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-13 18:53 - 2014-05-08 16:40 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-13 18:53 - 2013-07-17 16:46 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Akamai
2014-11-12 20:42 - 2014-01-02 19:57 - 00001066 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-12 20:42 - 2014-01-02 19:57 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\Malwarebytes
2014-11-12 20:42 - 2014-01-02 19:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-12 20:34 - 2012-12-27 13:10 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-12 20:33 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-11-12 20:27 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-11-12 20:18 - 2009-07-14 03:34 - 02883584 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-11-12 20:18 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-11-12 20:17 - 2009-07-14 03:34 - 92274688 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-11-12 20:17 - 2009-07-14 03:34 - 22806528 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-11-12 19:35 - 2009-07-14 03:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-11-12 19:21 - 2013-12-10 17:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-11-12 19:21 - 2011-05-20 23:30 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-12 19:08 - 2011-05-20 23:13 - 00000000 ____D () C:\Users\Konstantin
2014-11-12 19:03 - 2009-07-14 05:45 - 00307584 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-12 18:58 - 2013-07-28 16:39 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-12 18:54 - 2011-05-28 15:28 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-10 21:29 - 2013-02-20 18:30 - 00002030 _____ () C:\Users\Public\Desktop\Avira Control Center.lnk
2014-11-10 21:14 - 2013-02-20 18:30 - 00000000 ____D () C:\ProgramData\Avira
2014-11-10 21:14 - 2013-02-20 18:30 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-11-10 21:13 - 2014-08-08 10:31 - 00001097 _____ () C:\Users\Public\Desktop\Avira.lnk
2014-11-06 23:00 - 2013-12-01 23:08 - 00002002 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-11-06 23:00 - 2013-12-01 23:08 - 00002000 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-11-06 23:00 - 2013-12-01 23:08 - 00001990 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-11-06 23:00 - 2013-12-01 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2014-11-06 22:57 - 2011-05-22 00:16 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\CrashDumps
2014-11-06 22:48 - 2014-01-21 18:51 - 00000000 ____D () C:\Users\Konstantin\AppData\Local\Windows Live
2014-11-06 22:34 - 2014-01-21 18:53 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-11-06 22:32 - 2013-12-10 17:01 - 00073343 _____ () C:\Windows\DirectX.log
2014-11-06 21:56 - 2012-12-21 14:31 - 00029184 ___SH () C:\Users\Konstantin\Thumbs.db
2014-11-05 20:23 - 2011-06-23 13:15 - 00002903 _____ () C:\vba.ini
2014-11-04 00:44 - 2014-08-08 19:08 - 00000000 ____D () C:\Windows\Minidump
2014-11-03 23:05 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-11-02 22:24 - 2011-06-23 13:14 - 00000000 ____D () C:\VisualBoyAdvance_games
2014-11-02 22:18 - 2014-02-03 00:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-11-02 22:17 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-11-02 22:07 - 2011-05-21 00:44 - 00000000 ____D () C:\Temp
2014-11-02 22:07 - 2011-05-21 00:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-11-02 22:05 - 2011-05-21 00:09 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-11-02 22:02 - 2011-05-21 10:00 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-11-01 23:25 - 2011-05-21 00:27 - 00000000 ____D () C:\Users\Konstantin\AppData\Roaming\vlc
2014-10-29 17:00 - 2014-01-12 19:45 - 00002135 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-25 18:53 - 2013-12-01 23:08 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-25 18:53 - 2013-12-01 23:07 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-25 18:26 - 2011-11-19 18:33 - 00000955 _____ () C:\Users\Konstantin\Desktop\SopCast.lnk
2014-10-25 18:26 - 2011-11-19 18:33 - 00000000 ____D () C:\Program Files (x86)\SopCast
2014-10-19 20:33 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-10-19 12:06 - 2013-11-16 00:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-10-19 12:05 - 2014-09-15 11:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-10-19 12:05 - 2014-09-15 11:07 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-10-19 12:05 - 2011-05-23 18:15 - 00000000 ____D () C:\Program Files (x86)\Java
2014-10-18 14:10 - 2014-03-23 16:49 - 00000729 _____ () C:\Users\Konstantin\Desktop\Neues Textdokument.txt
2014-10-14 22:19 - 2013-05-07 15:09 - 00043064 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-10-14 22:19 - 2013-03-28 00:00 - 00131608 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-10-14 22:19 - 2013-03-28 00:00 - 00119272 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Konstantin\AppData\Local\Temp\avgnt.exe
C:\Users\Konstantin\AppData\Local\Temp\Quarantine.exe
C:\Users\Konstantin\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-11-06 17:53
==================== End Of Log ============================ --- --- ---
bis dann
mfg |