Hallo Schrauber,
ich bin erst heute wieder an meinem Rechner gesessen - vielen Dank für die Geduld!
Der AdwCleaner wirft dieses aus: Code:
# AdwCleaner v4.208 - Bericht erstellt 21/07/2015 um 22:47:37
# Aktualisiert 09/07/2015 von Xplode
# Datenbank : 2015-07-15.1 [Server]
# Betriebssystem : Windows 7 Professional Service Pack 1 (x86)
# Benutzername : Eva - COMPE
# Gestarted von : C:\Users\Eva\Downloads\eMbahr\adwcleaner_4.208.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Eva\AppData\LocalLow\Conduit
Datei Gelöscht : C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default\invalidprefs.js
***** [ Geplante Tasks ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{21FA44EF-376D-4D53-9B0F-8A89D3229068}]
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\NCH_DE
Schlüssel Gelöscht : HKLM\SOFTWARE\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Description
***** [ Internetbrowser ] *****
-\\ Internet Explorer v11.0.9600.17909
-\\ Mozilla Firefox v39.0 (x86 de)
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/default.aspx");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.InstallationId", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.InstallationType", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SavedHomepage", "hxxp://www.ask.com?o=101702&l=dis");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SearchCaption", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SearchEngineBeforeUnload", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,tbclient.tbccint.com,codefuel.com,tbccint.com,trovi.com,seccint.com,cpccint.com,appstrm.com,OurToolbar.co[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.embeddedsData", "[{\"appId\":\"129306877457319611\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com;social.tbccint.com;apps.tbccint.com;services.a[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.installId", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.installType", "ConduitNSISIntegration");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.isPerformedSmartBarTransition", "true");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.originalHomepage", "hxxp://www.ask.com?o=101702&l=dis");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.originalSearchEngine", "Ask.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.CTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.Uninstall", "0");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.homepage", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CT2801937.smartbar.toolbarName", "NCH DE ");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ConduitSearchList", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2801937/CT2801937", "\"cf586bc91d6135c25de29352c439d73c3\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1194019/1189696/AT", "\"5d1f6b2d52509e2c8908f2b1c4ea183b\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2801937", "\"1346078238\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"c70353cabc2ce1:0\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"dfe74040abc2ce1:0\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2801937", "\"a238378f7d0708034a0defa297cb8b8b\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=de", "\"602b9c5c1d04e9572d485e57be47d0c5\"");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Eva\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\gyx42jr6.default\\conduitCommon\\modules\\3.12.0.8");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList2", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.ToolbarsList4", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.globalUserId", "dbdec4c4-4c2d-4d65-a7c7-b1cf2bbae071");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Sep 10 2014 17:51:25 GMT+0200");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertEnabled", true);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Sep 10 2014 17:51:32 GMT+0200");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alertsnotifications.ourtoolbar.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.locale", "en");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 10 2014 17:51:24 GMT+0200");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1401369664");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.tbccint.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.notifications.userId", "a64c382f-0333-4f6b-bbeb-214cb371e5f3");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com?o=101702&l=dis");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}&CUI=UN07952075479111276");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.TBHomepagesList", "hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.TBSearchEngineList", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.TBSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=3&q={searchTerms}&CUI=UN07952075479111276");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.defaultthis.engineName", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.order.1", "Ask.com");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("browser.search.selectedEngine", "NCH DE Customized Web Search");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.addressBarOwnerCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13,hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=2&CUI=UN07952075479111276&UM[...]
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.defaultSearchOwnerCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homePageOwnerCTID", "CT2801937");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.homepageList", "hxxp://search.conduit.com/?ctid=CT2801937&SearchSource=13,hxxp://search.conduit.com/?CUI=UN07952075479111276&ctid=CT2801937&SearchSource=13");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.machineId", "J0MQKITLZNZH0QFBJPFLSS02SX0N3+STNB53+XVE7LSP4S+QPMZ8WEQKEETFKNROCW7EXWAJSGCYPOBJOPAZAQ");
[gyx42jr6.default\prefs.js] - Zeile Gelöscht : user_pref("smartbar.searchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801937&q=,hxxp://trovi.com/ResultsExt.aspx?ctid=CT2801937&SearchSource=2&CUI=UN07952075479111276&UM=&q=,ht[...]
-\\ Google Chrome v43.0.2357.134
[C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=100000027&locale=de_US&apn_uid=&apn_ptnrs=U3&apn_sauid=&apn_dtid=OSJ000YYAT&psv=&q={searchTerms}
*************************
AdwCleaner[R0].txt - [12606 Bytes] - [21/07/2015 22:45:52]
AdwCleaner[S0].txt - [13218 Bytes] - [21/07/2015 22:47:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [13278 Bytes] ##########
JRT meldet folgendes: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.5.1 (07.16.2015:1)
OS: Windows 7 Professional x86
Ran by Eva on 23.07.2015 at 20:25:17,08
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Tasks
Successfully deleted: [Task] C:\Windows\System32\tasks\PCDoctorBackgroundMonitorTask
Successfully deleted: [Task] C:\Windows\Tasks\PCDoctorBackgroundMonitorTask.job
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer
~~~ Files
~~~ Folders
Successfully deleted: [Folder] C:\Program Files\newsoft
Successfully deleted: [Folder] C:\ProgramData\google
Successfully deleted: [Folder] C:\Users\Eva\Appdata\Local\newsoft
Successfully deleted: [Folder] C:\Users\Eva\AppData\Roaming\newsoft
Successfully deleted: [Folder] C:\Users\Eva\Documents\my pagemanager
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\gyx42jr6.default\smartbar
Successfully deleted the following from C:\Users\Eva\AppData\Roaming\mozilla\firefox\profiles\gyx42jr6.default\prefs.js
user_pref(CT2801937..clientLogIsEnabled, false);
user_pref(CT2801937..clientLogServiceUrl, hxxp://clientlog.users.tbccint.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent);
user_pref(CT2801937..uninstallLogServiceUrl, hxxp://uninstall.users.tbccint.com/Uninstall.asmx/RegisterToolbarUninstallation);
user_pref(CT2801937.1000082.isPlayDisplay, true);
user_pref(CT2801937.1000082.state, {\state\:\stopped\,\text\:\GermanyFM...\,\description\:\GermanyFM Info\,\url\:\hxxp://www.1000mikes.com/audio/1000mikes.m3
user_pref(CT2801937.1000234.TWC_locId, AUXX0008);
user_pref(CT2801937.1000234.TWC_temp_dis, c);
user_pref(CT2801937.ALLOW_SHOWING_HIDDEN_TOOLBAR, false);
user_pref(CT2801937.AppTrackingLastCheckTime, Wed Oct 23 2013 11:50:18 GMT+0200);
user_pref(CT2801937.BrowserCompStateIsOpen_129799487489787934, true);
user_pref(CT2801937.BrowserCompStateIsOpen_129800116201456332, true);
user_pref(CT2801937.CTID, CT2801937);
user_pref(CT2801937.CurrentServerDate, 10-9-2014);
user_pref(CT2801937.DSInstall, true);
user_pref(CT2801937.DialogsAlignMode, LTR);
user_pref(CT2801937.DialogsGetterLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.DownloadReferralCookieData, );
user_pref(CT2801937.EMailNotifierPollDate, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.ENABALE_HISTORY, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.FirstServerDate, 22-5-2012);
user_pref(CT2801937.FirstTime, true);
user_pref(CT2801937.FirstTimeFF3, true);
user_pref(CT2801937.FixPageNotFoundErrors, true);
user_pref(CT2801937.GroupingServerCheckInterval, 1440);
user_pref(CT2801937.GroupingServiceUrl, hxxp://grouping.tbccint.com/);
user_pref(CT2801937.HPInstall, true);
user_pref(CT2801937.HasUserGlobalKeys, true);
user_pref(CT2801937.HomePageProtectorEnabled, true);
user_pref(CT2801937.Initialize, true);
user_pref(CT2801937.InitializeCommonPrefs, true);
user_pref(CT2801937.InstallationAndCookieDataSentCount, 3);
user_pref(CT2801937.InstalledDate, Wed May 09 2012 09:39:28 GMT+0200);
user_pref(CT2801937.InvalidateCache, false);
user_pref(CT2801937.IsAlertDBUpdated, true);
user_pref(CT2801937.IsGrouping, false);
user_pref(CT2801937.IsInitSetupIni, true);
user_pref(CT2801937.IsMulticommunity, false);
user_pref(CT2801937.IsOpenThankYouPage, false);
user_pref(CT2801937.IsOpenUninstallPage, true);
user_pref(CT2801937.IsProtectorsInit, true);
user_pref(CT2801937.LanguagePackLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.LanguagePackReloadIntervalMM, 1440);
user_pref(CT2801937.LanguagePackServiceUrl, hxxp://translation.users.tbccint.com/Translation.ashx);
user_pref(CT2801937.LastLogin_3.12.0.8, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.LatestVersion, 3.20.0.4);
user_pref(CT2801937.Locale, de);
user_pref(CT2801937.MCDetectTooltipHeight, 83);
user_pref(CT2801937.MCDetectTooltipUrl, hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1);
user_pref(CT2801937.MCDetectTooltipWidth, 295);
user_pref(CT2801937.MyStuffEnabledAtInstallation, true);
user_pref(CT2801937.OriginalFirstVersion, 3.12.0.8);
user_pref(CT2801937.RadioIsPodcast, false);
user_pref(CT2801937.RadioLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.RadioLastUpdateIPServer, 3);
user_pref(CT2801937.RadioLastUpdateServer, 129800256255330000);
user_pref(CT2801937.RadioMediaID, 21560175);
user_pref(CT2801937.RadioMediaType, Media Player);
user_pref(CT2801937.RadioMenuSelectedID, EBRadioMenu_CT280193721560175);
user_pref(CT2801937.RadioShrinkedFromSetup, false);
user_pref(CT2801937.RadioStationName, GermanyFM%20Info);
user_pref(CT2801937.RadioStationURL, hxxp://www.1000mikes.com/audio/1000mikes.m3u?channelId=6680);
user_pref(CT2801937.RestartDialogFirstTime, false);
user_pref(CT2801937.RestartDialogShouldDisplay, false);
user_pref(CT2801937.SearchFromAddressBarIsInit, true);
user_pref(CT2801937.SearchInNewTabEnabled, true);
user_pref(CT2801937.SearchInNewTabIntervalMM, 1440);
user_pref(CT2801937.SearchInNewTabLastCheckTime, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.SearchProtectorEnabled, true);
user_pref(CT2801937.SearchProtectorToolbarDisabled, false);
user_pref(CT2801937.SendProtectorDataViaLogin, true);
user_pref(CT2801937.ServiceMapLastCheckTime, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.SettingsLastCheckTime, Wed Sep 10 2014 17:51:24 GMT+0200);
user_pref(CT2801937.SettingsLastUpdate, 1405919504);
user_pref(CT2801937.ThirdPartyComponentsInterval, 504);
user_pref(CT2801937.ThirdPartyComponentsLastCheck, Thu Aug 21 2014 11:38:46 GMT+0200);
user_pref(CT2801937.ThirdPartyComponentsLastUpdate, 1331806000);
user_pref(CT2801937.ToolbarShrinkedFromSetup, false);
user_pref(CT2801937.TrusteLinkUrl, hxxp://trust.cpccint.com);
user_pref(CT2801937.UserID, UN07952075479111276);
user_pref(CT2801937.WeatherNetwork, );
user_pref(CT2801937.WeatherPollDate, Wed Sep 10 2014 17:51:26 GMT+0200);
user_pref(CT2801937.WeatherUnit, C);
user_pref(CT2801937.XING_APP_MARKETPLACE_APP_LANG.enc, ZW4=);
user_pref(CT2801937.XING_APP_MARKETPLACE_GADGET_HEIGHT_NORMAL.enc, NTY5);
user_pref(CT2801937.XING_APP_MARKETPLACE_GADGET_HEIGHT_SHORT.enc, NDE1);
user_pref(CT2801937.XING_APP_MARKETPLACE_GADGET_WIDTH.enc, MzUz);
user_pref(CT2801937.addressBarTakeOverEnabledInHidden, true);
user_pref(CT2801937.alertChannelId, 1194019);
user_pref(CT2801937.autoDisableScopes, -1);
user_pref(CT2801937.backendstorage.twitter_v1.8.0_twitter_app_open_t_f, 66616C7365);
user_pref(CT2801937.backendstorage.twitter_v1.9.0_twitter_app_open_t_f, 66616C7365);
user_pref(CT2801937.backendstorage.xing_app_marketplace_app_lang, 656E);
user_pref(CT2801937.backendstorage.xing_app_marketplace_gadget_height_normal, 353639);
user_pref(CT2801937.backendstorage.xing_app_marketplace_gadget_height_short, 343135);
user_pref(CT2801937.backendstorage.xing_app_marketplace_gadget_width, 333533);
user_pref(CT2801937.countryCode, AT);
user_pref(CT2801937.enableAlerts, always);
user_pref(CT2801937.firstTimeDialogOpened, true);
user_pref(CT2801937.fixPageNotFoundErrorByUser, TRUE);
user_pref(CT2801937.fixPageNotFoundErrorInHidden, true);
user_pref(CT2801937.fullUserID, UN07952075479111276.UP.20140926085027);
user_pref(CT2801937.globalFirstTimeInfoLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.homepageProtectorEnableByLogin, true);
user_pref(CT2801937.homepageuserchanged, true);
user_pref(CT2801937.initDone, true);
user_pref(CT2801937.isAppTrackingManagerOn, false);
user_pref(CT2801937.isCheckedStartAsHidden, true);
user_pref(CT2801937.isEnableAllDialogs, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.isFirstRadioInstallation, false);
user_pref(CT2801937.isFirstTimeToolbarLoading, false);
user_pref(CT2801937.isToolbarShrinked, {\dataType\:\string\,\data\:\false\});
user_pref(CT2801937.keyword, true);
user_pref(CT2801937.lastNewTabSettings, {\isEnabled\:true,\newTabUrl\:\hxxp://www.trovigo.com/?gd=&ctid=CT2801937&octid=CT2801937&ISID=ISID_ID&SearchSource=15&CUI=UN07
user_pref(CT2801937.lastVersion, 10.33.0.517);
user_pref(CT2801937.missingMachineIdSent, true);
user_pref(CT2801937.myStuffEnabled, R@ ????@D@ ????`?H ??????H ??????H ??????H ?????H ????);
user_pref(CT2801937.myStuffPublihserMinWidth, 400);
user_pref(CT2801937.myStuffSearchUrl, hxxp://appstrm.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID);
user_pref(CT2801937.myStuffServiceIntervalMM, 1440);
user_pref(CT2801937.navigateToUrlOnSearch, false);
user_pref(CT2801937.navigationAliasesJson, {\EB_SEARCH_TERM\:\\,\EB_MAIN_FRAME_URL\:\file%3A%2F%2F%2FC%3A%2FUsers%2FEva%2FAppData%2FLocal%2FMicrosoft%2FWindows%2FTem
user_pref(CT2801937.oldAppsList, 129306877456538355,129306877457319611,111,129306877459819678,129306877459975929,129799474422717075,129799483853381569,129799494588344200,12
user_pref(CT2801937.originalSearchAddressUrl, chrome://browser-region/locale/region.properties);
user_pref(CT2801937.performedDomainChangesMigration, true);
user_pref(CT2801937.revertSettingsEnabled, true);
user_pref(CT2801937.search.searchAppId, 129306877457319611);
user_pref(CT2801937.search.searchCount, 0);
user_pref(CT2801937.searchFromAddressBarEnabledByUser, true);
user_pref(CT2801937.searchInNewTabEnabledByUser, true);
user_pref(CT2801937.searchInNewTabEnabledInHidden, true);
user_pref(CT2801937.searchProtectorDialogDelayInSec, 10);
user_pref(CT2801937.searchProtectorEnableByLogin, true);
user_pref(CT2801937.searchSuggestEnabledByUser, true);
user_pref(CT2801937.selectToSearchBoxEnabled, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.serviceLayer_service_login_isFirstLoginInvoked, {\dataType\:\boolean\,\data\:\true\});
user_pref(CT2801937.serviceLayer_service_login_loginCount, {\dataType\:\number\,\data\:\4\});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_activeCTID, {\dataType\:\string\,\data\:\CT2801937\});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_activeDownloadUrl, {\dataType\:\string\,\data\:\hxxp://NCHDE.OurToolbar.com//xpi\});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_activeToolbarName, {\dataType\:\string\,\data\:\NCH DE \});
user_pref(CT2801937.serviceLayer_service_toolbarGrouping_invoked, {\dataType\:\string\,\data\:\true\});
user_pref(CT2801937.serviceLayer_service_usage_toolbarUsageCount, {\dataType\:\number\,\data\:\2\});
user_pref(CT2801937.serviceLayer_services_Configuration_lastUpdate, 1411714230096);
user_pref(CT2801937.serviceLayer_services_appTrackingFirstTime_lastUpdate, 1411714231346);
user_pref(CT2801937.serviceLayer_services_appsMetadata_lastUpdate, 1411714230930);
user_pref(CT2801937.serviceLayer_services_gottenAppsContextMenu_lastUpdate, 1411714230961);
user_pref(CT2801937.serviceLayer_services_login_10.20.101.5_lastUpdate, 1411714231224);
user_pref(CT2801937.serviceLayer_services_login_10.33.0.517_lastUpdate, 1411715218985);
user_pref(CT2801937.serviceLayer_services_otherAppsContextMenu_lastUpdate, 1411714231052);
user_pref(CT2801937.serviceLayer_services_searchAPI_lastUpdate, 1411714230109);
user_pref(CT2801937.serviceLayer_services_serviceMap_lastUpdate, 1411714229312);
user_pref(CT2801937.serviceLayer_services_toolbarContextMenu_lastUpdate, 1411714230802);
user_pref(CT2801937.serviceLayer_services_toolbarSettings_lastUpdate, 1411714229586);
user_pref(CT2801937.serviceLayer_services_translation_lastUpdate, 1411714231319);
user_pref(CT2801937.settingsINI, true);
user_pref(CT2801937.showToolbarPermission, false);
user_pref(CT2801937.testingCtid, );
user_pref(CT2801937.toolbarAppMetaDataLastCheckTime, Wed Sep 10 2014 17:51:25 GMT+0200);
user_pref(CT2801937.toolbarBornServerTime, 22-5-2012);
user_pref(CT2801937.toolbarContextMenuLastCheckTime, Wed May 09 2012 09:39:32 GMT+0200);
user_pref(CT2801937.toolbarCurrentServerTime, 26-9-2014);
user_pref(CT2801937.toolbarLoginClientTime, Fri Sep 26 2014 08:50:31 GMT+0200);
user_pref(CT2801937.upgradeFromOBVersion, true);
user_pref(CT2801937.xing_app_marketplace_gadget_height_normal.from_oldbar.enc, NTY5);
user_pref(CT2801937.xing_app_marketplace_gadget_height_short.from_oldbar.enc, NDE1);
user_pref(CT2801937.xing_app_marketplace_gadget_width.from_oldbar.enc, MzUz);
user_pref(CT2801937_Firefox.csv, [{\from\:\Abs Layer\,\action\:\loading toolbar\,\time\:1436256771767,\isWithState\:\\,\timeFromStart\:0,\timeFromPrev\:0}
user_pref(valueApps.storage.mam_gk_userId, 61646266613263652D353931302D346333382D616431322D323239303964366565326566);
~~~ Chrome
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset
[C:\Users\Eva\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23.07.2015 at 20:30:14,47
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
... und zu guter Letzt das FRST-log: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-07-2015
Ran by Eva (administrator) on COMPE on 23-07-2015 20:36:17
Running from C:\Users\Eva\Downloads\eMbahr
Loaded Profiles: Eva (Available Profiles: Eva)
Platform: Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(Primax Electronics Ltd.) C:\Program Files\Lenovo\Mouse Suite\PELMICED.EXE
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(TeamViewer GmbH) C:\Users\Eva\AppData\Local\Temp\TeamViewer\Version9\TeamViewer.exe
(TeamViewer GmbH) C:\Users\Eva\AppData\Local\Temp\TeamViewer\Version9\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [Mouse Suite 98 Daemon] => C:\Program Files\Lenovo\Mouse Suite\ICO.EXE [65536 2009-01-04] (TPMX Electronics Ltd.)
HKLM\...\Run: [PWMTRV] => rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWMTR32V.DLL,PwrMgrBkGndMonitor
HKLM\...\Run: [PWRAGD] => C:\Program Files\ThinkPad\Utilities\DPMHost.EXE [72256 2009-08-13] ()
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [606208 2009-06-12] (FinePrint Software, LLC)
HKLM\...\Run: [OpwareSE4] => C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe [75304 2006-10-11] (ScanSoft, Inc.)
HKLM\...\Run: [WrtMon.exe] => C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [618496 2010-06-07] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [981688 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [SHIWebOnDiskManager] => C:\Program Files\SHIWebOnDiskManager\SHIWebOnDiskManager.exe [245760 2015-02-17] (SHI Elektronische Medien GmbH)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM\...\RunOnce: [AvgUninstallURL] => cmd.exe /c start hxxp://www.avg.de/de.special-uninstallation-feedback-appf?lic=OQBBAFYARgBSAEUARQAtAFYAQQBFAEEAWQAtAFQAMwBMAFUARQAtAE4ATAAzAEQAQQAtAEMAQgBVAEsASAAtAEoARgA3AE0AOQA"&"inst=NwA3AC0ANAAzAD (the data entry has 285 more characters).
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\...\Run: [acSecurityLayer] => C:\Program Files\A-Trust GmbH\Bürgerkartensoftware\acSecurityLayer.exe [3647360 2013-12-04] (A-Trust Gesellschaft für Sicherheitssysteme im elektronischen Datenverkehr GmbH)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [280576 2013-03-20] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\a.sign Client.lnk [2010-02-06]
ShortcutTarget: a.sign Client.lnk -> C:\Program Files\A-Trust GmbH\a.sign Client\ASignLauncher.exe (A-Trust GmbH)
Startup: C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk [2010-02-08]
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-641445819-3458068065-4247131985-1003\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {FFDBDD4D-F3E4-4239-8D3F-9E4E1C4C7E98} URL = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox;
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll [2015-06-02] (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-06-02] (Oracle Corporation)
Toolbar: HKLM - Lenovo ThinkVantage Toolbox - {86B9B5DD-FB75-4035-BD52-3C94F7849CAF} - C:\Program Files\PC-Doctor\ATLPcdToolbar544936.dll [2009-11-22] (PC-Doctor, Inc.)
Toolbar: HKU\S-1-5-21-641445819-3458068065-4247131985-1003 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2009-02-26] (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\..\Interfaces\{5FA3ADDC-92F6-4931-A86E-7E8E904FB566}: [NameServer] 8.8.8.8,192.168.1.2
FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\gyx42jr6.default
FF Homepage: hxxp://www.google.at/
FF Plugin: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-06-02] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 -> C:\Program Files\Microsoft\Office Live\npOLW.dll [2010-04-26] (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-16] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\NPOFF12.DLL [2006-10-26] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll [2015-07-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll [2013-10-29] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll [2013-10-29] (Apple Inc.)
Chrome:
=======
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-11]
CHR Extension: (Google Drive) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-11]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-11]
CHR Extension: (Google Wallet) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-11]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-11]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S2 AdvoServ; C:\Program Files\ADVOKAT\AdvoServ.exe [77824 2009-11-27] () [File not signed]
S2 Archivium; C:\Programme\Archivium\backend\wrapper.exe [204800 2008-02-14] () [File not signed]
S2 backend; C:\Programme\Archivium\\apache-tomcat-6\bin\tomcat6.exe [74752 2012-12-01] (Apache Software Foundation) [File not signed]
S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [654640 2009-04-15] (REINER SCT)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22216 2015-04-30] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [284504 2015-04-30] (Microsoft Corporation)
S2 SUService; c:\Program Files\Lenovo\System Update\SUService.exe [15872 2009-09-24] (Lenovo Group Limited) [File not signed]
S2 ThinkVantage Registry Monitor Service; C:\Program Files\Common Files\Lenovo\tvt_reg_monitor_svc.exe [1019904 2009-08-28] (Lenovo Group Limited) [File not signed]
S3 TVT Backup Service; C:\Program Files\Lenovo\Rescue and Recovery\rrservice.exe [1474560 2009-09-04] (Lenovo Group Limited) [File not signed]
S2 UNS; C:\Program Files\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2066968 2009-07-21] (Intel Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 Andbus; C:\Windows\System32\DRIVERS\lgandbus.sys [14336 2012-03-02] (LG Electronics Inc.)
S3 AndDiag; C:\Windows\System32\DRIVERS\lganddiag.sys [20736 2012-03-02] (LG Electronics Inc.)
S3 AndGps; C:\Windows\System32\DRIVERS\lgandgps.sys [20096 2012-03-02] (LG Electronics Inc.)
S3 ANDModem; C:\Windows\System32\DRIVERS\lgandmodem.sys [25088 2012-03-02] (LG Electronics Inc.)
R1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz) [File not signed]
R3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [23040 2007-05-31] (REINER SCT)
S3 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [94936 2015-06-18] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [51928 2015-06-18] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [245096 2015-03-04] (Microsoft Corporation)
R3 pelmouse; C:\Windows\System32\DRIVERS\pelmouse.sys [18944 2009-04-21] (TPMX Electronics Ltd.)
R3 pelusblf; C:\Windows\System32\DRIVERS\pelusblf.sys [14592 2006-10-14] (Primax Electronics Ltd.)
R2 SSPORT; C:\Windows\system32\Drivers\SSPORT.sys [5120 2009-09-10] (Samsung Electronics) [File not signed]
S3 USBAAPL; C:\Windows\System32\Drivers\usbaapl.sys [40448 2009-08-28] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\Users\Eva\AppData\Local\Temp\catchme.sys [X]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
S3 MEMSWEEP2; \??\C:\Windows\system32\5DC9.tmp [X]
S1 MpKslbffd80ef; \??\c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{03BA0966-79ED-4DB0-9DCA-0DF5AE070F2C}\MpKslbffd80ef.sys [X]
R3 PCDSRVC{3037D694-FD904ACA-06000000}_0; \??\c:\program files\pc-doctor\pcdsrvc.pkms [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 20:30 - 2015-07-23 20:30 - 00013479 _____ C:\Users\Eva\Desktop\JRT.txt
2015-07-22 09:34 - 2015-07-22 09:34 - 00042865 _____ C:\Users\Eva\Downloads\kta_ei.dat
2015-07-21 22:45 - 2015-07-21 22:47 - 00000000 ____D C:\AdwCleaner
2015-07-21 22:37 - 2015-07-21 22:37 - 08117032 _____ (TeamViewer) C:\Users\Eva\Downloads\TeamViewer_Host_Setup-jkf.exe
2015-07-21 08:51 - 2015-07-15 04:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-21 08:51 - 2015-07-15 04:55 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-21 08:51 - 2015-07-15 04:55 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-21 08:51 - 2015-07-15 04:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-21 08:51 - 2015-07-15 03:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-20 18:05 - 2015-07-20 18:05 - 00000000 ____D C:\Users\Eva\AppData\Local\CEF
2015-07-20 18:04 - 2015-07-20 18:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-07-20 18:04 - 2015-07-20 18:04 - 00002028 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-07-20 18:03 - 2015-07-20 18:04 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-07-20 18:00 - 2015-07-20 18:00 - 79461560 _____ (Adobe Systems Incorporated) C:\Users\Eva\Downloads\AcroRdrDC1500820082_de_DE.exe
2015-07-20 17:49 - 2015-07-20 17:49 - 01190632 _____ (Adobe Systems Incorporated) C:\Users\Eva\Downloads\readerdc_de_ha_install.exe
2015-07-19 21:04 - 2015-07-19 21:04 - 00019596 _____ C:\ComboFix.txt
2015-07-19 20:51 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2015-07-19 20:51 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2015-07-19 20:51 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2015-07-19 20:51 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2015-07-19 20:50 - 2015-07-19 21:04 - 00000000 ____D C:\Qoobox
2015-07-19 20:50 - 2015-07-19 21:03 - 00000000 ____D C:\Windows\erdnt
2015-07-19 14:26 - 2015-07-19 23:24 - 00000000 ____D C:\Program Files\Sophos
2015-07-19 14:14 - 2015-07-19 14:15 - 00000000 ____D C:\Users\Eva\AppData\Roaming\QuickScan
2015-07-19 11:30 - 2015-07-19 11:30 - 00000000 ____D C:\ProgramData\NCH Software
2015-07-18 23:27 - 2015-06-18 08:41 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-18 23:27 - 2015-06-18 08:41 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-07-18 23:26 - 2015-07-18 23:27 - 00000000 ____D C:\Program Files\Malwarebytes Anti-Malware
2015-07-18 11:33 - 2015-07-18 23:26 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-18 11:32 - 2015-07-21 22:15 - 00098520 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-18 11:32 - 2015-07-19 18:43 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-18 11:31 - 2015-07-23 20:36 - 00000000 ___HD C:\Users\Eva\Downloads\eMbahr
2015-07-18 11:31 - 2015-06-18 08:41 - 00094936 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-18 11:09 - 2015-07-19 10:47 - 00000000 ____D C:\Users\Eva\Downloads\RevoUninstallerPortable
2015-07-17 18:31 - 2015-07-23 20:36 - 00000000 ____D C:\FRST
2015-07-17 18:27 - 2015-07-17 18:27 - 00000000 _____ C:\Users\Eva\defogger_reenable
2015-07-15 01:49 - 2015-07-09 19:44 - 00015808 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-15 01:49 - 2015-07-09 19:43 - 02943488 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 02057216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00587264 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-15 01:49 - 2015-07-09 19:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00924160 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-15 01:49 - 2015-07-09 19:42 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-15 01:49 - 2015-07-09 19:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-15 01:49 - 2015-07-09 19:42 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-15 01:49 - 2015-07-09 19:34 - 00932864 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-15 01:49 - 2015-07-04 19:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-15 01:49 - 2015-07-01 22:46 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-15 01:49 - 2015-07-01 22:46 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-15 01:49 - 2015-07-01 22:30 - 01061376 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00655360 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-15 01:49 - 2015-07-01 22:30 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-15 01:49 - 2015-07-01 22:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-15 01:49 - 2015-07-01 22:29 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-15 01:49 - 2015-07-01 22:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-15 01:49 - 2015-07-01 22:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-15 01:49 - 2015-07-01 22:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-15 01:49 - 2015-07-01 21:18 - 00225792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-15 01:49 - 2015-07-01 21:18 - 00124416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-15 01:49 - 2015-07-01 21:18 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-15 01:49 - 2015-06-25 10:46 - 02383872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-15 01:49 - 2015-06-17 19:39 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-15 01:49 - 2015-06-15 23:47 - 00101824 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-15 01:49 - 2015-06-15 23:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-15 01:49 - 2015-06-15 23:43 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-15 01:49 - 2015-06-15 23:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-15 01:49 - 2015-06-15 23:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-15 01:49 - 2015-04-27 21:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-15 01:49 - 2015-04-27 21:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-15 01:48 - 2015-07-02 23:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-15 01:48 - 2015-07-02 23:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-15 01:48 - 2015-07-02 22:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-15 01:48 - 2015-07-02 22:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-15 01:48 - 2015-07-02 22:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-15 01:48 - 2015-07-02 21:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-15 01:48 - 2015-06-27 03:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-15 01:48 - 2015-06-27 03:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-15 01:48 - 2015-06-25 19:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-15 01:48 - 2015-06-19 20:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-15 01:48 - 2015-06-19 20:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-15 01:48 - 2015-06-19 20:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-15 01:48 - 2015-06-19 20:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-15 01:48 - 2015-06-19 20:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-15 01:48 - 2015-06-19 20:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-15 01:48 - 2015-06-19 20:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-15 01:48 - 2015-06-19 20:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-15 01:48 - 2015-06-19 20:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-15 01:48 - 2015-06-19 20:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-15 01:48 - 2015-06-19 20:13 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-15 01:48 - 2015-06-19 20:06 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-15 01:48 - 2015-06-19 20:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-15 01:48 - 2015-06-19 19:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-15 01:48 - 2015-06-19 19:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-15 01:48 - 2015-06-19 19:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-15 01:48 - 2015-06-19 19:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-15 01:48 - 2015-06-19 19:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-15 01:48 - 2015-06-19 19:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-15 01:48 - 2015-06-19 19:40 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-15 01:48 - 2015-06-19 19:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-15 01:48 - 2015-06-19 19:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-15 01:48 - 2015-06-19 19:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-15 01:48 - 2015-06-02 01:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-07 10:16 - 2015-07-07 10:16 - 00000000 ____D C:\Users\Eva\AppData\Local\Macromedia
2015-07-07 09:58 - 2015-07-07 09:58 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-07 09:58 - 2015-07-07 09:58 - 00001116 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-07-07 09:58 - 2015-07-07 09:58 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-07-02 19:46 - 2015-07-02 19:46 - 00000000 ____D C:\Users\Eva\Downloads\SysinternalsSuite
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-07-23 20:14 - 2010-04-21 11:05 - 00001098 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-23 18:05 - 2010-02-08 16:24 - 00000000 ____D C:\Program Files\ADVOKAT
2015-07-23 15:59 - 2010-03-17 12:21 - 00000000 ____D C:\Users\Eva\temp
2015-07-23 12:35 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-23 12:35 - 2009-07-14 06:34 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-23 10:19 - 2014-04-23 17:17 - 00008996 _____ C:\Users\Eva\3.mbs.txt
2015-07-23 09:16 - 2009-11-24 19:02 - 01132647 _____ C:\Windows\WindowsUpdate.log
2015-07-23 09:03 - 2010-02-06 19:15 - 00000340 _____ C:\Windows\Tasks\SystemToolsDailyTest.job
2015-07-23 08:34 - 2010-04-21 11:05 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-23 08:34 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-23 08:34 - 2009-07-14 06:39 - 00154044 _____ C:\Windows\setupact.log
2015-07-22 03:04 - 2009-07-14 06:33 - 00592624 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-21 18:08 - 2014-04-01 14:42 - 00013181 _____ C:\Users\Eva\1.mbs.txt
2015-07-21 17:20 - 2009-07-21 07:30 - 01776724 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-21 08:55 - 2009-11-24 19:05 - 00000000 ____D C:\ProgramData\Adobe
2015-07-20 18:08 - 2010-02-06 17:48 - 00207218 _____ C:\Windows\PFRO.log
2015-07-20 18:05 - 2010-02-06 20:05 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2015-07-20 18:05 - 2010-02-06 18:24 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Adobe
2015-07-20 18:03 - 2009-11-24 19:05 - 00000000 ____D C:\Program Files\Adobe
2015-07-19 21:04 - 2009-07-14 04:37 - 00000000 ___RD C:\Users\Public
2015-07-19 21:01 - 2009-07-14 04:04 - 00000215 _____ C:\Windows\system.ini
2015-07-19 11:27 - 2012-04-20 17:02 - 00000000 ____D C:\Program Files\NCH Software
2015-07-19 11:23 - 2011-11-07 16:43 - 00000000 ____D C:\Program Files\Veritas
2015-07-19 11:05 - 2013-10-29 10:27 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2015-07-19 11:05 - 2013-04-27 10:08 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-19 10:56 - 2010-04-21 11:04 - 00000000 ____D C:\Program Files\Google
2015-07-19 10:48 - 2011-11-07 16:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Veritas
2015-07-19 10:45 - 2012-04-20 17:02 - 00000000 ____D C:\Users\Eva\AppData\Roaming\NCH Software
2015-07-19 08:56 - 2010-04-21 11:05 - 00000000 ____D C:\Users\Eva\AppData\Local\Google
2015-07-17 18:27 - 2010-02-06 17:55 - 00000000 ____D C:\Users\Eva
2015-07-17 03:01 - 2015-04-04 23:03 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-15 04:11 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2015-07-15 03:31 - 2014-12-10 21:36 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-15 03:31 - 2014-05-07 03:01 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-15 03:31 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2015-07-15 03:14 - 2013-08-04 06:25 - 00000000 ____D C:\Windows\system32\MRT
2015-07-15 03:07 - 2009-11-24 19:19 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-09 18:00 - 2014-06-29 22:25 - 00004500 _____ C:\Users\Eva\9.mbs.txt
2015-07-08 09:07 - 2014-03-18 13:13 - 00004498 _____ C:\Users\Eva\8.mbs.txt
2015-07-07 09:58 - 2010-02-06 18:42 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-07-03 08:49 - 2010-02-06 18:09 - 127070192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-07-02 17:37 - 2014-03-12 07:06 - 00004498 _____ C:\Users\Eva\2.mbs.txt
2015-06-30 18:10 - 2014-06-20 15:19 - 00004498 _____ C:\Users\Eva\0.mbs.txt
2015-06-26 09:50 - 2014-03-06 12:07 - 00004500 _____ C:\Users\Eva\6.mbs.txt
2015-06-25 15:29 - 2014-02-25 13:09 - 00008996 _____ C:\Users\Eva\5.mbs.txt
2015-06-23 13:27 - 2010-02-06 18:09 - 00246952 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
==================== Files in the root of some directories =======
2012-04-20 17:25 - 2012-04-20 17:40 - 0000463 _____ () C:\Users\Eva\AppData\Roaming\burnaware.ini
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-07-23 12:27
==================== End of log ============================
Gruß,
Gödel |