so, das hat jetzt etwas länger gedauert. Hola search ist inzwischen auch schon weg, dafür ist jetzt AVG Search an seine Stelle gerückt. Aber ein Fortschritt ist bemerkbar :).
Hier die Logs:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
Database version: v2014.01.21.07
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Lena :: LENA-PC [limited]
21.01.2014 20:42:23
mbam-log-2014-01-21 (20-42-23).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 215411
Time elapsed: 12 minute(s), 8 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 4
HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Quarantined and deleted successfully.
HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings (PUP.Optional.BProtector.A) -> Quarantined and deleted successfully.
Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=80CC2218859E7F91&affID=121562&tt=300613_hol&tsp=4929 -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Data: {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} -> Quarantined and deleted successfully.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 13
C:\Users\Lena\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\CR (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\Shared (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\06C76E59434A48429633DD5D58F2AC6F (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\0C7FC0D12A7C492C8816B38D39676D4A (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\42065986B1C04405921264AA2496F156 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\5C137E3557DC43C8A0A93B4DBCC1FB73 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\9C0B5173907E47CF9EF3B2BE117931B8 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\D892C91E56CD47BB98B902A4C37F7BF3 (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\OpenCandy_0C7FC0D12A7C492C8816B38D39676D4A (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
Files Detected: 43
C:\Users\Lena\AppData\Roaming\BabSolution\Shared\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\06C76E59434A48429633DD5D58F2AC6F\DeltaTB.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\42065986B1C04405921264AA2496F156\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\5C137E3557DC43C8A0A93B4DBCC1FB73\LatestDLMgr.exe (PUP.Optional.OpenCandy.A) -> Quarantined and deleted successfully.
C:\$Recycle.Bin\S-1-5-21-442572395-1309729523-3438705337-1000\$RE99L4E.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\1AFA.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\409.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\5302.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\5F7E.tmp (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\78F.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\8B52.tmp (PUP.Optional.PerformerSoft.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\90B8.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\9963.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\B15A.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\E9C3.tmp (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\IminentSetup.exe (PUP.Optional.Iminent.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\m0iZ3znI.exe.part (PUP.Optional.Solimba) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\PICCSFDE306B.exe (PUP.Optional.OfferMosquito.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\setup_fsu_cid.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\857FF429-BAB0-7891-BEE0-9D785D1E571E\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\857FF429-BAB0-7891-BEE0-9D785D1E571E\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\857FF429-BAB0-7891-BEE0-9D785D1E571E\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\857FF429-BAB0-7891-BEE0-9D785D1E571E\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\bus3818\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\bus579B\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\bus86FB\CrxUpdater_d.exe (PUP.Optional.CRX.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\is-R719T.tmp\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Local\Temp\upd2950\BabMaint.x (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\Downloads\SoftonicDownloader_fuer_fat32-format.exe (PUP.Optional.Softonic) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\CR\hola.crx (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\Shared\BUSolution.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\Shared\chu.js (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\Shared\hola.ico (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\Shared\SetupParams.ini (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\BabSolution\Shared\sqlite3.dll (PUP.Optional.BabSolution.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\0C7FC0D12A7C492C8816B38D39676D4A\pcspeedup_oc.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\9C0B5173907E47CF9EF3B2BE117931B8\5472.ico (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\9C0B5173907E47CF9EF3B2BE117931B8\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\9C0B5173907E47CF9EF3B2BE117931B8\OCBrowserHelper_1.0.6.124.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\OpenCandy\D892C91E56CD47BB98B902A4C37F7BF3\driverscanner.exe (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
C:\Users\Lena\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Quarantined and deleted successfully.
(end)AdwCleaner Logfile:
Code:
# AdwCleaner v3.017 - Bericht erstellt am 22/01/2014 um 12:29:12
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Lena - LENA-PC
# Gestartet von : C:\Users\Lena\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : vToolbarUpdater17.3.0
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\AVG Secure Search
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\Program Files (x86)\AVG Secure Search
Ordner Gelöscht : C:\Program Files (x86)\holasearch
Ordner Gelöscht : C:\Program Files (x86)\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\Lena\AppData\Local\AVG Secure Search
Ordner Gelöscht : C:\Users\Lena\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Lena\AppData\LocalLow\AVG Secure Search
Ordner Gelöscht : C:\Users\Lena\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Lena\AppData\Roaming\Uniblue\DriverScanner
Datei Gelöscht : C:\Users\Public\Desktop\driverscanner.lnk
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\bprotector_prefs.js
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\avg-secure-search.xml
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\searchplugins\BitGuard.xml
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\searchplugins\BrowserDefender.xml
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\searchplugins\holasearch.xml
Datei Gelöscht : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\user.js
Datei Gelöscht : C:\Windows\Tasks\dsmonitor.job
Datei Gelöscht : C:\Windows\System32\Tasks\dsmonitor
Datei Gelöscht : C:\Windows\System32\Tasks\EPUpdater
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Datei Gelöscht : C:\Windows\System32\Tasks\SpyHunter4Startup
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\fagpjgjmoaccgkkpjeoinehnoaimnbla
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.holasearchesrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.holasearchesrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\holasearch.holasearchappcore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\holasearch.holasearchappcore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\holasearch.holasearchdskbnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\holasearch.holasearchdskbnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\holasearch.holasearchhlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\holasearch.holasearchhlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gelöscht : HKCU\Software\5368d8ae068e814
Schlüssel Gelöscht : HKLM\SOFTWARE\5368d8ae068e814
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fat32-format_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fat32-format_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{58B41DCD-55B2-48EB-A55A-E330070FFC00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1E44819B-54E1-411B-9D9F-38D7B913BCF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A1EC45B2-B5F7-4B87-955E-E97F778ACAE8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B71E4FEB-89F8-4ACB-A60F-A7DE399119AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C46EFEA4-B0F3-428B-9E77-650E3634EC56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{58B41DCD-55B2-48EB-A55A-E330070FFC00}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9BA19DB8-5C5A-4C13-AEEB-A1336113333E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DFF9B2DA-EF99-4B26-83CB-7058299999D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5882DB3D-175D-4CDC-A030-1B7EC2BC8EC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C510DFFB-0AFE-484C-BA40-CED5B74C4EEF}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\holasearch
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\Software\AVG Security Toolbar
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\holasearch
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\holasearch
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [bProtectTabs]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://www.holasearch.com/?babsrc=NT_ss&mntrId=80CC2218859E7F91&affID=121562&tt=300613_hol&tsp=4929");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://www.holasearch.com/?babsrc=HP_ss&mntrId=80CC2218859E7F91&affID=121562&tt=300613_hol&tsp=4929");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Zeile gelöscht : user_pref("extensions.holasearch.admin", false);
Zeile gelöscht : user_pref("extensions.holasearch.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.holasearch.appId", "{8D5CFE57-B0FD-4396-97A2-DFD0B7DA935B}");
Zeile gelöscht : user_pref("extensions.holasearch.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.holasearch.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.holasearch.excTlbr", false);
Zeile gelöscht : user_pref("extensions.holasearch.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.holasearch.id", "80ccdd4e0000000000002218859e7f91");
Zeile gelöscht : user_pref("extensions.holasearch.instlDay", "15886");
Zeile gelöscht : user_pref("extensions.holasearch.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.holasearch.newTab", false);
Zeile gelöscht : user_pref("extensions.holasearch.prdct", "holasearch");
Zeile gelöscht : user_pref("extensions.holasearch.prtnrId", "holasearch");
Zeile gelöscht : user_pref("extensions.holasearch.rvrt", "false");
Zeile gelöscht : user_pref("extensions.holasearch.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.holasearch.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.holasearch.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.holasearch.vrsn", "1.8.16.16");
Zeile gelöscht : user_pref("extensions.holasearch.vrsnTs", "1.8.16.1616:17:37");
Zeile gelöscht : user_pref("extensions.holasearch.vrsni", "1.8.16.16");
*************************
AdwCleaner[R0].txt - [18896 octets] - [21/01/2014 21:04:04]
AdwCleaner[S0].txt - [17855 octets] - [22/01/2014 12:29:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17916 octets] ##########
--- --- ---
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Lena on 22.01.2014 at 12:36:33,76
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully deleted [Registry Value] HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs\\bProtectTabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\caphyon
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-442572395-1309729523-3438705337-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{E62FAD41-09BB-405E-B38E-FE87C5D69474}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
Successfully deleted: [File] "C:\Users\Lena\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\driverscanner.lnk"
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\uniblue"
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{57CB3EFF-AC80-4EB0-9CA6-B9B8C8BFCF8F}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{A086B248-43F8-48DF-A1AE-4C9250C7ABFD}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{B90261D8-4EB3-4F9D-AD15-D55FF2F2C5CB}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{C8FD5616-8DD3-4D7C-8B73-60F00DE08F12}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{C996336A-B13C-4A24-9F60-464458BBF530}
Successfully deleted: [Empty Folder] C:\Users\Lena\appdata\local\{E70FC2C4-6DDF-4479-B671-7D8369D1E4E8}
~~~ FireFox
Emptied folder: C:\Users\Lena\AppData\Roaming\mozilla\firefox\profiles\9ckqp0b2.default\minidumps [115 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 22.01.2014 at 12:47:10,11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-01-2014 02
Ran by Lena (administrator) on LENA-PC on 22-01-2014 21:48:03
Running from C:\Users\Lena\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
() C:\Program Files (x86)\Join Air\AssistantServices.exe
(Atheros) C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Atheros Communications) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
() C:\Program Files (x86)\Join Air\UIExec.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgui.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe
(Farbar) C:\Users\Lena\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AtherosBtStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [1020576 2012-02-28] (Atheros Communications)
HKLM\...\Run: [AthBtTray] - C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [800416 2012-02-28] (Atheros Commnucations)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2909968 2012-03-29] (Synaptics Incorporated)
HKLM\...\Run: [Power Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [1829768 2012-02-07] (Acer Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12452456 2012-02-22] (Realtek Semiconductor)
HKLM-x32\...\Run: [SuiteTray] - C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [341360 2011-09-20] (Egis Technology Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LManager] - C:\Program Files (x86)\Launch Manager\LManager.exe [1105488 2012-03-23] (Dritek System Inc.)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Join Air\UIExec.exe [132608 2009-08-31] ()
HKLM-x32\...\Run: [WinampAgent] - C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [SwitchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] - C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2013\avgui.exe [4411952 2013-11-20] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Global Registration] - "C:\Program Files (x86)\Acer\Registration\GREG.exe" /boot
HKCU\...\Run: [ICQ] - C:\Program Files (x86)\ICQ7M\ICQ.exe [127040 2012-08-02] (ICQ, LLC.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ICQ Sparberater - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll No File
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101721.dll (Amazon.com, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\Lena\AppData\Roaming\Mozilla\Firefox\Profiles\9ckqp0b2.default\Extensions\ich@maltegoetz.de [2013-12-13]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-04-13]
==================== Services (Whitelisted) =================
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [283136 2013-11-20] (AVG Technologies CZ, s.r.o.)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-08] (Intel Corporation)
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [260640 2010-01-29] (Acer Incorporated)
R2 UI Assistant Service; C:\Program Files (x86)\Join Air\AssistantServices.exe [241664 2009-08-31] ()
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Atheros\Ath_WlanAgent.exe [76960 2012-02-27] (Atheros)
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-19] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-19] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-06-30] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-10-23] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-12] (AVG Technologies)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 21:48 - 2014-01-22 21:48 - 00000000 ____D C:\FRST
2014-01-22 21:38 - 2014-01-22 21:38 - 02077696 _____ (Farbar) C:\Users\Lena\Downloads\FRST64(1).exe
2014-01-22 12:47 - 2014-01-22 12:47 - 00002557 _____ C:\Users\Lena\Desktop\JRT.txt
2014-01-22 12:36 - 2014-01-22 12:36 - 00000000 ____D C:\Windows\ERUNT
2014-01-22 12:35 - 2014-01-22 12:35 - 01037068 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-01-22 12:33 - 2014-01-22 21:42 - 00018037 _____ C:\Users\Lena\Desktop\AdwCleaner[S0].txt
2014-01-21 20:57 - 2014-01-22 12:30 - 00000000 ____D C:\AdwCleaner
2014-01-21 20:56 - 2014-01-21 20:56 - 01236282 _____ C:\Users\Lena\Downloads\adwcleaner.exe
2014-01-21 20:38 - 2014-01-21 20:38 - 00000000 ____D C:\Users\Lena\AppData\Roaming\Malwarebytes
2014-01-21 20:38 - 2014-01-21 20:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 20:38 - 2014-01-21 20:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 20:38 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-21 20:37 - 2014-01-21 20:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 20:34 - 2014-01-21 20:34 - 00686264 _____ C:\Users\Lena\Downloads\ZipOpenerSetup.exe
2014-01-19 18:09 - 2014-01-19 18:11 - 00031327 _____ C:\Users\Lena\Downloads\Addition.txt
2014-01-19 18:08 - 2014-01-22 21:49 - 00015349 _____ C:\Users\Lena\Downloads\FRST.txt
2014-01-19 18:06 - 2014-01-19 18:07 - 02076672 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-01-14 20:50 - 2013-11-27 01:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-14 20:50 - 2013-11-27 01:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-14 20:50 - 2013-11-27 01:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-14 20:50 - 2013-11-27 01:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-14 20:50 - 2013-11-27 01:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-14 20:50 - 2013-11-27 01:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-14 20:50 - 2013-11-27 01:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-14 20:50 - 2013-11-26 11:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-14 20:50 - 2013-11-26 10:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-29 09:53 - 2013-12-29 09:54 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\Lena\Downloads\FreeYouTubeDownload.exe
2013-12-28 08:13 - 2013-12-28 08:13 - 00155378 _____ C:\Users\Lena\Downloads\The Road Less Traveled(1).epub
2013-12-28 08:10 - 2013-12-28 08:10 - 00188831 _____ C:\Users\Lena\Downloads\The Progress of Sherlock.epub
2013-12-28 08:09 - 2013-12-28 08:09 - 00161524 _____ C:\Users\Lena\Downloads\Nova.epub
2013-12-28 01:01 - 2013-12-28 01:01 - 00177273 _____ C:\Users\Lena\Downloads\A Slip of the Finger.epub
==================== One Month Modified Files and Folders =======
2014-01-22 21:49 - 2014-01-19 18:08 - 00015349 _____ C:\Users\Lena\Downloads\FRST.txt
2014-01-22 21:48 - 2014-01-22 21:48 - 00000000 ____D C:\FRST
2014-01-22 21:48 - 2012-05-30 08:10 - 01520082 _____ C:\Windows\WindowsUpdate.log
2014-01-22 21:46 - 2012-07-30 10:53 - 00000000 ____D C:\Users\Lena\AppData\Roaming\Skype
2014-01-22 21:45 - 2013-06-08 01:51 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_HP_rmv.job
2014-01-22 21:45 - 2013-06-04 17:01 - 00000350 _____ C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2014-01-22 21:45 - 2013-04-18 16:24 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-22 21:45 - 2012-07-19 12:24 - 00058288 _____ (Absolute Software Corp.) C:\Windows\SysWOW64\rpcnet.dll
2014-01-22 21:45 - 2012-05-30 08:07 - 00017920 _____ C:\Windows\system32\rpcnetp.exe
2014-01-22 21:44 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-22 21:44 - 2009-07-14 04:51 - 00065548 _____ C:\Windows\setupact.log
2014-01-22 21:42 - 2014-01-22 12:33 - 00018037 _____ C:\Users\Lena\Desktop\AdwCleaner[S0].txt
2014-01-22 21:38 - 2014-01-22 21:38 - 02077696 _____ (Farbar) C:\Users\Lena\Downloads\FRST64(1).exe
2014-01-22 21:32 - 2012-04-20 08:45 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-22 21:02 - 2013-04-18 16:24 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 20:48 - 2012-07-25 20:11 - 00000000 ____D C:\ProgramData\MFAData
2014-01-22 12:47 - 2014-01-22 12:47 - 00002557 _____ C:\Users\Lena\Desktop\JRT.txt
2014-01-22 12:39 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:39 - 2009-07-14 04:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-22 12:38 - 2012-05-30 18:01 - 00654852 _____ C:\Windows\system32\perfh007.dat
2014-01-22 12:38 - 2012-05-30 18:01 - 00130434 _____ C:\Windows\system32\perfc007.dat
2014-01-22 12:38 - 2009-07-14 05:13 - 01500294 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-22 12:36 - 2014-01-22 12:36 - 00000000 ____D C:\Windows\ERUNT
2014-01-22 12:35 - 2014-01-22 12:35 - 01037068 _____ (Thisisu) C:\Users\Lena\Downloads\JRT.exe
2014-01-22 12:33 - 2012-08-02 12:21 - 00000000 ____D C:\Users\Lena\AppData\Roaming\ICQ
2014-01-22 12:30 - 2014-01-21 20:57 - 00000000 ____D C:\AdwCleaner
2014-01-22 12:30 - 2013-06-30 14:18 - 00000000 ____D C:\Users\Lena\AppData\Roaming\Uniblue
2014-01-22 12:30 - 2013-06-30 14:18 - 00000000 ____D C:\Program Files (x86)\Uniblue
2014-01-21 21:01 - 2013-07-26 07:09 - 00000000 ____D C:\Windows\system32\MRT
2014-01-21 20:59 - 2010-11-21 03:47 - 00063874 _____ C:\Windows\PFRO.log
2014-01-21 20:56 - 2014-01-21 20:56 - 01236282 _____ C:\Users\Lena\Downloads\adwcleaner.exe
2014-01-21 20:38 - 2014-01-21 20:38 - 00000000 ____D C:\Users\Lena\AppData\Roaming\Malwarebytes
2014-01-21 20:38 - 2014-01-21 20:38 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-21 20:38 - 2014-01-21 20:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-21 20:37 - 2014-01-21 20:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Lena\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-21 20:34 - 2014-01-21 20:34 - 00686264 _____ C:\Users\Lena\Downloads\ZipOpenerSetup.exe
2014-01-19 18:11 - 2014-01-19 18:09 - 00031327 _____ C:\Users\Lena\Downloads\Addition.txt
2014-01-19 18:07 - 2014-01-19 18:06 - 02076672 _____ (Farbar) C:\Users\Lena\Downloads\FRST64.exe
2014-01-18 11:05 - 2012-07-19 21:17 - 00000000 ____D C:\Users\Lena\AppData\Local\Adobe
2014-01-15 18:24 - 2009-07-14 04:45 - 04892032 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-15 18:21 - 2012-07-19 16:00 - 00000000 ____D C:\Users\Lena\AppData\Roaming\SoftGrid Client
2014-01-15 06:37 - 2012-07-25 20:23 - 86054176 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-13 21:07 - 2012-07-19 14:22 - 00000000 ____D C:\Users\Lena\AppData\Local\CrashDumps
2014-01-08 15:34 - 2013-05-28 18:04 - 00003728 _____ C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-12-31 16:53 - 2012-07-19 15:37 - 00000000 ____D C:\Users\Lena\Documents\Calibre Bibliothek
2013-12-31 15:22 - 2013-12-14 15:02 - 00000000 ____D C:\Users\Lena\Documents\FF
2013-12-29 09:55 - 2013-06-30 14:16 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-12-29 09:55 - 2013-04-24 20:03 - 00000000 ____D C:\Users\Lena\AppData\Roaming\DVDVideoSoft
2013-12-29 09:54 - 2013-12-29 09:53 - 32350440 _____ (DVDVideoSoft Ltd. ) C:\Users\Lena\Downloads\FreeYouTubeDownload.exe
2013-12-28 23:33 - 2012-07-20 18:21 - 00000000 ____D C:\Games
2013-12-28 08:13 - 2013-12-28 08:13 - 00155378 _____ C:\Users\Lena\Downloads\The Road Less Traveled(1).epub
2013-12-28 08:10 - 2013-12-28 08:10 - 00188831 _____ C:\Users\Lena\Downloads\The Progress of Sherlock.epub
2013-12-28 08:09 - 2013-12-28 08:09 - 00161524 _____ C:\Users\Lena\Downloads\Nova.epub
2013-12-28 01:01 - 2013-12-28 01:01 - 00177273 _____ C:\Users\Lena\Downloads\A Slip of the Finger.epub
Some content of TEMP:
====================
C:\Users\Lena\AppData\Local\Temp\APNStub.exe
C:\Users\Lena\AppData\Local\Temp\avguidx.dll
C:\Users\Lena\AppData\Local\Temp\CommonInstaller.exe
C:\Users\Lena\AppData\Local\Temp\firefoxjre_exe-1.exe
C:\Users\Lena\AppData\Local\Temp\firefoxjre_exe-2.exe
C:\Users\Lena\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Lena\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Lena\AppData\Local\Temp\ICReinstall_ZipOpenerSetup.exe
C:\Users\Lena\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Lena\AppData\Local\Temp\MachineIdCreator.exe
C:\Users\Lena\AppData\Local\Temp\oi_{1587ED33-D22B-4FB8-A10A-54C82201BBFD}.exe
C:\Users\Lena\AppData\Local\Temp\oi_{EE3254E7-2CCD-4A6C-92FA-45E1BA7F6C34}.exe
C:\Users\Lena\AppData\Local\Temp\Quarantine.exe
C:\Users\Lena\AppData\Local\Temp\SHSetup.exe
C:\Users\Lena\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Lena\AppData\Local\Temp\ToolbarInstaller.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-21 22:03
==================== End Of Log ============================
--- --- ---
--- --- ---