Sherezade | 09.07.2015 16:25 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Update, 09.07.2015 15:16:38, SYSTEM, NAME-EA04B8400D, Manual, Remediation Database, 2015.3.9.1, 2015.7.1.2,
Update, 09.07.2015 15:16:38, SYSTEM, NAME-EA04B8400D, Manual, Domain Database, 0.0.0.0, 2015.6.12.1,
Update, 09.07.2015 15:16:38, SYSTEM, NAME-EA04B8400D, Manual, Rootkit Database, 2015.2.25.1, 2015.7.9.1,
Update, 09.07.2015 15:16:38, SYSTEM, NAME-EA04B8400D, Manual, IP Database, 0.0.0.0, 2015.6.12.1,
Update, 09.07.2015 15:16:54, SYSTEM, NAME-EA04B8400D, Manual, Malware Database, 2015.3.9.5, 2015.7.9.2,
Scan, 09.07.2015 16:14:20, SYSTEM, NAME-EA04B8400D, Manual, Start: 09.07.2015 15:16:50, Dauer: 53 Minuten 25 Sekunden, Bedrohungs-Suchlauf, Abgeschlossen, 0 Malwareerkennung, "70" nicht-Malwareerkennung,
Error, 09.07.2015 16:34:45, SYSTEM, NAME-EA04B8400D, Protection, IsLicensed, 13,
Protection, 09.07.2015 16:34:45, SYSTEM, NAME-EA04B8400D, Protection, Malware Protection, Stopping,
Protection, 09.07.2015 16:34:45, SYSTEM, NAME-EA04B8400D, Protection, Malware Protection, Stopped,
(end) und Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 09.07.2015
Suchlauf-Zeit: 15:16:50
Logdatei: MBM2.txt
Administrator: Ja
Version: 2.01.6.1022
Malware Datenbank: v2015.07.09.02
Rootkit Datenbank: v2015.02.25.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Selbstschutz: Deaktiviert
Betriebssystem: Windows XP Service Pack 3
CPU: x86
Dateisystem: NTFS
Benutzer: admin
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 332339
Verstrichene Zeit: 53 Min, 25 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristik: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(Keine schädliche Elemente gefunden)
Module: 0
(Keine schädliche Elemente gefunden)
Registrierungsschlüssel: 3
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [01b58b544a407abc73a5c9b342c0e917],
PUP.Optional.ICQToolbar.A, HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{855F3B16-6D32-4FE6-8A56-BBB695989046}, In Quarantäne, [01b58b544a407abc73a5c9b342c0e917],
PUP.Optional.ICQ.A, HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}, In Quarantäne, [d5e1815e97f36bcb1216bfc8798beb15],
Registrierungswerte: 2
PUP.Optional.ICQ.A, HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|URL, hxxp://www.icq.com/search/results.php?q={searchTerms}&ch_id=osd, In Quarantäne, [d5e1815e97f36bcb1216bfc8798beb15]
PUP.Optional.ICQ.A, HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{6552C7DD-90A4-4387-B795-F8F96747DE19}|FaviconURL, hxxp://c.icq.com/favicon.ico, In Quarantäne, [ccea12cd8406f83e62c67d0aa65e14ec]
Registrierungsdaten: 0
(Keine schädliche Elemente gefunden)
Ordner: 15
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OpenCandy, In Quarantäne, [64523fa0f5955dd921106c6138caac54],
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OpenCandy\A21A9FAEF0214418B60A16C531A74387, In Quarantäne, [64523fa0f5955dd921106c6138caac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\BG, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\CZ, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\DE, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\EN, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\ES, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\FR, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\HE, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\RU, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\SK, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\TR, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
Dateien: 50
PUP.Optional.OpenCandy, C:\Dokumente und Einstellungen\admin\Anwendungsdaten\OpenCandy\A21A9FAEF0214418B60A16C531A74387\speedupmypcDE.exe, In Quarantäne, [64523fa0f5955dd921106c6138caac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\BG\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\BG\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\BG\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\BG\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\CZ\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\CZ\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\CZ\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\CZ\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\EN\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\EN\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\EN\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\EN\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\ES\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\ES\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\ES\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\ES\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\FR\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\FR\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\FR\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\FR\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\HE\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\HE\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\HE\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\HE\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\RU\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\RU\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\RU\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\RU\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\SK\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\SK\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\SK\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\SK\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\TR\Configuration.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\TR\OptionDlg.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\TR\RegionalSettings.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQToolbar\XML\TR\UserInterface.xml, In Quarantäne, [5f57924d99f13ef8bb1225d1867cac54],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\Icons.bmp, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\ICQ Service.exe, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\icq6Toolbar.ico, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\ICQToolBar.dll, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\ICQUnToolbar.exe, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\logo_small.gif, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\ServiceStarter.exe, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\short.wav, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3],
PUP.Optional.ICQToolbar.A, C:\Programme\ICQ6Toolbar\Version.txt, In Quarantäne, [6551b02fb1d94cea8747e1158a782dd3], Code:
# AdwCleaner v4.207 - Logfile created 09/07/2015 at 16:56:33
# Updated 21/06/2015 by Xplode
# Database : 2015-07-05.2 [Server]
# Operating system : Microsoft Windows XP Service Pack 3 (x86)
# Username : admin - NAME-EA04B8400D
# Running from : C:\Dokumente und Einstellungen\admin\Eigene Dateien\Downloads\AdwCleaner_4.207.exe
# Option : Cleaning
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint
Folder Deleted : C:\Programme\Viewpoint
Folder Deleted : C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Viewpoint
File Deleted : C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
File Deleted : C:\Dokumente und Einstellungen\admin\Anwendungsdaten\GDIPFONTCACHEV1.DAT
File Deleted : C:\Programme\Mozilla Firefox\defaults\pref\itms.js
***** [ Scheduled tasks ] *****
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\ICQ\ICQToolBar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\ask.com
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}]
Key Deleted : HKCU\Software\ICQ\ICQToolbar
Key Deleted : HKCU\Software\ICQToolbar
Key Deleted : HKCU\Software\OCS
Key Deleted : HKLM\SOFTWARE\ICQ\ICQToolbar
Key Deleted : HKLM\SOFTWARE\MetaStream
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Viewpoint
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\93BAD29AC2E44034A96BCB446EB8552E
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\93BAD29AC2E44034A96BCB446EB8552E
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <local>;*.local
***** [ Web browsers ] *****
-\\ Internet Explorer v8.0.6001.18702
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [ICQ Search]
-\\ Mozilla Firefox v39.0 (x86 de)
-\\ Google Chrome v43.0.2357.132
*************************
AdwCleaner[R0].txt - [5324 bytes] - [09/07/2015 16:51:09]
AdwCleaner[S0].txt - [5239 bytes] - [09/07/2015 16:56:33]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5298 bytes] ########## Code:
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.3.8 (07.09.2015:1)
OS: Microsoft Windows XP x86
Ran by admin on 09.07.2015 at 17:11:44,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Clients\StartMenuInternet\Browser.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
~~~ Files
~~~ Informational
C:\WINDOWS\system32\tasklist.exe doesn't exist [Process check skipped . Windows XP Home Edition?]
~~~ Folders
~~~ FireFox
Emptied folder: C:\Dokumente und Einstellungen\admin\Anwendungsdaten\mozilla\firefox\profiles\ezy08j38.default-1434222308562\minidumps [2 files]
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 09.07.2015 at 17:19:49,29
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-07-2015
Ran by admin (administrator) on NAME-EA04B8400D on 09-07-2015 17:22:31
Running from C:\Dokumente und Einstellungen\admin\Eigene Dateien\Downloads
Loaded Profiles: admin (Available Profiles: admin)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Sophos Limited) C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe
(Apple Inc.) C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AVM Berlin) C:\Programme\avmwlanstick\WLanNetService.exe
(Apple Inc.) C:\Programme\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe
(Google Inc.) C:\Programme\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Microsoft Corporation) C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
() C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe
() C:\Programme\CyberLink\Shared Files\RichVideo.exe
(Sophos Limited) C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe
(Sophos Limited) C:\Programme\Sophos\AutoUpdate\ALsvc.exe
(Sophos Limited) C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe
(X10) C:\PROGRA~1\COMMON~1\X10\Common\X10nets.exe
(Realtek Semiconductor Corp.) C:\WINDOWS\RTHDCPL.exe
() C:\WINDOWS\system32\CmUCREye.exe
() C:\WINDOWS\mHotkey.exe
(Chicony) C:\WINDOWS\CNYHKey.exe
(ArcSoft, Inc.) C:\Programme\web'n'walk TV\TotalMediaTVMonitor.exe
(Deutsche Telekom AG, Marmiko IT-Solutions GmbH) C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe
(Apple Inc.) C:\Programme\iTunes\iTunesHelper.exe
(AVM Berlin) C:\Programme\avmwlanstick\WLanGUI.exe
(Sophos Limited) C:\Programme\Sophos\AutoUpdate\ALMon.exe
(Macrovision Corporation) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Dropbox\Update\DropboxUpdate.exe
(Deutsche Telekom AG, T-Com) C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\InfoCockpit.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe
(Dropbox, Inc.) C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Programme\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Programme\HP\Digital Imaging\bin\hpqbam08.exe
(Deutsche Telekom AG) C:\PROGRA~1\T-Online\T-ONLI~1\BASIS-~1\Basis2\PROFIL~1.EXE
(Mozilla Corporation) C:\Programme\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Programme\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [IMJPMIG8.1] => C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [208952 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [MSPY2002] => C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [59392 2004-08-04] ()
HKLM\...\Run: [PHIME2002ASync] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [PHIME2002A] => C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [455168 2004-08-04] (Microsoft Corporation)
HKLM\...\Run: [RTHDCPL] => C:\WINDOWS\RTHDCPL.EXE [15961088 2006-01-11] (Realtek Semiconductor Corp.)
HKLM\...\Run: [Alcmtr] => C:\WINDOWS\ALCMTR.EXE [69632 2005-05-03] (Realtek Semiconductor Corp.)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [CmUCRRun] => C:\WINDOWS\system32\CmUCReye.exe [241664 2005-10-12] ()
HKLM\...\Run: [CHotkey] => C:\WINDOWS\mHotkey.exe [550912 2004-12-08] ()
HKLM\...\Run: [ledpointer] => C:\WINDOWS\CNYHKey.exe [5585408 2005-11-10] (Chicony)
HKLM\...\Run: [Showwnd] => C:\WINDOWS\showwnd.exe [36864 2003-09-18] ()
HKLM\...\Run: [Adobe Reader Speed Launcher] => C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [TotalMediaTVMonitor] => C:\Programme\web'n'walk TV\TotalMediaTVMonitor.exe [299008 2008-07-04] (ArcSoft, Inc.)
HKLM\...\Run: [ToADiMon.exe] => C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\ToADiMon.exe [282624 2007-02-15] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH)
HKLM\...\Run: [QuickTime Task] => C:\Programme\QuickTime\qttask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Programme\iTunes\iTunesHelper.exe [421160 2010-12-13] (Apple Inc.)
HKLM\...\Run: [AVMWlanClient] => C:\Programme\avmwlanstick\wlangui.exe [1904640 2009-04-23] (AVM Berlin)
HKLM\...\Run: [KernelFaultCheck] => %systemroot%\system32\dumprep 0 -k
HKLM\...\Run: [Sophos AutoUpdate Monitor] => C:\Programme\Sophos\AutoUpdate\almon.exe [1593640 2015-01-30] (Sophos Limited)
HKLM\...\Policies\Explorer: [NoCDBurning] 0
HKU\S-1-5-19\...\Run: [InfoCockpit] => C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2010-05-12] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-20\...\Run: [InfoCockpit] => C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2010-05-12] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\Run: [InfoCockpit] => C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2010-05-12] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\Run: [ISUSPM] => C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Macrovision\FLEXnet Connect\6\ISUSPM.exe [222128 2007-03-29] (Macrovision Corporation)
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\Run: [Kvrory] => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kvrory.exe [1172472 2012-01-16] (Microsoft Corporation)
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\Run: [swg] => C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-09-04] (Google Inc.)
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\Run: [Dropbox Update] => C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-16] (Dropbox, Inc.)
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: H - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {122988b0-264c-11e5-9c4c-001f3f0db6d0} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {278d6b58-f414-11dc-8f37-0012bf63d11b} - L:\StartVMCLite.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {278d6b59-f414-11dc-8f37-0012bf63d11b} - K:\StartVMCLite.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {278d6b5a-f414-11dc-8f37-0012bf63d11b} - K:\StartVMCLite.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {49a23c68-88ad-11e2-97f4-0012bf63d11b} - H:\pushinst.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {6cc6a83e-4f3e-11de-90d4-0012bf63d11b} - H:\AutoRun.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {6cc6a840-4f3e-11de-90d4-0012bf63d11b} - H:\AutoRun.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\...\MountPoints2: {ded99268-c267-11df-9362-0012bf63d11b} - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL usb_tools.exe
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\GPhotos.scr [4558848 2014-01-06] (Google Inc.)
HKU\S-1-5-18\...\Run: [InfoCockpit] => C:\Programme\T-Online\T-Online_Software_6\Info-Cockpit\IC_START.EXE [268800 2010-05-12] (Deutsche Telekom AG, T-Com)
HKU\S-1-5-18\...\Run: [Picasa Media Detector] => C:\Programme\Picasa2\PicasaMediaDetector.exe [443968 2007-10-23] (Google Inc.)
HKU\S-1-5-18\...\Run: [Google Update] => C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Google\Update\GoogleUpdate.exe [116648 2014-02-08] (Google Inc.)
AppInit_DLLs: C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL => C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll [275352 2014-09-15] (Sophos Limited)
Startup: C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart\Dropbox.lnk [2015-06-16]
ShortcutTarget: Dropbox.lnk -> C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP Digital Imaging Monitor.lnk [2010-01-30]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Programme\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\HP OfficeJet Start.lnk [2006-04-20]
ShortcutTarget: HP OfficeJet Start.lnk -> C:\Programme\Hewlett-Packard\HP OfficeJet Series 700\Bin\HPOstr05.exe (No File)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox\bin\DropboxExt.26.dll [2015-06-10] (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.yahoo.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.medion.com
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
HKU\S-1-5-21-1101564738-3898648495-2444685990-1008\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs,Tabs: "C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ\ICQNewTab\newTab.html" <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1101564738-3898648495-2444685990-1008 -> {DECA3892-BA8F-44b8-A993-A466AD694AE4} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
BHO: Adobe PDF Reader Link Helper -> {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27] (Adobe Systems Incorporated)
BHO: No Name -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Programme\Spybot - Search & Destroy\SDHelper.dll [2005-05-31] (Safer Networking Limited)
BHO: SSVHelper Class -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Programme\Java\jre1.5.0_06\bin\ssv.dll [2005-11-10] (Sun Microsystems, Inc.)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
Toolbar: HKU\S-1-5-21-1101564738-3898648495-2444685990-1008 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-04] (Google Inc.)
DPF: {15B782AF-55D8-11D1-B477-006097098764} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/authorware/awswaxd.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Programme\Yahoo!\Common\Yinsthelper.dll
DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc3.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1128778405937
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1141142460296
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} hxxp://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll [2001-06-20] (Microsoft Corporation)
Handler: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Handler: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\OLE DB\msdaipp.dll [2004-01-29] (Microsoft Corporation)
Winsock: Catalog5 04 C:\Programme\Bonjour\mdnsNSP.dll [152864 2010-10-07] (Apple Inc.)
Winsock: Catalog9 01 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-11-03] (Sophos Limited)
Winsock: Catalog9 02 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-11-03] (Sophos Limited)
Winsock: Catalog9 28 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_ifslsp.dll [126760 2013-11-03] (Sophos Limited)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{917D8761-5193-48FE-8ACD-E0A6950590B1}: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Mozilla\Firefox\Profiles\ezy08j38.default-1434222308562
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF32_17_0_0_190.dll [2015-06-24] ()
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-07-31] (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Programme\iTunes\Mozilla Plugins\npitunes.dll [2010-12-09] ()
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Programme\Google\Google Earth\plugin\npgeplugin.dll [2013-10-07] (Google)
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Programme\Picasa2\npPicasa3.dll [2014-01-06] (Google, Inc.)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Programme\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 -> C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll [2008-07-29] (Microsoft Corporation)
FF Plugin: @real.com/nppl3260;version=6.0.11.2321 -> C:\Programme\Real\RealPlayer\Netscape6\nppl3260.dll [2006-02-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprjplug;version=1.0.2.2379 -> C:\Programme\Real\RealPlayer\Netscape6\nprjplug.dll [2006-02-28] (RealNetworks, Inc.)
FF Plugin: @real.com/nprpjplug;version=6.0.12.1483 -> C:\Programme\Real\RealPlayer\Netscape6\nprpjplug.dll [2006-02-28] (RealNetworks, Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Programme\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Programme\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-18] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=3 -> C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
FF Plugin HKU\.DEFAULT: @tools.google.com/Google Update;version=9 -> C:\WINDOWS\system32\config\systemprofile\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.22.3\npGoogleUpdate3.dll [2014-02-08] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Programme\mozilla firefox\plugins\npqtplugin.dll [2010-12-30] (Apple Inc.)
FF Extension: ICQ Toolbar - C:\Programme\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2015-07-09]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2009-08-31]
Chrome:
=======
CHR Profile: C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default
CHR Extension: (Chrome Hotword Shared Module) - C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-04]
CHR Extension: (Google Wallet) - C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-05-04]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device; C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe [37664 2010-10-16] (Apple Inc.)
R2 AVM WLAN Connection Service; C:\Programme\avmwlanstick\WlanNetService.exe [368640 2009-04-23] (AVM Berlin) [File not signed]
R2 Bonjour Service; C:\Programme\Bonjour\mDNSResponder.exe [345376 2010-10-07] (Apple Inc.)
S4 CLCapSvc; C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLCapSvc.exe [266338 2006-02-22] () [File not signed]
S4 CLSched; C:\Programme\Home Cinema\PowerCinema\Kernel\TV\CLSched.exe [118880 2006-02-22] () [File not signed]
S4 CyberLink Media Library Service; C:\Programme\Home Cinema\PowerCinema\Kernel\CLML_NTService\CLMLServer.exe [1073152 2006-02-22] (Cyberlink) [File not signed]
S2 gupdate; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-30] (Google Inc.)
S3 gupdatem; C:\Programme\Google\Update\GoogleUpdate.exe [116648 2014-01-30] (Google Inc.)
S3 gusvc; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [194032 2014-01-30] (Google)
R3 hpqcxs08; C:\Programme\HP\Digital Imaging\bin\hpqcxs08.dll [217088 2007-11-06] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Programme\HP\Digital Imaging\bin\hpqddsvc.dll [139264 2007-11-06] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R3 iPod Service; C:\Programme\iPod\bin\iPodService.exe [820008 2010-12-13] (Apple Inc.)
R2 LightScribeService; C:\Programme\Gemeinsame Dateien\LightScribe\LSSrvc.exe [73728 2005-11-15] (Hewlett-Packard Company) [File not signed]
S2 MBAMService; C:\Programme\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MDM; C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe [322120 2003-06-20] (Microsoft Corporation)
S3 MozillaMaintenance; C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe [148136 2015-07-09] (Mozilla Foundation)
R2 MZCCntrl; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe [61440 2007-01-09] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [File not signed]
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [44032 2010-08-06] (Hewlett-Packard) [File not signed]
R2 PassThru Service; C:\Programme\HTC\Internet Pass-Through\PassThruSvr.exe [166912 2013-10-17] () [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [53760 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RichVideo; C:\Programme\CyberLink\Shared Files\RichVideo.exe [167936 2006-02-22] () [File not signed]
R2 SAVAdminService; C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe [288552 2014-09-15] (Sophos Limited)
R2 SAVService; C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe [208168 2014-09-15] (Sophos Limited)
S3 ServiceLayer; C:\Programme\Gemeinsame Dateien\PCSuite\Services\ServiceLayer.exe [174080 2006-06-05] (Nokia.) [File not signed]
R2 Sophos AutoUpdate Service; C:\Programme\Sophos\AutoUpdate\ALsvc.exe [340776 2015-01-30] (Sophos Limited)
R2 swi_service; C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe [3274536 2014-09-15] (Sophos Limited)
S2 swi_update; C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sophos\Web Intelligence\swi_update.exe [1487144 2014-09-15] (Sophos Limited)
S3 WLSetupSvc; C:\Programme\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S3 WMConnectCDS; C:\Programme\Windows Media Connect 2\wmccds.exe [856064 2005-10-06] (Microsoft Corporation) [File not signed]
R2 x10nets; C:\Programme\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 3xHybrid; C:\WINDOWS\System32\DRIVERS\3xHybrid.sys [826752 2005-12-06] (Philips Semiconductors GmbH)
R2 AegisP; C:\WINDOWS\System32\DRIVERS\AegisP.sys [19915 2005-10-09] (Meetinghouse Data Communications) [File not signed]
R2 Aspi32; C:\WINDOWS\system32\Drivers\Aspi32.sys [25244 1999-09-10] (Adaptec)
R3 AVMCOWAN; C:\WINDOWS\System32\DRIVERS\AVMCOWAN.sys [51200 2003-06-18] (AVM GmbH)
S3 avmeject; C:\WINDOWS\System32\drivers\avmeject.sys [4352 2009-04-23] (AVM Berlin) [File not signed]
S3 AVMWAN; C:\WINDOWS\System32\DRIVERS\avmwan.sys [37568 2001-08-17] (AVM GmbH)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 CMISTOR; C:\WINDOWS\System32\DRIVERS\cmiucr.SYS [72320 2005-10-04] (C-Media Corporation)
S3 FilterService; C:\WINDOWS\System32\DRIVERS\lvuvcflt.sys [23832 2008-02-06] (Logitech Inc.)
R3 fpcibase; C:\WINDOWS\System32\DRIVERS\fpcibase.sys [481408 2003-06-18] (AVM Berlin)
R3 fwlanusbn; C:\WINDOWS\System32\DRIVERS\fwlanusbn.sys [440832 2009-04-23] (AVM GmbH)
R3 HPZid412; C:\WINDOWS\System32\DRIVERS\HPZid412.sys [49920 2007-01-17] (HP)
R3 HPZipr12; C:\WINDOWS\System32\DRIVERS\HPZipr12.sys [16496 2007-01-17] (HP)
R3 HPZius12; C:\WINDOWS\System32\DRIVERS\HPZius12.sys [21568 2007-01-17] (HP)
R3 LVUSBSta; C:\WINDOWS\System32\drivers\LVUSBSta.sys [41752 2008-02-06] (Logitech Inc.)
S3 MACNDIS5; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys [17280 2006-10-04] (Marmiko IT-Solutions GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [23256 2015-04-14] (Malwarebytes Corporation)
S3 MIINPazX; C:\Programme\Gemeinsame Dateien\Marmiko Shared\MInfraIS\MIINPazx.sys [17152 2006-10-09] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [File not signed]
S3 MPE; C:\WINDOWS\System32\DRIVERS\MPE.sys [15232 2008-04-13] (Microsoft Corporation)
S3 MTOnlPktAlyX; C:\Programme\T-Online\T-Online_Software_6\Basis-Software\Basis1\MTOnlPktAlyX.SYS [17536 2006-10-09] (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH) [File not signed]
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
S3 nm; C:\WINDOWS\System32\DRIVERS\NMnt.sys [40320 2008-04-13] (Microsoft Corporation)
S3 Nokia USB Generic; C:\WINDOWS\System32\drivers\nmwcdc.sys [8704 2006-05-29] (Nokia)
S3 Nokia USB Modem; C:\WINDOWS\System32\drivers\nmwcdcm.sys [13312 2006-05-29] (Nokia)
S3 Nokia USB Phone Parent; C:\WINDOWS\System32\drivers\nmwcd.sys [127488 2006-05-29] (Nokia)
S3 Nokia USB Port; C:\WINDOWS\System32\drivers\nmwcdcj.sys [13312 2006-05-29] (Nokia)
S3 qcserxp; C:\WINDOWS\System32\DRIVERS\qcserxp.sys [103424 2009-01-24] (QUALCOMM Incorporated)
S3 QV2KUX; C:\WINDOWS\System32\DRIVERS\qv2kux.sys [3328 2001-08-17] (Microsoft Corporation)
S3 RT2500USB; C:\WINDOWS\System32\DRIVERS\rt2500usb.sys [241536 2005-07-14] (Ralink Technology Inc.)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-03] (Realtek Semiconductor Corporation)
R1 SAVOnAccessControl; C:\WINDOWS\System32\DRIVERS\savonaccesscontrol.sys [174592 2014-09-15] (Sophos Limited)
R1 SAVOnAccessFilter; C:\WINDOWS\System32\DRIVERS\savonaccessfilter.sys [34176 2014-09-15] (Sophos Limited)
R1 SKMScan; C:\WINDOWS\System32\DRIVERS\skmscan.sys [33408 2014-09-15] (Sophos Limited)
S4 SophosBootDriver; C:\WINDOWS\System32\DRIVERS\SophosBootDriver.sys [23680 2014-09-15] (Sophos Limited)
R2 STEC3; C:\WINDOWS\system32\STEC3.sys [2368 2006-10-25] (AntiCracking) [File not signed]
R3 XUIF; C:\WINDOWS\System32\Drivers\x10ufx2.sys [17792 2005-05-19] (X10 Wireless Technology, Inc.)
U3 DfSdkS; No ImagePath
S3 Huawei; system32\DRIVERS\ewdcsc.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
S4 IntelIde; No ImagePath
S3 mod7700; system32\DRIVERS\mod7700.sys [X]
S3 NETFRITZ; system32\DRIVERS\NETFRITZ.SYS [X]
S0 rseb; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S3 wanatw; system32\DRIVERS\wanatw4.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-09 17:19 - 2015-07-09 17:19 - 00001395 _____ C:\Dokumente und Einstellungen\admin\Desktop\JRT.txt
2015-07-09 17:14 - 2009-06-10 09:49 - 00024576 _____ (HTC, Corporation) C:\WINDOWS\system32\Drivers\ANDROIDUSB.sys
2015-07-09 17:12 - 2015-07-09 17:12 - 00000000 ____D C:\RegBackup
2015-07-09 17:05 - 2015-07-09 17:05 - 00006158 _____ C:\WINDOWS\FaxSetup.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00002956 _____ C:\WINDOWS\ocgen.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00002359 _____ C:\WINDOWS\tsoc.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00002022 _____ C:\WINDOWS\comsetup.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00001355 _____ C:\WINDOWS\imsins.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00001229 _____ C:\WINDOWS\ntdtcsetup.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00000959 _____ C:\WINDOWS\iis6.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00000342 _____ C:\WINDOWS\ocmsn.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00000309 _____ C:\WINDOWS\msgsocm.log
2015-07-09 17:05 - 2015-07-09 17:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\MsftWdf_Kernel_01007_Coinstaller_Critical.Wdf
2015-07-09 17:05 - 2015-07-09 17:05 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ANDROIDUSB_01007.Wdf
2015-07-09 17:04 - 2015-07-09 17:05 - 00004314 _____ C:\WINDOWS\Wdf01007Inst.log
2015-07-09 17:04 - 2015-07-09 17:04 - 00000000 __HDC C:\WINDOWS\$NtUninstallWdf01007$
2015-07-09 17:04 - 2015-07-09 17:04 - 00000000 ____D C:\WINDOWS\LastGood
2015-07-09 17:04 - 2007-11-27 03:24 - 00014640 ____N (Microsoft Corporation) C:\WINDOWS\system32\spmsgXP_2k3.dll
2015-07-09 17:03 - 2015-07-09 17:15 - 00002079 _____ C:\WINDOWS\setupact.log
2015-07-09 17:03 - 2015-07-09 17:03 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-07-09 17:02 - 2015-07-09 17:02 - 00099080 _____ C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
2015-07-09 16:56 - 2015-07-09 17:15 - 00040844 _____ C:\WINDOWS\DPINST.LOG
2015-07-09 16:56 - 2015-07-09 16:56 - 00000000 ____D C:\Programme\HTC
2015-07-09 16:56 - 2009-06-09 07:41 - 01122664 ____N (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01007.dll
2015-07-09 16:56 - 2009-01-24 10:36 - 00103424 _____ (QUALCOMM Incorporated) C:\WINDOWS\system32\Drivers\qcserxp.sys
2015-07-09 16:51 - 2015-07-09 16:57 - 00000000 ____D C:\AdwCleaner
2015-07-09 16:48 - 2015-07-09 16:48 - 00012965 _____ C:\text2.txt
2015-07-09 16:48 - 2015-07-09 16:48 - 00012964 _____ C:\Dokumente und Einstellungen\admin\Desktop\MBM2.txt
2015-07-09 16:48 - 2015-07-09 16:48 - 00001077 _____ C:\Dokumente und Einstellungen\admin\Desktop\Mbm1.txt
2015-07-09 16:47 - 2015-07-09 16:47 - 00001077 _____ C:\Text1.txt
2015-07-09 16:04 - 2008-04-14 04:22 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusd.dll
2015-07-09 16:04 - 2001-08-18 04:54 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ptpusb.dll
2015-07-09 15:16 - 2015-07-09 16:47 - 00119512 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-09 15:16 - 2015-07-09 15:16 - 00000753 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk
2015-07-09 15:16 - 2015-07-09 15:16 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Malwarebytes Anti-Malware
2015-07-09 15:15 - 2015-07-09 15:16 - 00000000 ____D C:\Programme\Malwarebytes Anti-Malware
2015-07-09 15:15 - 2015-07-09 15:15 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
2015-07-09 15:15 - 2015-04-14 09:37 - 00120024 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-07-09 15:15 - 2015-04-14 09:37 - 00023256 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-07-09 13:57 - 2015-07-09 16:40 - 00000000 ____D C:\Programme\Mozilla Firefox
2015-07-09 13:31 - 2015-07-09 17:22 - 00000000 ____D C:\FRST
2015-07-09 12:39 - 2015-07-09 17:15 - 00057988 _____ C:\WINDOWS\setupapi.log
2015-07-09 12:09 - 2015-07-09 15:07 - 17582768 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerInstaller.exe
2015-06-30 18:49 - 2015-06-30 18:49 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Startmenü\Programme\T-Online
2015-06-16 11:30 - 2015-06-16 11:30 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Dropbox
2015-06-16 11:27 - 2015-07-09 16:32 - 00001314 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1101564738-3898648495-2444685990-1008UA.job
2015-06-16 11:27 - 2015-07-01 11:32 - 00001262 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-1101564738-3898648495-2444685990-1008Core.job
2015-06-16 11:27 - 2015-06-16 11:27 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Dropbox
2015-06-16 11:27 - 2015-06-16 11:27 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\Dropbox
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-09 17:23 - 2006-03-22 20:02 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Temp
2015-07-09 17:15 - 2005-10-09 00:48 - 00000000 ____D C:\WINDOWS\security
2015-07-09 17:09 - 2006-03-24 19:48 - 00000622 _____ C:\WINDOWS\wiadebug.log
2015-07-09 17:07 - 2013-09-20 17:49 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-07-09 17:07 - 2007-07-22 16:55 - 00000000 ____D C:\Temp
2015-07-09 17:06 - 2015-01-08 17:21 - 00000418 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{7CDFA02C-CABA-4BFA-B1CD-CE833B302A50}.job
2015-07-09 17:04 - 2014-05-29 10:50 - 00000000 ___RD C:\Dokumente und Einstellungen\admin\Eigene Dateien\Dropbox
2015-07-09 17:04 - 2014-05-29 10:48 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Dropbox
2015-07-09 17:03 - 2006-03-22 19:59 - 01649136 _____ C:\WINDOWS\WindowsUpdate.log
2015-07-09 17:01 - 2006-02-28 15:50 - 00039291 _____ C:\WINDOWS\system32\nvapps.xml
2015-07-09 17:01 - 2005-10-09 07:46 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-07-09 16:59 - 2014-01-30 21:12 - 00001086 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-09 16:59 - 2006-03-24 19:48 - 00000050 _____ C:\WINDOWS\wiaservc.log
2015-07-09 16:59 - 2005-10-08 23:00 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-07-09 16:57 - 2006-03-22 20:02 - 00000190 ___SH C:\Dokumente und Einstellungen\admin\ntuser.ini
2015-07-09 16:57 - 2006-03-22 19:59 - 00032516 _____ C:\WINDOWS\SchedLgU.Txt
2015-07-09 16:56 - 2005-10-08 23:52 - 00000000 ____D C:\Programme
2015-07-09 16:40 - 2014-08-06 10:30 - 00000000 ____D C:\Programme\Mozilla Maintenance Service
2015-07-09 16:37 - 2005-10-09 11:50 - 00000000 ____D C:\WINDOWS\system32\Lang
2015-07-09 16:32 - 2015-03-20 16:23 - 00000000 _____ C:\WINDOWS\system32\vireng.log
2015-07-09 16:28 - 2014-02-08 20:23 - 00001220 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18UA.job
2015-07-09 16:14 - 2008-07-02 20:41 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ICQ
2015-07-09 15:33 - 2014-01-30 21:12 - 00001090 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-09 15:16 - 2005-10-08 23:52 - 00000000 ___RD C:\Dokumente und Einstellungen\All Users\Startmenü\Programme
2015-07-09 15:15 - 2006-04-20 17:08 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Lavasoft
2015-07-09 12:57 - 2006-02-28 18:07 - 00000202 _____ C:\WINDOWS\NeroDigital.ini
2015-07-09 12:39 - 2010-01-30 17:36 - 00000000 ____D C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\HP
2015-07-09 12:38 - 2011-09-10 09:12 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Anwendungsdaten\HpUpdate
2015-07-09 12:30 - 2014-01-30 21:14 - 00001773 _____ C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
2015-06-30 19:28 - 2014-02-08 20:23 - 00001168 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-18Core.job
2015-06-30 18:51 - 2006-12-27 20:45 - 00202501 ____C C:\WINDOWS\system32\NULL
2015-06-30 18:49 - 2006-03-22 20:02 - 00000000 ___RD C:\Dokumente und Einstellungen\admin\Startmenü\Programme
2015-06-26 19:24 - 2006-03-25 13:52 - 00002495 _____ C:\Dokumente und Einstellungen\admin\Desktop\Microsoft Word.lnk
2015-06-25 19:07 - 2006-03-24 19:50 - 00000000 ____D C:\Dokumente und Einstellungen\admin\Eigene Dateien\Ingrid
2015-06-25 19:02 - 2006-03-24 19:48 - 00038698 _____ C:\Dokumente und Einstellungen\admin\Anwendungsdaten\wklnhst.dat
2015-06-24 15:07 - 2013-09-20 17:49 - 00778416 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-06-24 15:07 - 2011-05-16 18:48 - 00142512 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-06-19 17:57 - 2015-05-17 13:22 - 00000382 _____ C:\WINDOWS\Tasks\One-Click Optimizer WO11.job
2015-06-16 11:31 - 2006-03-22 20:02 - 00000000 ___RD C:\Dokumente und Einstellungen\admin\Startmenü\Programme\Autostart
2015-06-10 06:30 - 2005-10-09 08:02 - 136900096 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
==================== Files in the root of some directories =======
2006-03-24 18:50 - 2006-03-24 18:50 - 0000934 ____C () C:\Programme\INSTALL.LOG
2012-01-16 21:39 - 2012-01-16 21:39 - 1172472 _____ (Microsoft Corporation) C:\Dokumente und Einstellungen\admin\Anwendungsdaten\Kvrory.exe
2012-01-16 20:56 - 2012-01-16 20:56 - 0000000 ____C () C:\Dokumente und Einstellungen\admin\Anwendungsdaten\PvtjR.txt
2006-03-24 19:48 - 2015-06-25 19:02 - 0038698 _____ () C:\Dokumente und Einstellungen\admin\Anwendungsdaten\wklnhst.dat
2006-03-22 20:02 - 2015-02-21 15:05 - 0034816 _____ () C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2006-03-22 20:02 - 2006-12-27 20:44 - 0000138 ____C () C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
Files to move or delete:
====================
C:\Dokumente und Einstellungen\admin\setup_Bertelsmann_Fotowelt.exe
Some files in TEMP:
====================
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpluqps6.dll
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Temp\Quarantine.exe
C:\Dokumente und Einstellungen\admin\Lokale Einstellungen\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
==================== End of log ============================ So das müsste es gewesen sein. |