| werner88 | 25.08.2013 13:17 |
Code:
Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org
Datenbank Version: v2013.08.25.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16660
Kai :: KAI-PC [limitiert]
Schutz: Aktiviert
25.08.2013 13:50:20
mbam-log-2013-08-25 (13-50-20).txt
Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 242988
Laufzeit: 4 Minute(n), 16 Sekunde(n)
Infizierte Speicherprozesse: 1
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> 2164 -> Löschen bei Neustart.
Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel: 38
HKLM\SYSTEM\CurrentControlSet\Services\WajamUpdater (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wajam.WajamBHO.1 (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\wajam.WajamBHO (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\escort.escortIEPane (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaHlpr.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltaHlpr (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D} (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.deltaESrvc.1 (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\esrv.deltaESrvc (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltadskBnd.1 (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\delta.deltadskBnd (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Typelib\{4599D05A-D545-4069-BB42-5895B4EAE05B} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCR\Interface\{1231839B-064E-4788-B865-465A1B5266FD} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\DELTA\DELTA (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta Chrome Toolbar (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wajam (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Registrierungswerte: 4
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: Delta Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{82E1477C-B154-48D3-9891-33D83C26BCD3} (PUP.Optional.Delta.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Delta\Delta|tlbrSrchUrl (PUP.Optional.Delta) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0G2Y1R2X0G1M2S1M0G1S1H -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateiobjekte der Registrierung: 5
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6&searchtype=ds&q={searchTerms}&installDate=12/05/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6&searchtype=hp&installDate=12/05/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6&searchtype=ds&q={searchTerms}&installDate=12/05/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6&searchtype=ds&q={searchTerms}&installDate=12/05/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.Snapdo) -> Bösartig: (hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6&searchtype=ds&q={searchTerms}&installDate=12/05/2013) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt.
Infizierte Verzeichnisse: 15
C:\Users\Kai\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Cache (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\Firefox (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Updater (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\Users\Kai\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\2E5021213A7843C4A8819A2BAA9BF79E (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\BDBF75323BF841CC902B17D836FF8547 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Infizierte Dateien: 41
C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (PUP.Optional.Wajam.A) -> Löschen bei Neustart.
C:\Program Files (x86)\Wajam\IE\priam_bho.dll (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.16.16\deltasrv.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\skype.dat (Trojan.LameShield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Local\Temp\1zT5yikf.exe.part (Adware.DomaIQ) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Local\Temp\wajam_install.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\MyBabylonTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Local\Temp\bus6D23\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Local\Temp\is357113909\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.dat (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\Setup.ico (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setup.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\BUSUninstall.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\Delta2.ico (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\GUninstaller.exe (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\uninstall.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\favicon.ico (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\IE\wajamLogo.bmp (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\Wajam\Updater\update.exe (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\2E5021213A7843C4A8819A2BAA9BF79E\TuneUpUtilities2013-2200217_de-DE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\BDBF75323BF841CC902B17D836FF8547\3707.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\BDBF75323BF841CC902B17D836FF8547\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\BDBF75323BF841CC902B17D836FF8547\Installer.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Kai\AppData\Roaming\OpenCandy\BDBF75323BF841CC902B17D836FF8547\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt.
(Ende)
Code:
# AdwCleaner v3.001 - Report created 25/08/2013 at 14:03:08
# Updated 24/08/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Kai - KAI-PC
# Running from : C:\Users\Kai\Downloads\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
Service Deleted : Yontoo Desktop Updater
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\BrowserProtect
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\delta
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Users\Kai\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Kai\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Kai\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Kai\AppData\LocalLow\delta
Folder Deleted : C:\Users\Kai\AppData\Roaming\DSite
Folder Deleted : C:\Users\Kai\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
Folder Deleted : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\z27xmyu4.default\Extensions\toolbar@ask.com
File Deleted : C:\END
File Deleted : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\z27xmyu4.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\z27xmyu4.default\searchplugins\delta.xml
File Deleted : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\z27xmyu4.default\user.js
File Deleted : C:\Windows\Tasks\DSite.job
File Deleted : C:\Windows\System32\Tasks\DSite
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{5A95A9E0-59DD-4314-BD84-4D18CA83A0E2}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Yontoo Desktop]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\priam_bho.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore
Key Deleted : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool
Key Deleted : HKLM\SOFTWARE\Classes\ScriptHost.Tool.1
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKCU\Software\5f55dc8bb735ee15
Key Deleted : HKLM\SOFTWARE\5f55dc8bb735ee15
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{05366194-3126-4601-AC1A-DDE573E093DC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{19D2F415-D58B-46BC-9390-C03DCBC21EB2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{26249267-15F4-4DA3-8247-C5A78E4FA918}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{39B217B4-8C69-4E45-A8DC-8CC4DAD3CF0A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CB4CE45-8849-4638-9226-D6B615A15827}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{43AB7B5D-4C40-4103-A549-7002A116A7D5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5D64294B-1341-4FE7-B6D8-7C36828D4DD5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E45F3E8-2683-4824-A6BE-08108022FB36}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{996ED20F-A740-47A2-A7EF-9620D422BB4E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F0F16DD-4E76-4049-A9B1-7A91E48F0323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F4288797-CB12-49CE-9DF8-7CDFA1143BEA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{061F450C-37B9-4330-9235-0F25D9F75B33}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22FEB0F5-0BA0-4D4B-8A66-55A21667BC31}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2B79F7D-2D7D-4420-B2A9-ECE52C7C83A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D55DAA5-04AC-4036-B0BE-DA81EE9676CD}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{212C2C4F-C845-4FBC-9561-C833A13D8DCE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3C5D1D57-16C8-473C-A552-37B8D88596FE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4A115D8A-6A7B-4C72-92B1-2E2D01F36979}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{58CBF821-A0C7-4AE8-9430-77DD1AF38E99}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{72BCBFF7-2837-4CA0-B3B5-3DAED7F54601}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{824125FD-7732-4DA2-9277-3A7D0A0A0813}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{99DF8440-814E-497F-BDDD-FB93E9E9DF96}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{83CAD530-387D-40FD-82EA-B9E863D92A9B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C17DC5CF-54FF-4E63-8AC7-94335D6DA231}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D14D0EE2-2DD1-4230-BE70-3F3AD6172C40}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\Delta
Key Deleted : HKCU\Software\dsiteproducts
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Wajam
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\Delta
Key Deleted : HKLM\Software\Wajam
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v23.0.1 (de)
[ File : C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\z27xmyu4.default\prefs.js ]
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.order.1", "Ask.com");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.apn_dbr", "ff_21.0");
Line Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "^AGS");
Line Deleted : user_pref("extensions.asktb.config-updated", true);
Line Deleted : user_pref("extensions.asktb.crumb", "2013.06.21+15.50.18-toolbar012iad-DE-SGFubm92ZXIsR2VybWFueQ%3D%3D");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
Line Deleted : user_pref("extensions.asktb.domain", "avira-int.ask.com");
Line Deleted : user_pref("extensions.asktb.domainName", "avira-int.ask.com");
Line Deleted : user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
Line Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=DE&userid=37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6&searchtype=ds&installDate=12/05/2013&[...]
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "ead700c7-c598-4a25-9d72-df975daa9f79");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "first");
Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1377409393875");
Line Deleted : user_pref("extensions.asktb.locale", "de_DE");
Line Deleted : user_pref("extensions.asktb.localePref", true);
Line Deleted : user_pref("extensions.asktb.location", "Hannover,Germany");
Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Deleted : user_pref("extensions.asktb.o", "APN10261");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "4");
Line Deleted : user_pref("extensions.asktb.sa", "YES");
Line Deleted : user_pref("extensions.asktb.saguid", "C26F17A7-8DE9-4BD4-A354-B282A805CAB8");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.slwo", "1");
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "22.06.2013 00:50:55");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.26.100015");
Line Deleted : user_pref("extensions.asktb.version", "5.15.26.45268");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "4c2b392d000000000000100ba96fc4c5");
Line Deleted : user_pref("extensions.delta.instlDay", "15835");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.16.16");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.16.1618:48:09");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.16.16");
Line Deleted : user_pref("extensions.enabledAddons", "toolbar%40ask.com:3.15.26.100015,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1");
Line Deleted : user_pref("extensions.helperbar.Country", "Germany");
Line Deleted : user_pref("extensions.helperbar.DockingPositionDown", false);
Line Deleted : user_pref("extensions.helperbar.LastHiddenTime", 22806299);
Line Deleted : user_pref("extensions.helperbar.SmartbarDisabled", true);
Line Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Line Deleted : user_pref("extensions.helperbar.UserID", "37d25f40-b1c7-43d7-a5ba-cb9c3fce5ca6");
Line Deleted : user_pref("extensions.helperbar.Visibility", true);
Line Deleted : user_pref("extensions.installCache", "[{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\exte[...]
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "DropDownDeals,buzzdock,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "4495bafd-1092-48f2-b983-9f400b221b5c");
*************************
AdwCleaner[R0].txt - [19953 octets] - [25/08/2013 14:02:20]
AdwCleaner[S0].txt - [19427 octets] - [25/08/2013 14:03:08]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19488 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.4 (08.22.2013:1)
OS: Windows 7 Home Premium x64
Ran by Kai on 25.08.2013 at 14:06:46,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{2C57D64E-FD0D-4B15-9B80-0CB049F663F0}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{26E14C55-2F25-4867-8F18-BC05777C30C1}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{5510F33B-744B-4733-A18F-F3375F298E61}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{676D34F0-DB24-4DB6-BC2D-A575ECC0A055}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{76478E8C-2D47-448D-A498-ABADD5E02F43}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{8094B2D5-7C83-436D-8718-6B06112E579F}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{81B0220C-9859-4C36-AE91-357D3548CCF6}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{81D016E8-D6BA-473A-A895-EA176A55F072}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{B542C724-D42D-4960-BC2E-54D0653053B9}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{CF397041-931D-47C1-8FE0-374110C6BA87}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{D2338A81-34BB-4089-8184-7B508F9F685E}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{D76B574C-0AD3-4AD5-8115-771E08B54F78}
Successfully deleted: [Empty Folder] C:\Users\Kai\appdata\local\{FA5B883D-85B3-48ED-A026-A22F8FE12D7B}
~~~ FireFox
Emptied folder: C:\Users\Kai\AppData\Roaming\mozilla\firefox\profiles\z27xmyu4.default\minidumps [436 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2013
Ran by Kai (administrator) on 25-08-2013 14:16:08
Running from C:\Users\Kai\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Intel Corporation) C:\Windows\system32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(CyberLink Corp.) C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(CyberLink) C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe
(Research In Motion Limited) C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\PMMUpdate.exe
(Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IntelTBRunOnce] - C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs [4526 2010-11-29] ()
HKLM\...\Run: [IntelPAN] - C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1935120 2011-05-02] (Intel(R) Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2280232 2010-07-30] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12673128 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2277480 2011-08-16] (Realtek Semiconductor)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1831016 2011-08-02] (Acer Incorporated)
HKLM\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\ootag.exe [13856 2010-02-23] (Microsoft)
HKCU\...\Run: [DAEMON Tools Ultra Agent] - C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3088448 2013-03-06] (Disc Soft Ltd)
MountPoints2: {75b9763f-bae2-11e2-8783-dc0ea12d59a5} - F:\autorun.exe
MountPoints2: {75b97641-bae2-11e2-8783-dc0ea12d59a5} - G:\autorun.exe
MountPoints2: {75b97643-bae2-11e2-8783-dc0ea12d59a5} - H:\RunGame.exe
MountPoints2: {75b97647-bae2-11e2-8783-dc0ea12d59a5} - J:\RunGame.exe
MountPoints2: {ae03d7d2-3fc9-11e2-abed-806e6f6e6963} - E:\start.exe
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BackupManagerTray] - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [297280 2011-04-24] (NTI Corporation)
HKLM-x32\...\Run: [OOTag] - C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe [13856 2010-02-23] (Microsoft)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Dolby Advanced Audio v2] - C:\Dolby PCEE4\pcee4.exe [506712 2011-06-01] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [ArcadeMovieService] - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe [177448 2011-08-26] (CyberLink Corp.)
HKLM-x32\...\Run: [RIMBBLaunchAgent.exe] - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe [267792 2013-01-17] (Research In Motion Limited)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144 2013-07-02] (Avira Operations GmbH & Co. KG)
HKU\Default\...\RunOnce: [ScrSav] - C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe [154144 2010-07-29] ()
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [241984 2011-11-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [203072 2011-11-27] (NVIDIA Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Kai\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No File
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - No File
Tcpip\Parameters: [DhcpNameServer] 130.75.1.32 130.75.1.40
FireFox:
========
FF ProfilePath: C:\Users\Kai\AppData\Roaming\Mozilla\Firefox\Profiles\z27xmyu4.default
FF NewTab: about:blank
FF Homepage: hxxp://de.yahoo.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
FF Plugin-x32: @mcafee.com/SAFFPlugin - C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @RIM.com/WebSLLauncher,version=1.0 - C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] C:\Program Files (x86)\McAfee\SiteAdvisor
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-02] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [589368 2013-07-02] (Avira Operations GmbH & Co. KG)
R3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [580672 2013-03-06] (Disc Soft Ltd)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [235216 2013-02-05] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-05-02] ()
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [256832 2011-04-24] (NTI Corporation)
S3 McAWFwk; c:\PROGRA~1\mcafee\msc\mcawfwk.exe [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [100712 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130016 2013-02-26] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-06] (Avira Operations GmbH & Co. KG)
R3 dtscsibus; C:\Windows\System32\DRIVERS\dtscsibus.sys [29696 2013-05-12] (Disc Soft Ltd)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [78336 2013-01-03] (Research In Motion Limited)
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 usbrndis6; C:\Windows\system32\drivers\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-25 14:06 - 2013-08-25 14:06 - 01021434 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2013-08-25 14:06 - 2013-08-25 14:06 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:02 - 2013-08-25 14:03 - 00000000 ____D C:\AdwCleaner
2013-08-25 14:01 - 2013-08-25 14:01 - 00994642 _____ C:\Users\Kai\Downloads\adwcleaner.exe
2013-08-25 13:48 - 2013-08-25 13:48 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 13:48 - 2013-08-25 13:48 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Malwarebytes
2013-08-25 13:48 - 2013-08-25 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 13:48 - 2013-08-25 13:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 13:48 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-08-25 13:47 - 2013-08-25 13:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kai\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-25 10:21 - 2013-08-25 10:22 - 00020135 _____ C:\Users\Kai\Downloads\Addition.txt
2013-08-25 10:21 - 2013-08-25 10:21 - 01576506 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2013-08-25 10:21 - 2013-08-25 10:21 - 00000000 ____D C:\FRST
2013-08-25 08:10 - 2013-08-25 08:10 - 00112854 _____ C:\Users\Kai\Downloads\Extras.Txt
2013-08-25 08:09 - 2013-08-25 08:09 - 00099010 _____ C:\Users\Kai\Downloads\OTL.Txt
2013-08-25 08:02 - 2013-08-25 08:02 - 00602112 _____ (OldTimer Tools) C:\Users\Kai\Downloads\OTL.exe
2013-08-18 12:37 - 2013-08-18 12:37 - 00000000 ____D C:\Users\Kai\AppData\Local\DoNotTrackPlus
2013-08-17 21:39 - 2013-08-17 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 01:15 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 01:15 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 01:15 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 01:15 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 01:15 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 01:15 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 01:15 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 01:15 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 01:15 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 01:15 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 01:15 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 01:15 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 01:15 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 01:15 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-14 21:30 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 21:30 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-14 21:30 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 21:30 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-14 21:30 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 21:30 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 21:30 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-14 21:30 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 21:30 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 21:30 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 21:30 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 21:30 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 21:30 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-14 21:30 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-14 21:30 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-14 21:30 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-14 21:30 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-14 21:30 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-14 21:30 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-14 21:30 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-14 21:30 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-14 21:30 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-14 21:30 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-14 21:30 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-14 21:30 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-14 21:30 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 21:30 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-07-27 00:47 - 2013-08-11 07:57 - 00000075 _____ C:\Users\Kai\AppData\Roaming\WB.CFG
==================== One Month Modified Files and Folders =======
2013-08-25 14:13 - 2013-08-25 14:13 - 00002634 _____ C:\Users\Kai\Desktop\JRT.txt
2013-08-25 14:11 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-25 14:11 - 2009-07-14 06:45 - 00016752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-25 14:10 - 2012-12-07 03:45 - 00654340 _____ C:\Windows\system32\perfh007.dat
2013-08-25 14:10 - 2012-12-07 03:45 - 00130180 _____ C:\Windows\system32\perfc007.dat
2013-08-25 14:10 - 2009-07-14 07:13 - 01498506 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 14:06 - 2013-08-25 14:06 - 01021434 _____ (Thisisu) C:\Users\Kai\Downloads\JRT.exe
2013-08-25 14:06 - 2013-08-25 14:06 - 00000000 ____D C:\Windows\ERUNT
2013-08-25 14:04 - 2012-12-31 13:05 - 00001100 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-25 14:04 - 2012-12-20 13:19 - 00000000 ____D C:\ProgramData\clear.fi
2013-08-25 14:04 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-25 14:04 - 2009-07-14 06:51 - 00089581 _____ C:\Windows\setupact.log
2013-08-25 14:03 - 2013-08-25 14:02 - 00000000 ____D C:\AdwCleaner
2013-08-25 14:03 - 2012-12-06 18:51 - 01777000 _____ C:\Windows\WindowsUpdate.log
2013-08-25 14:01 - 2013-08-25 14:01 - 00994642 _____ C:\Users\Kai\Downloads\adwcleaner.exe
2013-08-25 13:59 - 2010-11-21 05:47 - 00147218 _____ C:\Windows\PFRO.log
2013-08-25 13:54 - 2012-12-20 14:15 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-25 13:48 - 2013-08-25 13:48 - 00001113 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-08-25 13:48 - 2013-08-25 13:48 - 00000000 ____D C:\Users\Kai\AppData\Roaming\Malwarebytes
2013-08-25 13:48 - 2013-08-25 13:48 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-08-25 13:48 - 2013-08-25 13:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-08-25 13:47 - 2013-08-25 13:47 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Kai\Downloads\mbam-setup-1.75.0.1300.exe
2013-08-25 13:46 - 2012-12-31 13:05 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-25 10:22 - 2013-08-25 10:21 - 00020135 _____ C:\Users\Kai\Downloads\Addition.txt
2013-08-25 10:21 - 2013-08-25 10:21 - 01576506 _____ (Farbar) C:\Users\Kai\Downloads\FRST64.exe
2013-08-25 10:21 - 2013-08-25 10:21 - 00000000 ____D C:\FRST
2013-08-25 08:10 - 2013-08-25 08:10 - 00112854 _____ C:\Users\Kai\Downloads\Extras.Txt
2013-08-25 08:09 - 2013-08-25 08:09 - 00099010 _____ C:\Users\Kai\Downloads\OTL.Txt
2013-08-25 08:02 - 2013-08-25 08:02 - 00602112 _____ (OldTimer Tools) C:\Users\Kai\Downloads\OTL.exe
2013-08-25 07:58 - 2013-06-17 20:47 - 00000005 _____ C:\Users\Kai\AppData\Roaming\WBPU-TTL.DAT
2013-08-22 21:19 - 2009-07-14 07:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-08-20 23:54 - 2012-12-20 14:15 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 23:54 - 2012-12-20 14:15 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 23:54 - 2012-07-03 16:16 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-19 07:33 - 2012-12-20 13:33 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-08-19 00:05 - 2013-05-23 00:33 - 00050688 ___SH C:\Users\Kai\Desktop\Thumbs.db
2013-08-18 23:57 - 2013-01-08 01:11 - 00001001 _____ C:\Users\Kai\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-08-18 23:57 - 2013-01-08 01:11 - 00001001 _____ C:\Users\Kai\AppData\Roaming\Rim.Desktop.Exception.log
2013-08-18 12:37 - 2013-08-18 12:37 - 00000000 ____D C:\Users\Kai\AppData\Local\DoNotTrackPlus
2013-08-17 21:39 - 2013-08-17 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-08-15 01:12 - 2012-12-23 12:09 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-11 07:57 - 2013-07-27 00:47 - 00000075 _____ C:\Users\Kai\AppData\Roaming\WB.CFG
2013-08-03 14:32 - 2012-12-31 13:05 - 00000000 ____D C:\Program Files (x86)\Google
2013-07-26 15:52 - 2009-07-14 07:08 - 00032640 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-07-26 07:13 - 2013-08-15 01:15 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 07:13 - 2013-08-15 01:15 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 07:13 - 2013-08-15 01:15 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 07:12 - 2013-08-15 01:15 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 07:12 - 2013-08-15 01:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 05:35 - 2013-08-15 01:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 05:13 - 2013-08-15 01:15 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-07-26 05:13 - 2013-08-15 01:15 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-07-26 05:12 - 2013-08-15 01:15 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-07-26 05:11 - 2013-08-15 01:15 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-07-26 05:11 - 2013-08-15 01:15 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-07-26 04:49 - 2013-08-15 01:15 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-07-26 04:39 - 2013-08-15 01:15 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-26 03:59 - 2013-08-15 01:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
Files to move or delete:
====================
C:\Users\Kai\AppData\Local\Temp\ose00000.exe
C:\Users\Kai\AppData\Local\Temp\Quarantine.exe
C:\Users\Kai\AppData\Local\Temp\SIInvoker.exe
C:\Users\Kai\AppData\Local\Temp\{D17CBEA3-60A9-4284-88FD-AFB78CFB8AB4}\ISBEW64.exe
C:\Users\Kai\AppData\Local\Temp\{D17CBEA3-60A9-4284-88FD-AFB78CFB8AB4}\ISRT.dll
C:\Users\Kai\AppData\Local\Temp\{D17CBEA3-60A9-4284-88FD-AFB78CFB8AB4}\_isres_0x0409.dll
C:\Users\Kai\AppData\Local\Temp\{CC367CAC-5E1D-4D8C-843D-92B947AD1374}\ISBEW64.exe
C:\Users\Kai\AppData\Local\Temp\{A5F5E0BC-3ADE-449B-A779-1F636A914822}\ISBEW64.exe
C:\Users\Kai\AppData\Local\Temp\{A5F5E0BC-3ADE-449B-A779-1F636A914822}\ISRT.dll
C:\Users\Kai\AppData\Local\Temp\{A5F5E0BC-3ADE-449B-A779-1F636A914822}\_isres_0x0409.dll
C:\Users\Kai\AppData\Local\Temp\{8F07D7A0-5DCC-4793-B821-34EC73A6F288}\ISBEW64.exe
C:\Users\Kai\AppData\Local\Temp\{8F07D7A0-5DCC-4793-B821-34EC73A6F288}\ISRT.dll
C:\Users\Kai\AppData\Local\Temp\{8F07D7A0-5DCC-4793-B821-34EC73A6F288}\_isres_0x0407.dll
C:\Users\Kai\AppData\Local\Temp\PG\SmartUpgrader\PGSmartUpgrade.exe
C:\Users\Kai\AppData\Local\Temp\PG\SmartUpgrader\SIInvoker.exe
C:\Users\Kai\AppData\Local\Temp\PG\SmartUpgrader\zlib.dll
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\babylon.dll
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\bprotect.exe
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\InetLoad.dll
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\installutils.dll
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\kerberos_bho.dll
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\nsis7z.dll
C:\Users\Kai\AppData\Local\Temp\nsk3FB1.tmp\protector.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\mccleanup.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\McClnUI.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\installer.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\installer64.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\SdOASMon.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\vscore64\DAInstall.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\vscore64\mfehidin.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\vscore64\x86\DAInstall.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\vscore\DAInstall.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\VS\vscore\mfehidin.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\MSC\McMSCIns.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\MSC\mscclnup.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\MQC\mcpins.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\MPS\mpsunins.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\MNA\McSHIns.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\MFP\mfputil_x64.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\MFP\mfputil_x86.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\MFP\x86\sediag.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\MFP\x86\seinst.dll
C:\Users\Kai\AppData\Local\Temp\MCPR\MFP\x64\sediag.exe
C:\Users\Kai\AppData\Local\Temp\MCPR\MFP\x64\seinst.dll
C:\Users\Kai\AppData\Local\Temp\jrt\erunt\ERUNT.EXE
C:\Users\Kai\AppData\Local\Temp\jrt\erunt\ERUNT.EXE.manifest
C:\Users\Kai\AppData\Local\Temp\is357113909\wajam_download.exe
C:\Users\Kai\AppData\Local\Temp\is357113909\yontoo-C4.exe
C:\Users\Kai\AppData\Local\Temp\clear.fiClient\cabarc.exe
C:\Users\Kai\AppData\Local\Temp\bus7139\ff21v.exe
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\BExternal.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\IEHelper.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Setup.exe
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\sqlite3.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\BabMaint.exe
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\BExternal.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\BUSolution.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\BUSUninstall.exe
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\ccp.exe
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\ChromeToolbarSetup.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\CrxInstaller.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\GUninstaller.exe
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\IEHelper.dll
C:\Users\Kai\AppData\Local\Temp\5B5C30B1-BAB0-7891-8985-0C2CC5B73B90\Latest\sqlite3.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\GoogleEarth.exe
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemyext.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\earthps.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\geplugin.exe
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\ge_expat.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth.exe.local
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\googleearth_free.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\icudt.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGAttrs.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGCore.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGExportCommon.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGGfx.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGMath.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGOpt.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGSg.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\IGUtils.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcp100.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\msvcr100.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\npgeplugin.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\plugin_ax.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtCore4.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtGui4.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtNetwork4.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\QtWebKit4.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
C:\Users\Kai\AppData\Local\Temp\._msigeplugin61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-03 20:22
==================== End Of Log ============================
--- --- ---
--- --- ---
Ich habe zwar keine Ahnung, was du damit machen kannst, aber vielen, vielen Dank für die Mühe! |
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
