markus396 | 09.07.2014 10:23 | Vielen Dank schonmal !!
Ganz schön viele Programme, kann ich die danach wieder löschen ?
Malwarebytes Anti-Malware: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Scan Date: 09.07.2014
Scan Time: 00:41:26
Logfile: maleware.txt
Administrator: No
Version: 2.00.2.1012
Malware Database: v2014.07.08.12
Rootkit Database: v2014.07.07.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marki
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 281552
Time Elapsed: 7 min, 48 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 1
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe, 2036, Delete-on-Reboot, [47d5316c304bf6402c0f0904d32e6e92]
Modules: 0
(No malicious items detected)
Registry Keys: 11
PUP.Optional.SweetPacks.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Updater By Sweetpacks, Quarantined, [47d5316c304bf6402c0f0904d32e6e92],
PUP.Optional.SweetPacks, HKU\S-1-5-21-2381100607-2809186753-3591972519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Delete-on-Reboot, [8795f3aa4635ae88b0cc490cf30f28d8],
PUP.Optional.SweetPacks, HKU\S-1-5-21-2381100607-2809186753-3591972519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{EEE6C35C-6118-11DC-9C72-001320C79847}, Delete-on-Reboot, [8795f3aa4635ae88b0cc490cf30f28d8],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{DEDAF650-12B8-48f5-A843-BBA100716106}, Quarantined, [b3698d107efd63d3c8d72f26f50dcf31],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\Updater By Sweetpacks, Quarantined, [75a7bbe23b409d997652e017b54e817f],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\Updater By Sweetpacks, Quarantined, [52ca475682f958dee7e170879c679769],
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM, Quarantined, [8a929effed8efd390d20b93af50ebb45],
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT, Delete-on-Reboot, [7ba165382f4ce254f758bd3cec17f40c],
PUP.Optional.Softonic.A, HKU\S-1-5-21-2381100607-2809186753-3591972519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, Delete-on-Reboot, [e636d3cadaa190a60f0c9932bc46f60a],
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2381100607-2809186753-3591972519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM, Delete-on-Reboot, [41db2776c8b3a2942c0018db08fbb050],
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{DEDAF650-12B8-48f5-A843-BBA100716106}_is1, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
Registry Values: 7
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\MOZILLA\FIREFOX\EXTENSIONS|{8E9E3331-D360-4f87-8803-52DE43566502}, C:\Program Files\Updater By Sweetpacks\Firefox, Quarantined, [ad6ff2ab64179f97b4d57e396d956b95]
PUP.Optional.SweetPacks.A, HKLM\SOFTWARE\WOW6432NODE\MOZILLA\FIREFOX\EXTENSIONS|{8E9E3331-D360-4f87-8803-52DE43566502}, C:\Program Files\Updater By Sweetpacks\Firefox, Quarantined, [9b818b122d4e3204d6b3bff8fe0412ee]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\SWEETIM|simapp_id, {E10F171C-0145-11E3-BB5B-C860006AB430}, Quarantined, [8a929effed8efd390d20b93af50ebb45]
PUP.Optional.InstallBrain.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\WNLT|URL, MYSTART, Delete-on-Reboot, [7ba165382f4ce254f758bd3cec17f40c]
PUP.Optional.SweetIM.A, HKU\S-1-5-21-2381100607-2809186753-3591972519-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SWEETIM|simapp_id, {E10F171C-0145-11E3-BB5B-C860006AB430}, Delete-on-Reboot, [41db2776c8b3a2942c0018db08fbb050]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGHELPERAPP.EXE, 1, Quarantined, [3fdd613ccfacad8914a48a11bf43db25]
PUP.Optional.SweetIM.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\SWEETIM\TOOLBARS\INTERNET EXPLORER\MGTOOLBARPROXY.DLL, 1, Quarantined, [3fdd613ccfacad8914a48a11bf43db25]
Registry Data: 0
(No malicious items detected)
Folders: 23
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks, Delete-on-Reboot, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\libraries, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\resources, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\locale, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\locale\en-US, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\skin, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\defaults, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\defaults\preferences, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\libraries, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\resources, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.Conduit.A, C:\Users\Marki\AppData\Local\Temp\CT3242337, Quarantined, [9e7ec7d6324974c255609a01a85adf21],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
Files: 123
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\ExtensionUpdaterService.exe, Delete-on-Reboot, [47d5316c304bf6402c0f0904d32e6e92],
PUP.Optional.SweetIM, C:\Users\Marki\AppData\Local\Temp\bundlesweetimsetup.exe, Quarantined, [2fedfba2b0cb3afc006a00bc7490639d],
PUP.Optional.SweetIM, C:\Users\Marki\AppData\Local\Temp\mgsqlite3.7z, Quarantined, [75a73e5f3b4045f18ae00bb17b89738d],
PUP.Optional.SweetIM, C:\Users\Marki\AppData\Local\Temp\mgsqlite3.dll, Quarantined, [27f5e4b9f4873204bdad4e6eba4abf41],
PUP.Optional.SweetIM, C:\Users\Marki\AppData\Local\Temp\Shortcut_bundlesweetimsetup.exe, Quarantined, [4cd0702dabd086b075f5a913f90b8c74],
PUP.Optional.SweetIM, C:\Users\Marki\AppData\Local\Temp\1376088560_2646291_194_4.tmp, Quarantined, [ed2f66372b50cb6b9dcd68540103a45c],
PUP.Optional.SweetPacks.A, C:\Users\Marki\AppData\Local\Temp\spacksyahoo_717_active.exe, Quarantined, [fc20a6f7d3a8b581f6a28f94a45d2cd4],
PUP.Optional.Perion.A, C:\Users\Marki\AppData\Local\Temp\WSSetup.exe, Quarantined, [ca522f6e2754c2743aabc98f0ef66997],
PUP.Optional.Babylon.A, C:\Users\Marki\AppData\Local\Temp\is1590112554\DeltaTB.exe, Quarantined, [44d848557dfecf679300cd3feb165ea2],
PUP.Optional.SweetIM, C:\Windows\Installer\2825a0.msi, Quarantined, [829a7e1f215af4429ccecdefe123639d],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Extension32.dll, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Extension64.dll, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\InstallerHelper.dll, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\unins000.dat, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\unins000.exe, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome.manifest, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\install.rdf, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\main.js, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\main.js.bak, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\main.xul, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\libraries\DataExchangeScript.js, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\content\resources\localscript.js, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\locale\en-US\overlay.dtd, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\chrome\skin\overlay.css, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\Firefox\defaults\preferences\defaults.js, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\libraries\DataExchangeScript.js, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.SweetPacks.A, C:\Program Files\Updater By Sweetpacks\resources\localscript.js, Quarantined, [ea32e8b51b602d0918f6910a5fa38080],
PUP.Optional.Conduit.A, C:\Users\Marki\AppData\Local\Temp\CT3242337\ddt.csf, Quarantined, [9e7ec7d6324974c255609a01a85adf21],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\ClearHist.exe, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\default.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgcommon.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgconfig.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelper.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mghooking.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mglogger.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgsimcommon.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgxml_wrapper.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf\logger.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcm90.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcp90.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\Microsoft.VC90.CRT\msvcr90.dll, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\about.html, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\affid.dat, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\basis.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\bing.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\clear-history.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim-over.gif, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier-anim.gif, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\content-notifier.js, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dating.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\dictionary.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\eye_icon_over.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\e_cards.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\find.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\free_stuff.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\games.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\glitter.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\google.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\help.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\highlight.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\locales.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_16x16.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_21x18.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_32x32.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\logo_about.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\MenuExt.html, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\more-search-providers.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\music.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\news.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\onstart.js, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\options.html, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\photos.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\search-current-site.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\shopping.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileySmile.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\SmileyWink.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\sweetim_text.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\toolbar.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\video.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\web-search.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\yahoo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_bing.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_blank.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_current.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_dictionary.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_google.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_hover.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_left.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_photo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_video.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_web.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\blue\search_button_yahoo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours\toolbar_bng.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours\toolbar_ggl.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\flavours\toolbar_yho.xml, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_bing.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_current.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_dictionary.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_google.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_hover.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_left.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_photo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_video.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_web.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\green\search_button_yahoo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_bing.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_current.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_dictionary.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_google.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_hover.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_left.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_photo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_video.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_web.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
PUP.Optional.SweetIM.A, C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources\orange\search_button_yahoo.png, Quarantined, [3fdd613ccfacad8914a48a11bf43db25],
Physical Sectors: 0
(No malicious items detected)
(end) AdwCleaner
AdwCleaner Logfile: Code:
# AdwCleaner v3.215 - Bericht erstellt am 09/07/2014 um 08:49:46
# Aktualisiert 09/07/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Marki - MARKI-PC
# Gestartet von : E:\Downloads\adwcleaner_3.215.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\SweetIM
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Users\Marki\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Datei Gelöscht : C:\Users\Marki\AppData\LocalLow\SkwConfig.bin
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}
Schlüssel Gelöscht : HKCU\Software\Ciuvo
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\WNLT
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{F4E33CE5-A7AB-4F68-A7E7-F0AA84EF2D9E}
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\5EC33E4FBA7A86F47A7E0FAA48FED2E9
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\5EC33E4FBA7A86F47A7E0FAA48FED2E9
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://www.germanwings.com/Search/Search.aspx?SearchQueryText={searchTerms}&Culture=de-de
Gelöscht [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={E10F171C-0145-11E3-BB5B-C860006AB430}&crg=3.5000006.10061&st=23
Gelöscht [Search Provider] : hxxp://mysearch.sweetpacks.com?src=6&q={searchTerms}&barid={E10F171C-0145-11E3-BB5B-C860006AB430}&crg=3.5000006.10061&st=23
Gelöscht [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Gelöscht [Extension] : nikpibnbobmbdbheedjfogjlikpgpnhp
*************************
AdwCleaner[R0].txt - [3732 octets] - [09/07/2014 08:44:10]
AdwCleaner[S0].txt - [3480 octets] - [09/07/2014 08:49:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3540 octets] ########## --- --- ---
Junkware Removal Tool
JRT Logfile: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Marki on 09.07.2014 at 11:10:02,22
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2381100607-2809186753-3591972519-1000\Software\sweetim
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2014 at 11:13:14,96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ --- --- ---
FRST log
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01
Ran by Marki (administrator) on MARKI-PC on 09-07-2014 11:18:00
Running from E:\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(Spotify Ltd) C:\Users\Marki\AppData\Roaming\Spotify\spotify.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDCountdown.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDPictureViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDMovieViewer.exe
(Logitech Inc.) C:\Program Files\Logitech\GamePanel Software\Applets\ColorOnly\LCDYT.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Spotify Ltd) C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Thisisu) E:\Downloads\JRT.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Microsoft Corporation) C:\Windows\System32\calc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11905128 2011-06-28] (Realtek Semiconductor)
HKLM\...\Run: [Launch LgDeviceAgent] => C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe [415752 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LCDMon] => C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe [2093064 2009-08-13] (Logitech Inc.)
HKLM\...\Run: [Launch LGDCore] => C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe [4195848 2009-08-13] (Logitech Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284440 2011-05-19] (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160 2014-06-24] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2381100607-2809186753-3591972519-1000\...\Run: [Facebook Update] => "C:\Users\Marki\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
HKU\S-1-5-21-2381100607-2809186753-3591972519-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2011-12-05] (AMD)
HKU\S-1-5-21-2381100607-2809186753-3591972519-1000\...\Run: [Spotify] => C:\Users\Marki\AppData\Roaming\Spotify\Spotify.exe [6189624 2014-06-28] (Spotify Ltd)
HKU\S-1-5-21-2381100607-2809186753-3591972519-1000\...\Run: [Spotify Web Helper] => C:\Users\Marki\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-06-28] (Spotify Ltd)
HKU\S-1-5-21-2381100607-2809186753-3591972519-1000\...\MountPoints2: {3bb48515-9e1d-11e1-8b71-806e6f6e6963} - F:\Bin\assetup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Marki\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Deskjet 2510 series.lnk
ShortcutTarget: Tintenwarnungen überwachen - HP Deskjet 2510 series.lnk -> C:\Program Files\HP\HP Deskjet 2510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xAE0AD8A06531CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://de.yahoo.com?fr=hp-avast&type=avastbcl
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://de.yahoo.com?fr=hp-avast&type=avastbcl
SearchScopes: HKLM - DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
SearchScopes: HKCU - {9CB96984-43C3-4D44-90EF-01466EFCF7BB} URL = https://de.search.yahoo.com/yhs/search?type=avastbcl&hspart=avast&hsimp=yhs-001&p={searchTerms}
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Avira Savings Advisor BHO - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files (x86)\avira\Internet Explorer\avira32.dll ()
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 129.143.2.1 8.8.8.8
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
Chrome:
=======
CHR HomePage: https://de.yahoo.com?fr=hp-avast&type=avastbcl
CHR StartupUrls: "https://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
CHR Plugin: (iTunes Application Detector) - E:\iTunes\Mozilla Plugins\npitunes.dll No File
CHR Extension: (YouTube) - C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-05-14]
CHR Extension: (Google-Suche) - C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-05-14]
CHR Extension: (GFACE Experience Plugin) - C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejdlfmdbdibkbfdpjocdaolcheehmpol [2013-10-27]
CHR Extension: (AdBlock) - C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-09-14]
CHR Extension: (Google Wallet) - C:\Users\Marki\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
==================== Services (Whitelisted) =================
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160 2014-06-24] (Avira Operations GmbH & Co. KG)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [117712 2014-06-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [130584 2014-05-09] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2014-05-09] (Avira Operations GmbH & Co. KG)
U5 GEARAspiWDM; C:\Windows\System32\Drivers\GEARAspiWDM.sys [33240 2012-08-21] (GEAR Software Inc.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-09 11:13 - 2014-07-09 11:13 - 00001141 _____ () C:\Users\Marki\Desktop\JRT.txt
2014-07-09 11:10 - 2014-07-09 11:10 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 09:29 - 2014-07-09 09:29 - 00003628 _____ () C:\Users\Marki\Desktop\AdwCleaner[S0].txt
2014-07-09 08:44 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-07-09 08:43 - 2014-07-09 08:49 - 00000000 ____D () C:\AdwCleaner
2014-07-09 00:58 - 2014-07-09 00:58 - 00027084 _____ () C:\Users\Marki\Desktop\maleware.txt
2014-07-09 00:40 - 2014-07-09 00:57 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 00:40 - 2014-07-09 00:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 00:40 - 2014-07-09 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 00:40 - 2014-07-09 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 00:40 - 2014-07-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 00:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-09 00:40 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-09 00:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-09 00:37 - 2014-07-09 00:37 - 00001268 _____ () C:\Users\Marki\Desktop\Revo Uninstaller.lnk
2014-07-09 00:37 - 2014-07-09 00:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-08 20:55 - 2014-07-09 11:18 - 00000000 ____D () C:\FRST
2014-07-03 11:31 - 2014-05-14 18:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-07-03 11:31 - 2014-05-14 18:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-07-03 11:31 - 2014-05-14 18:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-07-03 11:31 - 2014-05-14 18:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-07-03 11:31 - 2014-05-14 18:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-07-03 11:31 - 2014-05-14 18:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-07-03 11:31 - 2014-05-14 18:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-07-03 11:31 - 2014-05-14 18:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-07-03 11:31 - 2014-05-14 18:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-07-03 11:31 - 2014-05-14 18:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-07-03 11:31 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-07-03 11:31 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-07-03 11:31 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-07-03 11:31 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-06-18 12:41 - 2014-07-08 11:27 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-06-18 12:40 - 2014-06-24 11:36 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-18 12:40 - 2014-06-18 12:40 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\Users\Marki\AppData\Roaming\Avira
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\ProgramData\Avira
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-18 12:40 - 2014-05-09 11:16 - 00130584 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2014-06-18 12:40 - 2014-05-09 11:16 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2014-06-13 14:16 - 2014-06-13 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-13 14:16 - 2014-06-13 14:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-11 11:49 - 2014-06-08 11:13 - 00506368 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-11 11:49 - 2014-06-08 11:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-11 11:49 - 2014-05-24 04:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 11:49 - 2014-05-24 04:47 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 11:49 - 2014-05-24 04:47 - 01366016 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 19290112 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 15368704 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 02650112 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 11:49 - 2014-05-24 04:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 11:49 - 2014-05-24 04:45 - 01508864 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 11:49 - 2014-05-24 04:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 11:49 - 2014-05-24 04:45 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 11:49 - 2014-05-24 03:26 - 14365696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-11 11:49 - 2014-05-24 03:26 - 01766400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-11 11:49 - 2014-05-24 03:26 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-11 11:49 - 2014-05-24 03:26 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-11 11:49 - 2014-05-24 03:26 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-11 11:49 - 2014-05-24 03:26 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 13731328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 02862080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 02050560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 01440768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-11 11:49 - 2014-05-24 03:25 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-11 11:49 - 2014-05-24 03:25 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-11 11:49 - 2014-05-24 03:09 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 11:49 - 2014-05-24 03:03 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-11 11:49 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 11:49 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-11 11:49 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 11:49 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 11:49 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 11:49 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 11:49 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 11:49 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-11 11:49 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-11 11:49 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-11 11:49 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-11 11:49 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
==================== One Month Modified Files and Folders =======
2014-07-09 11:18 - 2014-07-08 20:55 - 00000000 ____D () C:\FRST
2014-07-09 11:17 - 2012-05-14 02:00 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-09 11:13 - 2014-07-09 11:13 - 00001141 _____ () C:\Users\Marki\Desktop\JRT.txt
2014-07-09 11:10 - 2014-07-09 11:10 - 00000000 ____D () C:\Windows\ERUNT
2014-07-09 10:36 - 2013-11-23 20:56 - 00000000 ____D () C:\Users\Marki\AppData\Roaming\Spotify
2014-07-09 09:29 - 2014-07-09 09:29 - 00003628 _____ () C:\Users\Marki\Desktop\AdwCleaner[S0].txt
2014-07-09 08:58 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-09 08:58 - 2009-07-14 06:45 - 00021840 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-09 08:55 - 2012-05-15 01:48 - 01748216 _____ () C:\Windows\WindowsUpdate.log
2014-07-09 08:51 - 2012-05-14 02:00 - 00001104 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-09 08:51 - 2010-11-21 05:47 - 00521052 _____ () C:\Windows\PFRO.log
2014-07-09 08:51 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-09 08:51 - 2009-07-14 06:51 - 00196548 _____ () C:\Windows\setupact.log
2014-07-09 08:49 - 2014-07-09 08:43 - 00000000 ____D () C:\AdwCleaner
2014-07-09 08:38 - 2012-05-14 02:33 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381100607-2809186753-3591972519-1000UA.job
2014-07-09 00:58 - 2014-07-09 00:58 - 00027084 _____ () C:\Users\Marki\Desktop\maleware.txt
2014-07-09 00:57 - 2014-07-09 00:40 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-09 00:54 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\tracing
2014-07-09 00:40 - 2014-07-09 00:40 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-09 00:40 - 2014-07-09 00:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-09 00:40 - 2014-07-09 00:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-09 00:40 - 2014-07-09 00:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-09 00:37 - 2014-07-09 00:37 - 00001268 _____ () C:\Users\Marki\Desktop\Revo Uninstaller.lnk
2014-07-09 00:37 - 2014-07-09 00:37 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-07-08 19:42 - 2013-11-23 20:59 - 00000000 ____D () C:\Users\Marki\AppData\Local\Spotify
2014-07-08 11:27 - 2014-06-18 12:41 - 00042040 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2014-07-08 00:29 - 2014-03-14 22:44 - 00000000 ____D () C:\Users\Marki\AppData\Roaming\TS3Client
2014-07-08 00:29 - 2012-10-16 16:19 - 00000000 ____D () C:\Users\Marki\AppData\Local\PMB Files
2014-07-08 00:29 - 2012-10-16 16:19 - 00000000 ____D () C:\ProgramData\PMB Files
2014-07-07 22:43 - 2012-05-14 02:20 - 00000000 ____D () C:\Users\Marki\AppData\Roaming\Skype
2014-07-06 02:38 - 2012-05-14 02:33 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2381100607-2809186753-3591972519-1000Core.job
2014-06-24 11:36 - 2014-06-18 12:40 - 00117712 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2014-06-23 12:13 - 2011-04-12 09:43 - 00699462 _____ () C:\Windows\system32\perfh007.dat
2014-06-23 12:13 - 2011-04-12 09:43 - 00149602 _____ () C:\Windows\system32\perfc007.dat
2014-06-23 12:13 - 2009-07-14 07:13 - 01620812 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 20:12 - 2012-05-14 02:00 - 00004104 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-18 20:12 - 2012-05-14 02:00 - 00003852 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-18 13:03 - 2012-05-14 01:58 - 00000000 ____D () C:\ProgramData\Norton
2014-06-18 12:40 - 2014-06-18 12:40 - 00003408 _____ () C:\Windows\System32\Tasks\aviraSWU
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\Users\Marki\AppData\Roaming\Avira
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\ProgramData\Avira
2014-06-18 12:40 - 2014-06-18 12:40 - 00000000 ____D () C:\Program Files (x86)\Avira
2014-06-17 23:25 - 2014-02-28 18:13 - 00000000 ____D () C:\Users\Marki\AppData\Local\Battle.net
2014-06-13 14:16 - 2014-06-13 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2014-06-13 14:16 - 2014-06-13 14:16 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-06-13 14:16 - 2012-07-04 14:13 - 00000000 ____D () C:\ProgramData\McAfee Security Scan
2014-06-12 10:43 - 2014-05-06 02:31 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-12 00:53 - 2013-07-24 23:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-12 00:53 - 2012-05-14 22:21 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-11 12:06 - 2012-05-14 02:20 - 00000000 ____D () C:\ProgramData\Skype
2014-06-10 11:33 - 2014-03-04 22:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
Some content of TEMP:
====================
C:\Users\Marki\AppData\Local\Temp\avgnt.exe
C:\Users\Marki\AppData\Local\Temp\htmlayout.dll
C:\Users\Marki\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe
C:\Users\Marki\AppData\Local\Temp\instloffer.exe
C:\Users\Marki\AppData\Local\Temp\Quarantine.exe
C:\Users\Marki\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Marki\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Marki\AppData\Local\Temp\swt-win32-3349.dll
C:\Users\Marki\AppData\Local\Temp\tmp2B72.exe
C:\Users\Marki\AppData\Local\Temp\tmp3D5D.exe
C:\Users\Marki\AppData\Local\Temp\tmp6D.exe
C:\Users\Marki\AppData\Local\Temp\tmp71BA.exe
C:\Users\Marki\AppData\Local\Temp\tmpCD9B.exe
C:\Users\Marki\AppData\Local\Temp\tmpD097.exe
C:\Users\Marki\AppData\Local\Temp\tmpD1EE.exe
C:\Users\Marki\AppData\Local\Temp\tmpD71C.exe
C:\Users\Marki\AppData\Local\Temp\tmpE4F1.exe
C:\Users\Marki\AppData\Local\Temp\Uninstaller-4676.exe
C:\Users\Marki\AppData\Local\Temp\_is3D0F.exe
C:\Users\Marki\AppData\Local\Temp\_isB72E.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 11:51
==================== End Of Log ============================ --- --- --- |