| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Delta-Homes bzw. QV06 in IE, FF und ChromeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.12.2013, 15:17
| #1 |
 |  Delta-Homes bzw. QV06 in IE, FF und Chrome Hallo zusammen, meine Oma (80) hat auf ihrem Rechner sich was eingefangen. Egal, welche Settings man einstellt, man landet zwangsläufig auf einer Startseite mit der URL im Beginn von QV06. Weiterhin landet man bei Suchen auf Delta-Search und der Begriff Delta-Home kommt oft vor. Dies ist sowohl im IE, als auch im FF oder unter Chrome der Fall. Ich habe mal die Ereignisse aus Fund in Antivir extrahiert, hier der Code: Code:
ATTFilter Exportierte Ereignisse:
22.11.2013 21:37 [System-Scanner] Malware gefunden
Die Datei
'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
uard.dll'
enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.4'
[adware].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Fehler in der ARK Library.
22.11.2013 21:37 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
uard.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2013 21:36 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\eSafe\eGdpSvc.exe'
enthielt einen Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Fehler in der ARK Library.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WsysSvc\ImagePath> wurde
erfolgreich repariert.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\WsysSvc\ImagePath> wurde
erfolgreich repariert.
Der Registrierungseintrag
<HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WsysSvc\ImagePath> wurde
erfolgreich repariert.
22.11.2013 21:36 [System-Scanner] Malware gefunden
Die Datei
'c:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\bitg
uard.dll'
enthielt einen Virus oder unerwünschtes Programm 'Adware/BHO.Bprotector.1.4'
[adware].
Durchgeführte Aktion(en):
Beim Versuch eine Sicherungskopie der Datei anzulegen ist ein Fehler
aufgetreten und die Datei wurde nicht gelöscht. Fehlernummer: 26003.
Die Datei konnte nicht gelöscht werden!
Es wird versucht die Aktion mit Hilfe der ARK Library durchzuführen.
Die Datei konnte nicht ins Quarantäneverzeichnis verschoben werden!
Die Datei konnte nicht gelöscht werden!
Der Registrierungseintrag <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows
NT\CurrentVersion\Windows\AppInit_Dlls> wurde erfolgreich repariert.
22.11.2013 21:34 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\eSafe\eGdpSvc.exe'
wurde ein Virus oder unerwünschtes Programm 'TR/Wysotot.Gen' [trojan] gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2013 21:33 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
uard.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2013 21:33 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
uard.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
22.11.2013 21:32 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitG
uard.dll'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/BHO.Bprotector.1.4'
[adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
06.11.2013 21:51 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Anna\AppData\Local\Temp\is1275519350\cor_ar_2013729172639_qvo6.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/QVO6.D' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '4d4420ad.qua'
verschoben!
06.11.2013 21:51 [System-Scanner] Malware gefunden
Die Datei
'H:\$RECYCLE.BIN\S-1-5-21-278328990-3096719447-1476682975-1000\$RCQDEK1.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/InstallCo.HK' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55820f17.qua'
verschoben!
06.11.2013 21:51 [System-Scanner] Malware gefunden
Die Datei 'C:\Users\Anna\AppData\Local\Temp\LyricsContainertmp.exe'
enthielt einen Virus oder unerwünschtes Programm 'ADWARE/Adware.Gen' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '1f1b7a7f.qua'
verschoben!
06.11.2013 13:46 [System-Scanner] Malware gefunden
Die Datei 'C:\ProgramData\eSafe\_eUpdate_13.3.2.2700.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/ELEX.B' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '542caaf2.qua'
verschoben!
06.11.2013 13:45 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\eSafe\_eUpdate_13.3.2.2700.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/ELEX.B' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
06.11.2013 13:44 [Echtzeit-Scanner] Malware gefunden
In der Datei 'C:\ProgramData\eSafe\_eUpdate_13.3.2.2700.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/ELEX.B' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
04.11.2013 11:55 [System-Scanner] Malware gefunden
Die Datei
'C:\Users\Anna\AppData\Roaming\eUpdate\9CB47A4CEB6347d5B1F0AADCEA1FC48C\delta-ho
mes.exe'
enthielt einen Virus oder unerwünschtes Programm 'Adware/Elex.B.1' [adware].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '507ed301.qua'
verschoben!
04.11.2013 10:28 [Echtzeit-Scanner] Malware gefunden
In der Datei
'C:\Users\Anna\AppData\Roaming\eUpdate\9CB47A4CEB6347d5B1F0AADCEA1FC48C\delta-ho
mes.exe'
wurde ein Virus oder unerwünschtes Programm 'ADWARE/Elex.B.1' [adware] gefunden.
Ausgeführte Aktion: Zugriff verweigern
Das "reparieren" kann ich dann gerne später per Teamviewer machen, die Analyse würde ich gerne vor Ort begleiten. Danke für eure Hilfe im Voraus. P.S.: Hier ein Bild der aktuell laufenden Prozesse:  Interessant ist vor allem der Plus-HD Prozess, der scheinbar ein Addon in Chrome ist, den meine Oma aber niemals installiert hat UND den ich schon deinstalliert habe. |
|
01.12.2013, 15:35
| #2 |
| /// the machine /// TB-Ausbilder    | Delta-Homes bzw. QV06 in IE, FF und Chrome hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
01.12.2013, 15:57
| #3 |
| | Delta-Homes bzw. QV06 in IE, FF und Chrome FRST:
__________________Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-12-2013
Ran by Anna (administrator) on ANNA-HP on 01-12-2013 15:53:33
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\schtasks.exe
() C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(COMPANYVERS_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
() C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(VER_COMPANY_NAME) C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegrator64.exe [548936 2013-06-15] ()
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM-x32\...\Winlogon: [Userinit] C:\Windows\sysWOW64\userinit.exe [26624 2010-11-21] (Microsoft Corporation)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [MapsGalaxy Search Scope Monitor] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe [44784 2013-06-15] (MindSpark)
HKLM-x32\...\Run: [MapsGalaxy_39 Browser Plugin Loader] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe [30096 2013-06-15] (VER_COMPANY_NAME)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs: C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll [1958880 2013-11-18] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKCU\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B6CA38607789FDCD&affID=121284&tsp=4981
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.qvo6.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM-x32 - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1376762487
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA&ptb=9014491E-1888-4829-981D-2EA46184459D&ind=2013061715&n=77fce253&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKLM-x32 - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368515
SearchScopes: HKCU - bProtectorDefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=B6CA38607789FDCD&affID=121284&tsp=4981
SearchScopes: HKCU - {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.delta-homes.com/web/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368515
SearchScopes: HKCU - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKCU - {b0441a0e-a49a-4e16-afc1-74ecced1921f} URL = hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA&ptb=9014491E-1888-4829-981D-2EA46184459D&ind=2013061715&n=77fce253&psa=&st=sb&searchfor={searchTerms}
SearchScopes: HKCU - {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKCU - {C7C190D3-0796-4A46-8D5E-E0B321F13240} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=CD37BE71-27C0-4609-ABDA-3F5970843453&apn_sauid=661D1AEE-834B-4800-946D-283B4CE9AF3A
SearchScopes: HKCU - {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Plus-HD-1.6 - {11111111-1111-1111-1111-110311201102} - C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (Plus HD)
BHO-x32: Toolbar BHO - {1e91a655-bb4b-4693-a05e-2edebc4c9d89} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
BHO-x32: Search Assistant BHO - {71c1d63a-c944-428a-a5bd-ba513190e5d2} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrcAs.dll (MindSpark)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: metacrawler Helper Object - {D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B} - C:\Program Files (x86)\metaCrawler\1.8.19.0\bh\metacrawler.dll (Info Space)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - MapsGalaxy - {364ea597-e728-4ce4-bb4a-ed846ef47970} - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39bar.dll (MindSpark)
Toolbar: HKLM-x32 - metacrawler Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll (Info Space)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {364EA597-E728-4CE4-BB4A-ED846EF47970} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF user.js: detected! => C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: hxxp://home.mywebsearch.com/index.jhtml?ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA
FF Keyword.URL: hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&ind=2013061520&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA&searchfor=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @MapsGalaxy_39.com/Plugin - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\NP39Stub.dll (MindSpark)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\my-web-search.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: MapsGalaxy - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\39ffxtbr@MapsGalaxy_39.com
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: Wajam - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi
FF HKLM-x32\...\Firefox\Extensions: [39ffxtbr@MapsGalaxy_39.com] - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF Extension: MapsGalaxy - C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin
FF HKCU\...\Firefox\Extensions: [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] - C:\Program Files (x86)\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
Chrome:
=======
CHR HomePage: hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=HitachiXHDS723020BLA642_MN1240F32ZMU2D2ZMU2DX&ts=1377368514
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Plus-HD-1.6) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh\1.23.23_0
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
==================== Services (Whitelisted) =================
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 BitGuard; C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [3780064 2013-11-18] ()
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MapsGalaxy_39Service; C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39barsvc.exe [42504 2013-06-15] (COMPANYVERS_NAME)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc;
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-01 15:53 - 2013-12-01 15:54 - 00030212 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-01 15:53 - 2013-12-01 15:53 - 01959184 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 15:11 - 2013-12-01 15:11 - 00000956 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-01 15:08 - 2013-12-01 15:08 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:48 - 2013-12-01 14:49 - 30694824 _____ (Oracle Corporation) C:\Users\Anna\Downloads\jre-7u45-windows-x64.exe
2013-11-22 21:31 - 2013-11-22 21:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (6).exe
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (5).exe
2013-11-14 21:45 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-06 23:18 - 2013-11-06 23:18 - 00165176 _____ (Firseria·s·l ) C:\Users\Anna\Downloads\Setup (4).exe
2013-11-06 09:04 - 2013-11-06 09:04 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (3).exe
2013-11-06 08:58 - 2013-11-06 08:58 - 18093752 _____ (Adobe Systems Inc.) C:\Users\Anna\Downloads\air3-9_win.exe
2013-11-04 09:53 - 2013-11-04 09:53 - 00000000 ____D C:\ProgramData\APN
2013-11-04 09:36 - 2013-12-01 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-08-28 19:10 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-11-04 09:35 - 2012-08-28 19:10 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-11-04 09:35 - 2012-08-28 19:09 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-11-04 09:30 - 2013-11-04 09:30 - 00915368 _____ (Oracle Corporation) C:\Users\Anna\Downloads\chromeinstall-7u45.exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (2).exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (1).exe
2013-11-03 18:43 - 2013-11-29 18:24 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-11-03 18:43 - 2013-11-27 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
==================== One Month Modified Files and Folders =======
2013-12-01 15:54 - 2013-12-01 15:53 - 00030212 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-01 15:53 - 2013-12-01 15:53 - 01959184 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 15:51 - 2013-07-19 19:09 - 00001196 _____ C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
2013-12-01 15:51 - 2013-07-19 19:09 - 00001192 _____ C:\Windows\Tasks\Plus-HD-1.6-updater.job
2013-12-01 15:51 - 2013-07-19 19:09 - 00001096 _____ C:\Windows\Tasks\Plus-HD-1.6-enabler.job
2013-12-01 15:51 - 2013-07-19 19:08 - 00001904 _____ C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
2013-12-01 15:51 - 2013-07-19 19:08 - 00001828 _____ C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
2013-12-01 15:51 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-01 15:51 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-01 15:51 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-01 15:51 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-01 15:51 - 2009-07-14 05:51 - 00068874 _____ C:\Windows\setupact.log
2013-12-01 15:50 - 2010-11-21 04:47 - 00947192 _____ C:\Windows\PFRO.log
2013-12-01 15:23 - 2012-02-28 19:23 - 01987377 _____ C:\Windows\WindowsUpdate.log
2013-12-01 15:11 - 2013-12-01 15:11 - 00000956 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
2013-12-01 15:08 - 2013-12-01 15:08 - 00000000 ____D C:\Program Files (x86)\iMesh Applications
2013-12-01 15:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-01 14:57 - 2013-08-17 18:56 - 00000288 _____ C:\Windows\Tasks\MetaCrawler.job
2013-12-01 14:54 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-01 14:54 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-01 14:51 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-01 14:51 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-01 14:51 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-12-01 14:49 - 2013-12-01 14:48 - 30694824 _____ (Oracle Corporation) C:\Users\Anna\Downloads\jre-7u45-windows-x64.exe
2013-12-01 14:48 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-29 19:36 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-11-29 18:24 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-11-27 18:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-11-27 18:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-27 18:43 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-25 00:31 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-11-24 22:59 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-11-24 18:57 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-24 18:57 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-24 18:57 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-24 18:44 - 2013-09-13 18:52 - 00000000 ____D C:\ProgramData\BitGuard
2013-11-22 21:37 - 2013-08-17 19:01 - 00000000 ____D C:\ProgramData\eSafe
2013-11-22 21:31 - 2013-11-22 21:31 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
2013-11-15 20:48 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-15 19:54 - 2012-09-01 15:30 - 00002472 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (6).exe
2013-11-15 19:44 - 2013-11-15 19:44 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (5).exe
2013-11-14 21:44 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 17:58 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 23:18 - 2013-11-06 23:18 - 00165176 _____ (Firseria·s·l ) C:\Users\Anna\Downloads\Setup (4).exe
2013-11-06 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-06 09:04 - 2013-11-06 09:04 - 00169272 _____ (Firseria·s·l·) C:\Users\Anna\Downloads\Setup (3).exe
2013-11-06 08:58 - 2013-11-06 08:58 - 18093752 _____ (Adobe Systems Inc.) C:\Users\Anna\Downloads\air3-9_win.exe
2013-11-04 10:14 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-11-04 10:13 - 2013-09-13 18:52 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-04 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-04 09:53 - 2013-11-04 09:53 - 00000000 ____D C:\ProgramData\APN
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-03-29 14:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-04 09:30 - 2013-11-04 09:30 - 00915368 _____ (Oracle Corporation) C:\Users\Anna\Downloads\chromeinstall-7u45.exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (2).exe
2013-11-04 09:29 - 2013-11-04 09:29 - 00319384 _____ C:\Users\Anna\Downloads\Setup (1).exe
2013-11-03 18:31 - 2013-10-29 15:53 - 00000320 _____ C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job
Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Anna\sysrc_trial_9407_german.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll
Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Anna\AppData\Local\Temp\?odec Performer803975.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-12 23:02
==================== End Of Log ============================
Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-12-2013
Ran by Anna at 2013-12-01 15:55:09
Running from C:\Users\Anna\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.9.0.1200)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.152)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
aioprnt (Version: 5.3.1.0)
aioscnnr (x32 Version: 6.2.3.10)
aioscnnr (x32 Version: 7.6.13.10)
AMD APP SDK Runtime (Version: 2.4.595.10)
AMD VISION Engine Control Center (x32 Version: 2011.0531.2216.38124)
ATI Catalyst Install Manager (Version: 3.0.825.0)
Avira Antivirus Premium (x32 Version: 14.0.1.749)
Bejeweled 3 (x32 Version: 2.2.0.97)
BitGuard (x32)
Blasterball 3 (x32 Version: 2.2.0.97)
Bounce Symphony (x32 Version: 2.2.0.97)
Cake Mania (x32 Version: 2.2.0.95)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities MyCamera (x32 Version: 7.4.0.2)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124)
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124)
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124)
CCC Help Czech (x32 Version: 2011.0531.2215.38124)
CCC Help Danish (x32 Version: 2011.0531.2215.38124)
CCC Help Dutch (x32 Version: 2011.0531.2215.38124)
CCC Help English (x32 Version: 2011.0531.2215.38124)
CCC Help Finnish (x32 Version: 2011.0531.2215.38124)
CCC Help French (x32 Version: 2011.0531.2215.38124)
CCC Help German (x32 Version: 2011.0531.2215.38124)
CCC Help Greek (x32 Version: 2011.0531.2215.38124)
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124)
CCC Help Italian (x32 Version: 2011.0531.2215.38124)
CCC Help Japanese (x32 Version: 2011.0531.2215.38124)
CCC Help Korean (x32 Version: 2011.0531.2215.38124)
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124)
CCC Help Polish (x32 Version: 2011.0531.2215.38124)
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124)
CCC Help Russian (x32 Version: 2011.0531.2215.38124)
CCC Help Spanish (x32 Version: 2011.0531.2215.38124)
CCC Help Swedish (x32 Version: 2011.0531.2215.38124)
CCC Help Thai (x32 Version: 2011.0531.2215.38124)
CCC Help Turkish (x32 Version: 2011.0531.2215.38124)
ccc-utility64 (Version: 2011.0531.2216.38124)
center (x32 Version: 7.7.2.0)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
dm-Fotowelt (x32 Version: 5.0.4)
DriverTuner 3.1.0.0 (x32 Version: 3.1.0.0)
Duplicate Cleaner Free 3.2.1 (x32 Version: 3.2.1)
essentials (x32 Version: 7.7.2.0)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FileHippo.com Update Checker (x32)
Fotogalerie (x32 Version: 16.4.3508.0205)
Google Chrome (x32 Version: 31.0.1650.57)
Google Earth (x32 Version: 7.1.1.1871)
Google Update Helper (x32 Version: 1.3.21.165)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Haufe Formular-Manager (x32 Version: 12.05.03.0009)
Haufe iDesk-Browser (x32 Version: 12.10.08.8873)
Haufe iDesk-Service (x32 Version: 12.11.21.8888)
Haufe-Lexware ERiC (x32 Version: 15.03.00.0005)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
HydraVision (x32 Version: 4.2.200.0)
ImageMixer VCD/DVD2 for OLYMPUS (x32 Version: 2.01.102.1)
iMesh (HKCU Version: 12.5.0.134242)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK All-in-One Software (x32 Version: 7.7.6.0)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.8392)
Konz 2012 (x32 Version: 1.00.0000)
Konz 2013 (x32 Version: 1.00.0000)
LabelPrint (x32 Version: 2.5.3925)
Lexware buchhalter 2013 (x32 Version: 18.51.00.0371)
Lexware Elster (x32 Version: 13.15.00.0074)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware online banking (x32 Version: 20.00.00.0059)
Lohnsteuer-Tabellen (x32 Version: 4.1.0.0)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
MapsGalaxy Toolbar (x32)
metaCrawler (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
MyTomTom 3.2.0.1220 (x32 Version: 3.2.0.1220)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
NetCologne NetDSL-Installationsdateien entfernen (x32)
ocr (x32 Version: 6.2.3.50)
OLYMPUS Master (x32 Version: 1.42.5000)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PDF Complete Special Edition (x32 Version: 4.0.54)
Penguins! (x32 Version: 2.2.0.95)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Plus-HD-1.6 (x32 Version: 1.27.153.8) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.97)
Power2Go (x32 Version: 6.1.5331)
PreReq (x32 Version: 6.2.4.0)
PrintProjects (x32 Version: 1.0.0.10712)
Ratelex 2000 V. 3.6 (x32 Version: V. 3.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6531)
Recovery Manager (x32 Version: 5.5.0.4320)
Registry Reviver (Version: 3.0.1.142)
Remote Graphics Receiver (x32 Version: 5.4.5)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steuer 2011 (x32 Version: 19.00.7304)
Steuer 2012 (x32 Version: 20.00.8137)
TeamViewer 7 (x32 Version: 7.0.12799)
TomTom HOME (x32 Version: 2.9.6)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zuma Deluxe (x32 Version: 2.2.0.95)
==================== Restore Points =========================
06-11-2013 22:23:00 Registry Reviver Restore Point (11/06/13)
09-11-2013 15:14:10 Windows Update
14-11-2013 20:40:35 Windows Update
22-11-2013 20:35:43 Windows Update
22-11-2013 20:37:35 Avira Antivirus Premium - 22.11.2013 21:37
22-11-2013 20:39:45 Avira Antivirus Premium - 22.11.2013 21:39
22-11-2013 22:17:55 Registry Reviver Restore Point (11/22/13)
27-11-2013 17:27:49 Windows Update
01-12-2013 13:49:33 Installed Java 7 Update 45 (64-bit)
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {079245EA-5D22-49BE-A630-7E38EE01D608} - System32\Tasks\Plus-HD-1.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {084E5737-9EA6-4B77-9FE8-88183F13907D} - System32\Tasks\MetaCrawler => C:\Users\Anna\AppData\Roaming\MetaCrawler\UpdateProc\UpdateTask.exe [2013-08-17] ()
Task: {18BFF88D-C4A0-4389-8B09-15CB107F82DC} - System32\Tasks\{9BEDB6C5-D123-44AF-97EF-9C193BF9EC97} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {19808A24-27C9-4632-8236-45CEBD6F94F9} - System32\Tasks\{B19BFBD3-22E7-40B1-8092-5E0933F64BFB} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {208DDB4F-44CF-4B94-8BFF-0D16CA12594F} - System32\Tasks\{5B24A3E6-8484-451D-AC85-8119A1AA3093} => Chrome.exe
Task: {2898FA0B-BFB3-4255-BA06-E621803BA92B} - System32\Tasks\{5EE4981E-4C60-4D95-A137-28D6B1684E15} => G:\Fehler 0x8004210A\setup.exe
Task: {28C53F3E-7359-46D2-91EC-6F86E7A08FAD} - System32\Tasks\{81587730-B882-4280-AEF9-DA69CD1E799F} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {2C258B51-4D4B-4A60-B867-2F4C95216304} - System32\Tasks\{D56307B7-5708-42CF-AC0F-ABE15B9FA25B} => G:\Fehler 0x8004210A\setup.exe
Task: {2C283087-C7AF-4A3D-9A41-F90ABD3742CC} - System32\Tasks\{C1E8B04E-84D0-4D81-9BFF-A03FCA749C81} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {30CED0A6-2ED1-46A9-9088-7DEE746E3391} - System32\Tasks\Plus-HD-1.6-chromeinstaller => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {33CCD810-6700-4215-8F61-04878E3E7CE6} - System32\Tasks\{32F73D83-6C58-4536-AD9E-F14806ECF03F} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {3AE89158-85A2-480F-AEDD-A720F74D92DF} - System32\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10] (ReviverSoft LLC)
Task: {3B08B24C-0FF2-4CB1-95AE-784EFC5D0EDB} - System32\Tasks\{ACF5D4BD-FF59-4B01-91B2-970FACBCBEDE} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {3C581A9D-01E7-4546-9F80-4285FE0F374E} - System32\Tasks\{CCB9DD6C-4693-44B6-BC40-1C7E28B676E4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {46E5FF93-CC87-4037-94CC-037139968D8C} - System32\Tasks\{09F221CF-5372-4EBC-A941-0C25D8BA0C4F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {56C8A226-B660-433D-847E-E8CB350F927B} - System32\Tasks\{76E36731-5736-4569-85A6-FE0670CEAF75} => G:\Programme\stman2012.exe
Task: {5D6F3C68-F43D-40C6-AF2C-A5AF23EC9D8D} - System32\Tasks\{9E4DEDD3-6C2E-4CBE-9972-C7B59E61036B} => Chrome.exe
Task: {64DC6785-1874-4DA9-AC36-C84F02A55D93} - System32\Tasks\Plus-HD-1.6-codedownloader => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {661B4304-FA5E-4BC0-AC4C-8F8AE71EFE85} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2013-01-27] ()
Task: {6679333B-5E69-4B0C-9204-7B147E778085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-10-15] (Hewlett-Packard)
Task: {67CBE5E6-DAE4-4E11-A357-AE187C95906A} - System32\Tasks\Dealply => C:\Users\Anna\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {6C483C03-8FD1-44E0-B84D-6247FFC4C7B3} - System32\Tasks\{BF4AD9D4-27AD-4FEE-871B-FF0CDF4C02FD} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {6C5C22AF-0EE2-4D92-AA4A-173933E27239} - System32\Tasks\{97ED5C55-9D35-4713-8D4F-DCC5A954C281} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {6FD9D447-9D2F-41A4-AAAD-CFA0D1EFA4E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2012-09-05] (Hewlett-Packard Company)
Task: {811F68D1-6870-4BAD-AECA-725645D4D51F} - System32\Tasks\Plus-HD-1.6-enabler => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe [2013-10-24] (Plus HD) <==== ATTENTION
Task: {8800D31B-1993-4306-872E-28A27E87D4A6} - System32\Tasks\{86A7E65F-EA74-48C8-BE48-F829E2218ADE} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {919AFD07-5D0C-4DE1-8170-76E2CDCAE020} - System32\Tasks\0 => Iexplore.exe
Task: {9A867098-A4E0-4FC0-A2F2-819C511136C7} - System32\Tasks\{4B9CC145-EDE1-43FE-9507-F860382684C0} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {A3D13AB7-45E4-45BC-8FB2-5904025C656E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-21] (CyberLink)
Task: {B45E8B42-3FED-4187-B7E0-440FED723D16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {B5F9F659-CB8C-4427-AC83-E073C6B9CD37} - System32\Tasks\{E39B35A4-6CFE-49B7-8891-C89ED75D6ABA} => Chrome.exe
Task: {B7156EEA-C217-4062-A235-88C761B15D71} - System32\Tasks\Plus-HD-1.6-updater => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe [2013-07-19] (Plus HD) <==== ATTENTION
Task: {B91F8336-43B0-48BE-BE95-E850F143FDDE} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {C0CBB9F9-205D-4CBC-8888-FD067B9F6D65} - System32\Tasks\{FC35D34F-B49D-4354-AB3C-12AF5B01AE0A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {C6273A4B-2967-47BA-863B-4584F06F05FE} - System32\Tasks\{69B65542-C7B3-414B-8887-24545BB287E6} => C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe [2010-10-28] ()
Task: {C9F85312-E50E-4851-95A7-AD7F1088E2CC} - System32\Tasks\{549F9680-829F-4CB3-B1E7-6CDD14632762} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {D1E8142B-02C7-42A5-A48C-6E5B9B666524} - System32\Tasks\{4865926C-8A7E-4A41-84BC-586F1DFCEEB9} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {D700C092-3399-41FE-BDCE-24E066236C65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E3E76A49-EADB-4556-94A9-693C048A0EB4} - System32\Tasks\{892FFB6F-60EC-45AD-8761-7DF820F915FD} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {EC92B5DD-48DD-4006-BB47-42E77E31AFFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ECE8C452-3F6F-493C-A448-77F5A2256E5D} - System32\Tasks\HPCeeScheduleForAnna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F1C80705-9190-4C5F-9087-68B55427A86F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-24] (Adobe Systems Incorporated)
Task: {F75561FD-3233-4E3E-8252-DEFD36A3211B} - System32\Tasks\4563 => C:\Users\Anna\AppData\Local\Temp\launchie.vbsC:\Users\Anna\AppData\Local\Temp\launchie.vbs //B <==== ATTENTION
Task: {F926BAC4-1F1B-4723-93A3-24BD9FFFAFA7} - System32\Tasks\{F925D1D6-B290-4F3D-97B0-3A1CB3D2EE55} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {FA209C9C-3F6D-4E9A-87D9-BDB268ECBC14} - System32\Tasks\{55DFE667-D8AD-4CD7-8B29-E68BA369E5C1} => G:\Fehler 0x8004210A\setup.exe
Task: {FD8A9183-5055-4469-8667-FE183FD0047A} - System32\Tasks\{104A9456-5371-4F06-9435-57CFB4552876} => G:\Programme\stman2012.exe
Task: {FEB83217-414D-4B5F-A80F-4A7C8AA6DD27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {FF80DD1C-03A9-4E20-9E16-E33B3E5B6C21} - System32\Tasks\HPCeeScheduleForANNA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Dealply.job => C:\Users\Anna\AppData\Roaming\Dealply\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\MetaCrawler.job => C:\Users\Anna\AppData\Roaming\METACR~1\UPDATE~1\UPDATE~1.EXE
Task: C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-enabler.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-1.6-updater.job => C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe
Task: C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
==================== Loaded Modules (whitelisted) =============
2013-11-22 21:31 - 2013-11-18 15:32 - 01958880 _____ () C:\ProgramData\BitGuard\2.7.1832.68\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\loader.dll
2013-06-15 19:25 - 2013-06-15 19:25 - 00292424 _____ () C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\AppIntegratorStub64.dll
2013-06-15 19:25 - 2013-06-15 19:25 - 00442952 _____ () C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\HPG64.DLL
2012-11-08 15:31 - 2012-11-08 15:21 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-20 00:32 - 2012-11-20 00:32 - 00103824 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-11-21 00:24 - 2012-11-21 00:24 - 00071056 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00032144 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00054672 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00017296 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-11-21 00:19 - 2012-11-21 00:19 - 00832912 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-11-21 00:19 - 2012-11-21 00:19 - 00161168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-11-21 00:31 - 2012-11-21 00:31 - 00075152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00029584 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00083344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00107920 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00037776 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00014224 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00026512 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00010640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00027024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020368 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00140688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00058768 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011664 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00013712 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00341392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00012688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2012-03-29 05:41 - 2012-03-29 05:41 - 00607232 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00271760 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2012-10-19 10:28 - 2012-10-19 10:28 - 00024464 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32wnet.pyd
2013-08-01 11:47 - 2013-08-01 11:47 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00317880 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
2013-11-15 19:54 - 2013-11-14 12:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-15 19:54 - 2013-11-14 12:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-15 19:54 - 2013-11-14 12:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-15 19:54 - 2013-11-14 12:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-15 19:54 - 2013-11-14 12:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-15 19:54 - 2013-11-14 12:29 - 13582800 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (11/24/2013 10:59:31 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16736, Zeitstempel: 0x5258c4cc
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x59c
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (11/24/2013 07:00:00 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (11/22/2013 11:17:55 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {21ee995e-4fd9-4199-b0dd-40141c36176c}
Error: (11/22/2013 09:39:08 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (11/22/2013 09:37:35 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (11/12/2013 11:54:13 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16720, Zeitstempel: 0x523cf127
Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229, Zeitstempel: 0x51fb1116
Ausnahmecode: 0xe06d7363
Fehleroffset: 0x0000c41f
ID des fehlerhaften Prozesses: 0x1404
Startzeit der fehlerhaften Anwendung: 0xIEXPLORE.EXE0
Pfad der fehlerhaften Anwendung: IEXPLORE.EXE1
Pfad des fehlerhaften Moduls: IEXPLORE.EXE2
Berichtskennung: IEXPLORE.EXE3
Error: (11/11/2013 10:59:46 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (11/06/2013 11:23:00 PM) (Source: VSS) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {bc750725-dbff-48a2-8293-1e9a2b2b4b9f}
Error: (11/04/2013 09:27:51 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: hidb.exe, Version: 2012.10.7.0, Zeitstempel: 0x5071eed4
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x06446ef8
ID des fehlerhaften Prozesses: 0x129c
Startzeit der fehlerhaften Anwendung: 0xhidb.exe0
Pfad der fehlerhaften Anwendung: hidb.exe1
Pfad des fehlerhaften Moduls: hidb.exe2
Berichtskennung: hidb.exe3
Error: (11/03/2013 07:00:01 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
System errors:
=============
Error: (12/01/2013 03:51:05 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/01/2013 03:50:51 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/01/2013 03:23:26 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (12/01/2013 03:19:02 PM) (Source: DCOM) (User: Anna-HP)
Description: AnwendungsspezifischLokalAktivierung{B77C4C36-0154-4C52-AB49-FAA03837E47F}{EA022610-0748-4C24-B229-6C507EBDFDBB}Anna-HPAnnaS-1-5-21-278328990-3096719447-1476682975-1000LocalHost (unter Verwendung von LRPC)
Error: (12/01/2013 02:45:57 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/01/2013 02:45:42 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/29/2013 07:57:37 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (11/29/2013 06:24:19 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (11/29/2013 06:24:04 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (11/27/2013 07:37:52 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Microsoft Office Sessions:
=========================
Error: (11/24/2013 10:59:31 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.167365258c4ccKERNELBASE.dll6.1.7601.1822951fb1116e06d73630000c41f59c01cee9597d363f1aC:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dllb204c764-5553-11e3-9219-38607789fdcd
Error: (11/24/2013 07:00:00 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (11/22/2013 11:17:55 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {21ee995e-4fd9-4199-b0dd-40141c36176c}
Error: (11/22/2013 09:39:08 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (11/22/2013 09:37:35 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service Wsys Service since QueryServiceConfig API failed
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (11/12/2013 11:54:13 PM) (Source: Application Error)(User: )
Description: IEXPLORE.EXE10.0.9200.16720523cf127KERNELBASE.dll6.1.7601.1822951fb1116e06d73630000c41f140401cedff88cd4e821C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXEC:\Windows\syswow64\KERNELBASE.dll59529614-4bed-11e3-98bd-38607789fdcd
Error: (11/11/2013 10:59:46 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (11/06/2013 11:23:00 PM) (Source: VSS)(User: )
Description: 0x80070005, Zugriff verweigert
Vorgang:
Generatordaten werden gesammelt
Kontext:
Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
Generatorname: System Writer
Generatorinstanz-ID: {bc750725-dbff-48a2-8293-1e9a2b2b4b9f}
Error: (11/04/2013 09:27:51 AM) (Source: Application Error)(User: )
Description: hidb.exe2012.10.7.05071eed4unknown0.0.0.000000000c000000506446ef8129c01ced93778be0b62C:\Program Files (x86)\Haufe\iDesk\iDeskBrowser\hidb.exeunknownfe4b0a4a-452a-11e3-8958-38607789fdcd
Error: (11/03/2013 07:00:01 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
==================== Memory info ===========================
Percentage of memory in use: 34%
Total physical RAM: 8178.82 MB
Available physical RAM: 5397.2 MB
Total Pagefile: 9711 MB
Available Pagefile: 6812.45 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1850.26 GB) (Free:1773.03 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.65 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MyDrive) (Fixed) (Total:465.76 GB) (Free:441.48 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E91B7F62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-212318814208) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 5B5D6C0A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
02.12.2013, 10:34
| #4 |
| /// the machine /// TB-Ausbilder | Delta-Homes bzw. QV06 in IE, FF und Chrome Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
03.12.2013, 18:44
| #5 |
| | Delta-Homes bzw. QV06 in IE, FF und Chrome Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Anna :: ANNA-HP [Administrator] 03.12.2013 17:58:16 mbam-log-2013-12-03 (17-58-16).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 238557 Laufzeit: 7 Minute(n), 59 Sekunde(n) Infizierte Speicherprozesse: 1 C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.Optional.MindSpark) -> 4476 -> Löschen bei Neustart. Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 33 HKCR\CLSID\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{44444444-4444-4444-4444-440344204402} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{55555555-5555-5555-5555-550355205502} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032002.BHO.1 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102} (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{93488930-185C-4CED-AFEB-0FD4930F8423} (PUP.Optional.BestToolbars) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032002.BHO (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032002.Sandbox (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CrossriderApp0032002.Sandbox.1 (PUP.Optional.CrossRider.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\delta LTD (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Redir (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\BabSolution\Updater (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Distromatic\Toolbars (PUP.Optional.AlexaTB.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\BPROTECTSETTINGS (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\babylontoolbar (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Plus-HD-1.6 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\qvo6Software (PUP.Optional.qvo6.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo (PUP.Optional.Elex.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-1.6 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 5 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Daten: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=B6CA38607789FDCD&affID=121284&tsp=4981 -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|bProtectorDefaultScope (PUP.BProtector) -> Daten: {33BB0A4E-99AF-4226-BDF6-49120163DE86} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0W0U -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy Search Scope Monitor (PUP.Optional.MindSpark) -> Daten: "C:\PROGRA~2\MAPSGA~2\bar\1.bin\39srchmn.exe" /m=2 /w /h -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MapsGalaxy_39 Browser Plugin Loader (PUP.Optional.MindSpark) -> Daten: C:\PROGRA~2\MAPSGA~2\bar\1.bin\39brmon.exe -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Bösartig: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Gut: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 14 C:\ProgramData\IBUpdaterService (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\SpeedAnalysis2 (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\File Scout (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\DealPlyLive (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6 (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 84 C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\eSafe\eGdpSvc.exe.temp (Trojan.Staser) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\eIntaller\189872E7F3394c9eBDCDAF700462CD66\eGdpSvc.exe (PUP.Optional.Wsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\File Scout\filescout.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\195A.tmp (PUP.Optional.PerformerSoft.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\2A89.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\D00B.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DD73.tmp (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\Сodec Performer803975.exe (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BB05BC96-BAB0-7891-B995-599CC7C15577\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\BD07822B-BAB0-7891-BB77-476CABA3BA60\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\BUSolution.dll (PUP.Optional.BabSolution.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\MyDeltaTB.exe (PUP.Optional.Delta) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\DA0B7E09-BAB0-7891-9D24-7E6C043F2302\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\eIntaller\249B1E10D8BD41d19AFBE6FCDE69CE7D\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\eIntaller\2CCA7E2A45DE4f259D6CB3008ED1F337\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\eIntaller\537BBED61BD64cd4B76AD7C110E50566\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\eIntaller\A132D7F135FD4faa83FA83CB76348070\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\eIntaller\EBA6E46398054ccbB8D5EB17AFB535A7\eXQ.exe (PUP.Optional.Wilsys.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\ins2253\ins2253.exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\is1275519350\DeltaTB.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\is1275519350\dp.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\is1275519350\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Temp\~nsu.tmp\Au_.exe (PUP.Optional.Bandoo.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Temp\32002_updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\sysrc_trial_9407_german.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\Downloads\Setup (1).exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\Downloads\Setup (2).exe (PUP.Optional.BundleInstaller.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\Downloads\Setup (3).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\Downloads\Setup (4).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\Downloads\Setup (5).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\Downloads\Setup (6).exe (PUP.Optional.Firseria) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Plus-HD-1.6-enabler.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\Tasks\Plus-HD-1.6-updater.job (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\IBUpdaterService\repository.xml (Adware.InstallBrain) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\SpeedAnalysis2\speedanalysis.crx (PUP.Optional.SpeedAnalysis.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\speedanalysis.ico (PUP.Optional.SpeedAnalysis2.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences (PUP.Optional.BProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39SrchMn.exe (PUP.Optional.MindSpark) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\MapsGalaxy_39\bar\1.bin\39brmon.exe (PUP.Optional.MindSpark) -> Löschen bei Neustart. C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc\STTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Anna\AppData\Roaming\File Scout\uninst.exe (PUP.Optional.FileScout.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\32002.crx (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\32002.xpi (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\background.html (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Installer.log (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-helper.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6.ico (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\Uninstall.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Plus-HD-1.6\utils.exe (PUP.Optional.PlusHD.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter # AdwCleaner v3.014 - Bericht erstellt am 03/12/2013 um 18:19:40
# Updated 01/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Anna - ANNA-HP
# Gestartet von : C:\Users\Anna\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : BitGuard
Dienst Gelöscht : MapsGalaxy_39Service
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
[!] Ordner Gelöscht : C:\ProgramData\BitGuard
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\Systweak
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Uniblue\DriverScanner
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\iMesh Applications
Ordner Gelöscht : C:\Program Files (x86)\mapsgalaxy_39
Ordner Gelöscht : C:\Program Files (x86)\MetaCrawler
Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Program Files (x86)\WinZipper
Ordner Gelöscht : C:\Users\Anna\AppData\Local\mapsgalaxy_39
Ordner Gelöscht : C:\Users\Anna\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Anna\AppData\Local\Temp\eIntaller
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\Delta
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\iac
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\mapsgalaxy_39
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\MetaCrawler
Ordner Gelöscht : C:\Users\Anna\AppData\LocalLow\UtilityChest_49
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\eUpdate
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\mapsgalaxy_39
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\MetaCrawler
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\SeeSimilar02
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Uniblue\DriverScanner
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\UtilityChest_49
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\WinZipper
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}
Ordner Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\39ffxtbr@MapsGalaxy_39.com
Ordner Gelöscht : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
Datei Gelöscht : C:\Users\Anna\Desktop\SpeedAnalysis.lnk
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\bprotector_extensions.sqlite
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\bprotector_prefs.js
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\invalidprefs.js
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\Babylon.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\delta.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\my-web-search.xml
Datei Gelöscht : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\user.js
Datei Gelöscht : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
Datei Gelöscht : C:\Windows\System32\Tasks\BitGuard
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
Datei Gelöscht : C:\Windows\Tasks\MetaCrawler.job
Datei Gelöscht : C:\Windows\System32\Tasks\MetaCrawler
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Public\Desktop\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Anna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [39ffxtbr@MapsGalaxy_39.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\*\shell\filescout
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\driverscanner
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DEALPL~1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\driverscanner_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@MapsGalaxy_39.com/Plugin
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKCU\Software\908d88b23eed12
Schlüssel Gelöscht : HKLM\SOFTWARE\908d88b23eed12
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322202202}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{268CA04C-106C-4636-B707-95E8CD5859E0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{364EA597-E728-4CE4-BB4A-ED846EF47970}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4EF7D75-52C9-4BCE-B6DC-0976EFAB4B0B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{364EA597-E728-4CE4-BB4A-ED846EF47970}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{364EA597-E728-4CE4-BB4A-ED846EF47970}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0E1FE4D8-70CE-417E-8FF4-C2B17FF3DD07}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{13B8FF9D-DEB0-4070-B846-D049218307B3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1E877590-30B7-400E-A835-B942489EB7BC}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Daten Wiederhergestellt : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Schlüssel Gelöscht : HKCU\Software\Alexa Internet
Schlüssel Gelöscht : HKCU\Software\BabSolution
Schlüssel Gelöscht : HKCU\Software\Delta
Schlüssel Gelöscht : HKCU\Software\distromatic
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\LyricsContainer
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-1.6
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\Delta
Schlüssel Gelöscht : HKLM\Software\delta-homesSoftware
Schlüssel Gelöscht : HKLM\Software\eSafeSecControl
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\MapsGalaxy_39
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : HKLM\Software\winzipersvc
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MapsGalaxy_39bar Uninstall
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271832~1.68\{c16c1~1\loader.dll
Daten Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v
[ Datei : C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\prefs.js ]
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXzsAVA");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.previous_page.value", "%22hxxp%3A//www1.delta-search.com/%3Fbabsrc%3DHP_ss%26mntrId%3DB6CA3[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.cache/d9fe5d2850f1ed167451b193e8bd0e0c_DE.value", "%22var%20cat_d9fe5d2850f1ed167451b19[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.js", "\n\n /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_9.code", "appAPI.hooks.addHook(\"searchEngine\",(function(a){return function(){var [...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13ff81f0a1c7d5622ac6bb6bc0d95fcc");
Zeile gelöscht : user_pref("extensions.delta.admin", false);
Zeile gelöscht : user_pref("extensions.delta.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Zeile gelöscht : user_pref("extensions.delta.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.bbDpng", "17");
Zeile gelöscht : user_pref("extensions.delta.cntry", "DE");
Zeile gelöscht : user_pref("extensions.delta.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.delta.excTlbr", false);
Zeile gelöscht : user_pref("extensions.delta.ffxUnstlRst", true);
Zeile gelöscht : user_pref("extensions.delta.hdrMd5", "61B07786922AEDE375C73461BEE9C103");
Zeile gelöscht : user_pref("extensions.delta.id", "b6ca621c00000000000038607789fdcd");
Zeile gelöscht : user_pref("extensions.delta.instlDay", "15938");
Zeile gelöscht : user_pref("extensions.delta.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.delta.lastVrsnTs", "1.8.24.519:49:24");
Zeile gelöscht : user_pref("extensions.delta.newTab", false);
Zeile gelöscht : user_pref("extensions.delta.prdct", "delta");
Zeile gelöscht : user_pref("extensions.delta.prtnrId", "delta");
Zeile gelöscht : user_pref("extensions.delta.rvrt", "false");
Zeile gelöscht : user_pref("extensions.delta.sg", "azb");
Zeile gelöscht : user_pref("extensions.delta.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.delta.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.delta.tlbrSrchUrl", "");
Zeile gelöscht : user_pref("extensions.delta.vrsn", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsni", "1.8.24.6");
Zeile gelöscht : user_pref("extensions.delta.vrsnTs", "1.8.24.621:36:36");
Zeile gelöscht : user_pref("extensions.delta_i.babExt", "");
Zeile gelöscht : user_pref("extensions.delta_i.babTrack", "affID=121284&tsp=4981");
Zeile gelöscht : user_pref("extensions.delta_i.srcExt", "ss");
Zeile gelöscht : user_pref("extensions.ffxtlbr@delta.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevDefaultEngine", "Google");
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Zeile gelöscht : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=D60E4018-12A0-4218-AED1-19D0E43896AA&n=77fce18b&ind=2013061515&p2=^ZO^xdm071^YY^de&si=[...]
Zeile gelöscht : user_pref("extensions.mywebsearch.prevSelectedEngine", "Google");
Zeile gelöscht : user_pref("extensions.plugin@getwebcake.com.install-event-fired", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godX[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.hp.lastGuardTime", 1019619684);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.hp.numGuards", 1);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.installDate", "2013061520");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerId", "^UX^xdm080^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.partnerSubId", "CPyx7tbX5rcCFQeS3godXzsAVA");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.installation.toolbarId", "9014491E-1888-4829-981D-2EA46184459D");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.lastActivePing", "1379704070245");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.searchHistory", "Exarchat||Avaren||Schwalbenstein");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._39Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=D60E4018-12A0-4218-AED1-19D0E43896AA&n=77fce18b&p2=^ZO^xdm071^YY^de&si=PI_UT_FIG_GER_27");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.hp.enabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.initialized", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.contextKey", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.installDate", "2013061515");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerId", "^ZO^xdm071^YY^de");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.partnerSubId", "PI_UT_FIG_GER_27");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.success", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.installation.toolbarId", "D60E4018-12A0-4218-AED1-19D0E43896AA");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.lastActivePing", "1374937006565");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.defaultSearch", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.homePageEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.keywordEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.options.tabEnabled", true);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.searchHistory", "funfatin varicocha||foundation viracocha||foundation viracocha san augustin||absolutismus||Batholom�usnacht||K�ln-D�sseldorfe[...]
Zeile gelöscht : user_pref("extensions.toolbar.mindspark._49Members_.weather.location", "10001");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled", false);
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "");
Zeile gelöscht : user_pref("extensions.toolbar.mindspark.lastInstalled", "mapsgalaxy@mindspark.com");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?st=kwd&ptb=9014491E-1888-4829-981D-2EA46184459D&n=77fce190&ind=2013061520&p2=^UX^xdm080^YY^de&si=CPyx7tbX5rcCFQeS3godXz[...]
-\\ Google Chrome v31.0.1650.57
[ Datei : C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [31270 octets] - [03/12/2013 18:18:40]
AdwCleaner[S0].txt - [28399 octets] - [03/12/2013 18:19:40]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [28460 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Anna on 03.12.2013 at 18:26:53,60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.dynamicbarbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.feedmanager.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlmenu.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.htmlpanel.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.multiplebutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.pseudotransparentplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radio.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.radiosettings.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.scriptbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.settingsplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.thirdpartyinstaller.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.urlalertbutton.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\mapsgalaxy_39.xmlsessionplugin.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1241CEBD-9777-4BC6-AAE5-2A77E25DB246}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{173A5778-34BF-48A2-8A5E-6963CE922FED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1796EC91-D094-4A5F-B681-E16015D1CEAC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{26842A09-FFA8-4E2C-AE12-0C80F01C3295}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{37ED966D-4D0E-4D66-9633-BEA542C92860}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3ED5E5EC-0965-4DD3-B7D8-DBC48A1172B9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4B7D0B0C-CFF3-49C5-9BC3-FFABC031C822}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4F28FA5F-7D15-4753-B4FC-D548A0F02BFB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{5E1BDCF6-DD5F-4DD3-8783-B1454AEF1830}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{71C1D63A-C944-428A-A5BD-BA513190E5D2}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{7D4DFAF7-F2CE-4C91-91A4-514C9612914D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{9B58A6CE-B337-43D5-9C2F-8C6D92FBA094}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A083C35D-61A9-4625-BBB6-FB54E71B8527}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A35FF019-6DBE-4044-B080-6F3FA78A947F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{B70E008C-967B-4104-BC7B-6F7C77DBC38D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C4A25B73-8EF5-4282-9D21-C8920DD577A1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{CAE88E60-CEA5-4FCB-B611-54EA6305D8AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{DB1384D8-1BDA-4C8D-A743-E9CA671FEB00}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E045DF14-BF1D-405C-A37B-A75C1551AD17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F3477E9D-D2F6-49F0-9B23-854D7958D07E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-278328990-3096719447-1476682975-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{99647E08-DB20-4472-B9D7-40CAA95BB787}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{99647E08-DB20-4472-B9D7-40CAA95BB787}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{b0441a0e-a49a-4e16-afc1-74ecced1921f}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1E91A655-BB4B-4693-A05E-2EDEBC4C9D89}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71C1D63A-C944-428A-A5BD-BA513190E5D2}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{04327153-03B5-4B29-9C5D-A640688E6CF4}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{0F962476-7C98-40C9-A66C-215E017C397B}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{13490B7B-15CB-44C0-A7BE-6FB7C09BB192}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{13CD612F-DBDC-4DB0-841B-1BBC7BE8EDA8}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{2BE7D370-0729-4379-8F3F-7A8266B04B1B}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{35CD5689-E490-4464-8911-6624300ABADE}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{4082C316-5891-4BD4-9364-DF6D4B9C1C32}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{41AD4C9D-06A1-46C0-B804-8F2CBFA07CF7}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{486BAA99-F4D3-4611-B94B-823944FBB1AF}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{4D1220FA-4658-4DB0-8D24-AD4DC4F4F166}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{4DEEFC36-7DA4-4185-9F63-5DFCB040B68D}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{53661771-9E49-47B9-82FA-F0801143DD7D}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{59D6EE8E-B52B-4F99-90DE-25F739A4572C}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{5E5C03C7-AEB5-4162-A921-B762062062D0}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{67DE1C12-51A7-41E4-B120-8BF512989606}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{70376B98-1EAC-44C5-866D-0C75396F8F46}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{7442C02A-F119-451A-8BF6-1A8086DEE085}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{76955757-6AA9-4E38-95B2-7120A494DC6B}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{7D6DACB2-1060-404C-94CF-7CC48A1D9F00}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{89C6F603-1195-42D8-8FAA-BDDD9F5EFC00}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{A49AF344-C907-4539-88D3-459DB38B0065}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{AC7772B4-BA8E-4B47-B311-E88D1517EF0F}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{ACBEB5F4-3870-48D7-BDD4-0A144444A0C4}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{B32EFF24-80E6-45B5-882C-C35EAB368A14}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{BA9BE17A-5D70-41B0-A4B1-6C6FCBD9D6FB}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{BFB3C7DC-3804-4B63-900B-3B22C850EA70}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{C384ECE8-8AE1-477E-9EA6-3E58AF071C57}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{CD2031D6-49EB-4E01-8FC4-E8224B36FAC1}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{D17FF579-0405-4372-82E9-E58E1E37F881}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{D8B8A1F8-A15B-468C-A4D3-CE5E5F22FC68}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{E0412E89-5C1E-464C-B8A3-07EC37AA25A1}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{E4681D5A-E8FB-4DB9-8988-8857C4A4DA56}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{F8091867-7BF7-491B-BEC5-F123BDB7BECA}
Successfully deleted: [Empty Folder] C:\Users\Anna\appdata\local\{FFE379FC-0EF6-40BA-99C9-115063D5F9C9}
~~~ Chrome
Successfully deleted: [Folder] C:\Users\Anna\appdata\local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.12.2013 at 18:34:33,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST64 Scan: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 01
Ran by Anna (administrator) on ANNA-HP on 03-12-2013 18:43:07
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs: [ ] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - metacrawler Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc;
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-03 18:43 - 2013-12-03 18:43 - 00020116 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:17 - 2013-12-03 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 21:45 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 21:45 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 21:45 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 21:45 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 21:45 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 21:45 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 21:45 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 21:44 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 21:44 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 21:44 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-04 09:36 - 2013-12-01 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-08-28 19:10 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-11-04 09:35 - 2012-08-28 19:10 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-11-04 09:35 - 2012-08-28 19:09 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2013-11-03 18:43 - 2013-12-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-11-03 18:43 - 2013-12-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
==================== One Month Modified Files and Folders =======
2013-12-03 18:43 - 2013-12-03 18:43 - 00020116 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-03 18:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-12-03 18:43 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:29 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 18:29 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 18:27 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:26 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-03 18:26 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-03 18:26 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 18:22 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-03 18:21 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 18:21 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-03 18:21 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 18:21 - 2009-07-14 05:51 - 00069210 _____ C:\Windows\setupact.log
2013-12-03 18:20 - 2013-12-03 18:17 - 00000000 ____D C:\AdwCleaner
2013-12-03 18:20 - 2012-02-28 19:23 - 01097994 _____ C:\Windows\WindowsUpdate.log
2013-12-03 18:19 - 2012-09-01 15:30 - 00001331 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:19 - 2012-02-28 19:36 - 00000995 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 18:14 - 2010-11-21 04:47 - 00972674 _____ C:\Windows\PFRO.log
2013-12-03 18:11 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-12-03 18:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 17:52 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-12-03 17:48 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-03 17:33 - 2012-08-10 22:44 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job
2013-12-03 17:33 - 2012-04-17 17:41 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANNA-HP$
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 14:33 - 2012-04-03 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-03 14:26 - 2013-03-27 10:00 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 21:11 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-12-01 21:10 - 2013-01-20 17:56 - 00000000 ____D C:\ProgramData\tmp
2013-12-01 19:22 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-11-27 18:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-11-27 18:43 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-11-27 18:41 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 18:57 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-24 18:57 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-24 18:57 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-15 20:48 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-14 21:44 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-04 10:13 - 2013-09-13 18:52 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-04 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-03-29 14:59 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-03 18:31 - 2013-10-29 15:53 - 00000320 _____ C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job
Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll
Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-12 23:02
==================== End Of Log ============================
|
|
04.12.2013, 11:34
| #6 |
| /// the machine /// TB-Ausbilder | Delta-Homes bzw. QV06 in IE, FF und ChromeESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Delta-Homes bzw. QV06 in IE, FF und Chrome |
|
04.12.2013, 20:54
| #7 | |
| | Delta-Homes bzw. QV06 in IE, FF und Chrome Der Eset Virusscan war ohne Meldungen, habe direkt nach dem Run ein Uninstall gemacht, ergo gibt es keine TXT Datei. Beim SecurityCheck folgende TXT Datei: Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Duplicate Cleaner Free 3.2.1 Java(TM) 6 Update 35 Java version out of Date! Adobe Flash Player 11.9.900.117 Adobe Reader XI Google Chrome 30.0.1599.101 Google Chrome 31.0.1650.57 ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2013 01
Ran by Anna (administrator) on ANNA-HP on 04-12-2013 19:28:39
Running from C:\Users\Anna\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\RunOnce: [NCPluginUpdater] - "c:\program files (x86)\hewlett-packard\hp health check\activecheck\product_line\NCPluginUpdater.exe" Update [21720 2013-11-27] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - [x]
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs: [ ] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - metacrawler Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-07-02] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc;
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 17:08 - 2013-12-04 17:08 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-03 20:48 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 20:42 - 2013-12-03 20:48 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 18:43 - 2013-12-04 19:28 - 00020296 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:17 - 2013-12-03 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-04 09:36 - 2013-12-01 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-08-28 19:10 - 00157680 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2013-11-04 09:35 - 2012-08-28 19:10 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2013-11-04 09:35 - 2012-08-28 19:09 - 00149488 _____ (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
==================== One Month Modified Files and Folders =======
2013-12-04 19:29 - 2013-12-03 18:43 - 00020296 _____ C:\Users\Anna\Downloads\FRST.txt
2013-12-04 19:27 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 19:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-04 18:48 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-04 18:44 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-04 18:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-04 18:42 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-12-04 18:42 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-12-04 18:34 - 2012-02-28 19:23 - 01263956 _____ C:\Windows\WindowsUpdate.log
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 00000000 ____D C:\Program Files (x86)\ESET
2013-12-04 17:13 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-04 17:13 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-04 17:12 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-04 17:12 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-04 17:12 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-04 17:08 - 2013-12-04 17:08 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-04 17:08 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-04 17:08 - 2012-02-28 19:36 - 00001325 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 17:08 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-04 17:07 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-04 17:07 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-04 17:07 - 2009-07-14 05:51 - 00069266 _____ C:\Windows\setupact.log
2013-12-04 17:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:48 - 2013-12-03 20:42 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 20:43 - 2013-12-03 20:43 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 20:43 - 2013-12-03 20:43 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 20:12 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-12-03 18:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-12-03 18:43 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-12-03 18:42 - 2013-12-03 18:42 - 01959582 _____ (Farbar) C:\Users\Anna\Downloads\FRST64.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:20 - 2013-12-03 18:17 - 00000000 ____D C:\AdwCleaner
2013-12-03 18:19 - 2012-09-01 15:30 - 00001331 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-03 18:19 - 2012-04-08 17:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-12-03 18:14 - 2010-11-21 04:47 - 00972674 _____ C:\Windows\PFRO.log
2013-12-03 18:11 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 17:33 - 2012-08-10 22:44 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job
2013-12-03 17:33 - 2012-04-17 17:41 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANNA-HP$
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 14:33 - 2012-04-03 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-03 14:26 - 2013-03-27 10:00 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 21:11 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-12-01 21:10 - 2013-01-20 17:56 - 00000000 ____D C:\ProgramData\tmp
2013-12-01 19:22 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-24 18:57 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-24 18:57 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-24 18:57 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-15 20:48 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-14 21:44 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-06 16:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-11-04 10:13 - 2013-09-13 18:52 - 00000000 ____D C:\Users\DefaultAppPool
2013-11-04 10:13 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\registration
2013-11-04 09:35 - 2013-11-04 09:35 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-11-04 09:35 - 2012-03-29 14:59 - 00000000 ____D C:\Program Files (x86)\Java
Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll
Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-12 23:02
==================== End Of Log ============================
Zitat:
|
|
05.12.2013, 12:23
| #8 |
| /// the machine /// TB-Ausbilder | Delta-Homes bzw. QV06 in IE, FF und Chrome Java updaten. Öffne bitte mal FRST, setz nen Haken bei Additional und scanne, poste beide Logfiles.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.12.2013, 12:07
| #9 |
| | Delta-Homes bzw. QV06 in IE, FF und Chrome Java ist aktuell. Hier das FRST File und das Additional File: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-12-2013 01
Ran by Anna (administrator) on ANNA-HP on 14-12-2013 12:05:08
Running from C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EMAMREH
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(B.H.A Corporation) C:\Windows\SysWOW64\bgsvcgen.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
() C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskservice.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe
(Haufe Mediengruppe) C:\Program Files (x86)\Haufe\iDesk\iDeskService\ideskpython.exe
(Eastman Kodak Company) C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7Debug\mdm.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Eastman Kodak Company) C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe
(FileHippo.com) C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(TomTom) C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe
(TomTom) H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMERunner.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Desktop.exe
(Microsoft Corporation) C:\Windows\System32\prevhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [hpsysdrv] - C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Java\jre6\bin\jusched.exe [170496 2012-03-28] (Sun Microsystems, Inc.)
HKLM\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM\...\Run: [MapsGalaxy Home Page Guard 64 bit] - "C:\PROGRA~2\MAPSGA~2\bar\1.bin\AppIntegrator64.exe"
HKLM\...\RunOnce: [NCPluginUpdater] - "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update [21720 2013-12-10] (Hewlett-Packard)
HKLM\...\Policies\Explorer: [EnableShellExecuteHooks] 1
HKCU\...\Run: [FileHippo.com] - C:\Program Files (x86)\FileHippo.com\UpdateChecker.exe [307712 2012-11-23] (FileHippo.com)
HKCU\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\Monitor.exe [57344 2006-05-16] (OLYMPUS IMAGING CORP.)
HKCU\...\Run: [MyTomTomSA.exe] - C:\Program Files (x86)\MyTomTom 3\MyTomTomSA.exe [458680 2013-08-01] (TomTom)
HKCU\...\Run: [TomTomHOME.exe] - H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMERunner.exe [248208 2013-08-27] (TomTom)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576 2008-12-08] (Hewlett-Packard)
HKLM-x32\...\Run: [PDF Complete] - C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-05-06] (PDF Complete Inc)
HKLM-x32\...\Run: [EKIJ5000StatusMonitor] - C:\Windows\System32\spool\drivers\x64\3\EKIJ5000MUI.exe [3182080 2012-10-08] (Eastman Kodak Company)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [LexwareInfoService] - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [OM_Monitor] - C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\FirstStart.exe [40960 2006-05-16] (OLYMPUS IMAGING CORP.)
HKLM-x32\...\Run: [EKStatusMonitor] - C:\Program Files (x86)\AiO\StatusMonitor\EKStatusMonitor.exe [2750840 2013-01-15] (Eastman Kodak Company)
HKLM-x32\...\Run: [Easybits Recovery] - C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe [61112 2011-05-17] (EasyBits Software AS)
AppInit_DLLs: [ ] ()
Startup: C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://www.google.de/
URLSearchHook: HKCU - (No Name) - {26842a09-ffa8-4e2c-ae12-0c80f01c3295} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM - {99647E08-DB20-4472-B9D7-40CAA95BB787} URL = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de1-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://i.search.metacrawler.com/results.php?f=4&q={searchTerms}&a=ironmc2&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzzzy0F0D0C0DyCtBtC0CtN0D0Tzu0CyDzyyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu&cr=1696389174&ir=
SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/707-111076-19270-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM-x32 - metacrawler Toolbar - {7EACAC38-B7F6-4514-9DC1-3428A7964ABD} - C:\Program Files (x86)\metaCrawler\1.8.19.0\metacrawlerTlbr.dll No File
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: haufereader - No CLSID Value -
Handler-x32: haufereader - No CLSID Value -
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll [52920 2012-01-03] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin - C:\Program Files (x86)\Java\jre6\bin\dtplugin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\searchplugins\webde-suche.xml
FF Extension: Plus-HD-1.6 - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\6c937ed6-be66-4f72-9a60-ce5789cc7f09@53ba6712-2cae-46e2-b821-95baea44e049.com
FF Extension: testpilot - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\testpilot@labs.mozilla.com.xpi
FF Extension: toolbar - C:\Users\Anna\AppData\Roaming\Mozilla\Firefox\Profiles\rcwi73p6.default\Extensions\toolbar@gmx.net.xpi
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.de/"
CHR DefaultSearchKeyword: google.de
CHR DefaultSearchProvider: Google
CHR DefaultSearchURL: {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR DefaultNewTabURL: {google:baseURL}_/chrome/newtab?{google:RLZ}{google:instantExtendedEnabledParameter}{google:ntpIsThemedParameter}ie={inputEncoding}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U10) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (RocketLife Secure Plug-In Layer) - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_175.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Wallet) - C:\Users\Anna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
==================== Services (Whitelisted) =================
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [948296 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 HRService; C:\Program Files (x86)\Haufe\iDesk\iDeskService\iDeskService.exe [71056 2012-11-21] ()
R2 Kodak AiO Network Discovery Service; C:\Program Files (x86)\AiO\Center\EKAiOHostService.exe [395640 2013-03-15] (Eastman Kodak Company)
R2 Kodak AiO Status Monitor Service; C:\Program Files (x86)\AiO\StatusMonitor\EKPrinterSDK.exe [780152 2013-01-15] (Eastman Kodak Company)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [9216 2009-07-14] (Microsoft Corporation)
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-05-06] (PDF Complete Inc)
R2 TomTomHOMEService; H:\Programme\Tom-Tom\Home\TomTom HOME 2\TomTomHOMEService.exe [93072 2013-08-27] (TomTom)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-21] (Microsoft Corporation)
S2 ezSharedSvc;
S3 Uniblue.PowersuiteSvc; "C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [107416 2013-12-03] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
S1 cdrbsdrv; C:\Windows\SysWow64\Drivers\cdrbsdrv.sys [32256 2005-05-11] (B.H.A Corporation)
R3 CRFILTER; C:\Windows\System32\DRIVERS\CRFILTER.sys [7168 2012-07-14] (Generic)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [189440 2009-07-14] (Microsoft Corporation)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-01] (PenMount)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-12 20:05 - 2013-05-10 06:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2013-12-12 20:05 - 2013-05-10 06:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2013-12-12 20:05 - 2013-05-10 05:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2013-12-12 20:05 - 2013-05-10 05:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2013-12-12 20:04 - 2013-11-26 12:54 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-12 20:04 - 2013-11-26 11:19 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-12 20:04 - 2013-11-26 11:18 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-12 20:04 - 2013-11-26 11:11 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-12 20:04 - 2013-11-26 10:48 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-12 20:04 - 2013-11-26 10:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-12 20:04 - 2013-11-26 10:41 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-12 20:04 - 2013-11-26 10:29 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-12 20:04 - 2013-11-26 10:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-12 20:04 - 2013-11-26 10:23 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-12 20:04 - 2013-11-26 10:21 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-12 20:04 - 2013-11-26 10:18 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-12 20:04 - 2013-11-26 10:18 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-12 20:04 - 2013-11-26 10:16 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-12 20:04 - 2013-11-26 09:57 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-12 20:04 - 2013-11-26 09:38 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-12 20:04 - 2013-11-26 09:38 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-12 20:04 - 2013-11-26 09:35 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-12 20:04 - 2013-11-26 09:32 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-12 20:04 - 2013-11-26 09:28 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-12 20:04 - 2013-11-26 09:16 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-12 20:04 - 2013-11-26 09:02 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-12 20:04 - 2013-11-26 08:48 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-12 20:04 - 2013-11-26 08:32 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-12 20:04 - 2013-11-26 08:26 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-12 20:04 - 2013-11-26 08:07 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-12 20:04 - 2013-11-26 07:40 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-12 20:04 - 2013-11-26 07:34 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-12 20:04 - 2013-11-26 07:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-12 20:04 - 2013-11-26 07:33 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-12 20:04 - 2013-11-26 07:27 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-12 10:39 - 2013-11-23 19:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-12-12 10:39 - 2013-11-23 18:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-12-12 10:39 - 2013-11-12 03:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-12-12 10:39 - 2013-11-12 03:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-12-12 10:39 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2013-12-12 10:39 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2013-12-12 10:39 - 2013-10-30 02:24 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-12-12 10:39 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-12-12 10:39 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2013-12-12 10:39 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2013-12-12 10:39 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2013-12-12 10:39 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2013-12-12 10:39 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2013-12-12 10:39 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2013-12-12 10:39 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2013-12-12 10:39 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2013-12-12 10:39 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2013-12-12 10:39 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2013-12-12 10:39 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:08 - 2013-12-13 16:47 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-03 20:48 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 20:42 - 2013-12-03 20:48 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:17 - 2013-12-03 18:20 - 00000000 ____D C:\AdwCleaner
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:57 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-11-14 18:53 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-14 18:53 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-14 18:53 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-14 18:53 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-14 18:53 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-14 18:53 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-14 18:53 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-14 18:52 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-14 18:52 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-14 18:52 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-14 18:52 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-14 18:52 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-14 18:52 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-14 18:52 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-14 18:52 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-14 18:52 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-14 18:52 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-14 18:52 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-14 18:52 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-14 18:52 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-14 18:52 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-14 18:52 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-14 12:03 - 2013-03-06 19:44 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-14 11:54 - 2012-04-03 18:32 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-14 11:27 - 2012-10-29 20:55 - 00000316 _____ C:\Windows\Tasks\PrintProjects Communicator.job
2013-12-14 11:20 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-14 11:08 - 2012-02-28 19:23 - 01167999 _____ C:\Windows\WindowsUpdate.log
2013-12-14 10:29 - 2012-03-28 20:20 - 00000000 ____D C:\ProgramData\Lexware
2013-12-14 10:25 - 2009-07-14 06:32 - 00000000 ____D C:\Windows\system32\FxsTmp
2013-12-14 08:37 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-14 08:37 - 2009-07-14 05:45 - 00024400 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-14 08:34 - 2012-01-03 04:53 - 00771210 _____ C:\Windows\system32\perfh007.dat
2013-12-14 08:34 - 2012-01-03 04:53 - 00173944 _____ C:\Windows\system32\perfc007.dat
2013-12-14 08:34 - 2009-07-14 06:13 - 01799742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-14 08:30 - 2012-01-03 05:24 - 00000000 ____D C:\ProgramData\PDFC
2013-12-14 08:29 - 2012-04-03 18:32 - 00001102 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-14 08:29 - 2012-02-29 20:35 - 00000000 ____D C:\ProgramData\Kodak
2013-12-14 08:29 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-14 08:29 - 2009-07-14 05:51 - 00069994 _____ C:\Windows\setupact.log
2013-12-13 21:34 - 2013-04-09 19:28 - 00000000 ____D C:\Users\Anna\AppData\Local\Downloaded Installations
2013-12-13 16:47 - 2013-12-04 17:08 - 00003922 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{36105830-6F2B-41FE-A4C7-151C1769D162}
2013-12-13 16:45 - 2011-02-11 18:15 - 01819218 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-12-13 16:43 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-13 16:42 - 2009-07-14 05:45 - 00451184 _____ C:\Windows\system32\FNTCACHE.DAT
2013-12-12 20:05 - 2009-07-14 03:34 - 00000499 _____ C:\Windows\win.ini
2013-12-11 21:48 - 2012-02-29 18:52 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-12-11 21:43 - 2012-05-15 14:54 - 00000000 _____ C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2013-12-11 21:39 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HpUpdate
2013-12-11 21:39 - 2012-02-29 18:50 - 00000000 ____D C:\Users\Anna\AppData\Roaming\HP Support Assistant
2013-12-11 20:03 - 2013-03-06 19:44 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-12-11 20:03 - 2013-03-06 19:44 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-12-11 20:03 - 2013-03-06 19:44 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-12-11 06:49 - 2012-04-03 18:32 - 00004102 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-12-11 06:49 - 2012-04-03 18:32 - 00003850 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-12-11 06:43 - 2013-11-03 18:43 - 00003180 _____ C:\Windows\System32\Tasks\HPCeeScheduleForAnna
2013-12-11 06:43 - 2013-11-03 18:43 - 00000328 _____ C:\Windows\Tasks\HPCeeScheduleForAnna.job
2013-12-10 17:51 - 2012-09-01 15:30 - 00002228 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-04 19:24 - 2013-12-04 19:24 - 00891184 _____ C:\Users\Anna\Downloads\SecurityCheck.exe
2013-12-04 17:39 - 2013-12-04 17:39 - 02347384 _____ (ESET) C:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
2013-12-04 17:08 - 2012-02-28 19:36 - 00001325 _____ C:\Users\Anna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-04 17:06 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:48 - 2013-12-03 20:42 - 00009768 _____ C:\Windows\IE11_main.log
2013-12-03 20:44 - 2013-12-03 20:44 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 20:44 - 2013-12-03 20:44 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 20:43 - 2013-12-03 20:43 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 20:43 - 2013-12-03 20:43 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 20:43 - 2013-12-03 20:43 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 20:43 - 2013-12-03 20:43 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 20:43 - 2013-12-03 20:43 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 18:37 - 2013-12-03 18:37 - 00000193 _____ C:\Windows\WORDPAD.INI
2013-12-03 18:26 - 2013-12-03 18:26 - 00000000 ____D C:\Windows\ERUNT
2013-12-03 18:20 - 2013-12-03 18:17 - 00000000 ____D C:\AdwCleaner
2013-12-03 18:19 - 2012-04-08 17:13 - 00000000 ____D C:\ProgramData\Uniblue
2013-12-03 18:14 - 2010-11-21 04:47 - 00972674 _____ C:\Windows\PFRO.log
2013-12-03 18:11 - 2012-02-28 19:22 - 00000000 ____D C:\Users\Anna
2013-12-03 17:57 - 2013-12-03 17:57 - 00001162 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Users\Anna\AppData\Roaming\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-03 17:57 - 2013-12-03 17:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-12-03 17:56 - 2013-12-03 17:56 - 01034531 _____ (Thisisu) C:\Users\Anna\Downloads\JRT.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Anna\Downloads\mbam-setup-1.75.0.1300.exe
2013-12-03 17:55 - 2013-12-03 17:55 - 01110034 _____ C:\Users\Anna\Downloads\adwcleaner.exe
2013-12-03 17:33 - 2012-08-10 22:44 - 00000340 _____ C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job
2013-12-03 17:33 - 2012-04-17 17:41 - 00003216 _____ C:\Windows\System32\Tasks\HPCeeScheduleForANNA-HP$
2013-12-03 14:33 - 2013-12-03 14:33 - 00002265 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-03 14:33 - 2012-04-03 18:32 - 00000000 ____D C:\Program Files (x86)\Google
2013-12-03 14:26 - 2013-03-27 10:00 - 00107416 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-12-01 21:11 - 2012-04-06 17:28 - 00000000 ____D C:\Users\Anna\AppData\Local\CrashDumps
2013-12-01 21:10 - 2013-01-20 17:56 - 00000000 ____D C:\ProgramData\tmp
2013-12-01 15:53 - 2013-12-01 15:53 - 00000000 ____D C:\FRST
2013-12-01 14:50 - 2013-12-01 14:50 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-12-01 14:50 - 2013-11-04 09:36 - 00000000 ____D C:\ProgramData\Oracle
2013-12-01 14:50 - 2012-12-16 18:56 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-12-01 14:50 - 2012-03-28 20:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-12-01 14:50 - 2012-03-28 20:18 - 00000000 ____D C:\Program Files\Java
2013-11-27 18:29 - 2013-05-07 21:18 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 18:29 - 2013-03-27 10:00 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-26 12:54 - 2013-12-12 20:04 - 23183360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-26 11:19 - 2013-12-12 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-26 11:18 - 2013-12-12 20:04 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-26 11:11 - 2013-12-12 20:04 - 17112576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-26 10:48 - 2013-12-12 20:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-26 10:46 - 2013-12-12 20:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-26 10:41 - 2013-12-12 20:04 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-26 10:29 - 2013-12-12 20:04 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-26 10:27 - 2013-12-12 20:04 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-26 10:23 - 2013-12-12 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-26 10:21 - 2013-12-12 20:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-26 10:18 - 2013-12-12 20:04 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-26 10:18 - 2013-12-12 20:04 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-26 10:16 - 2013-12-12 20:04 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-26 09:57 - 2013-12-12 20:04 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-26 09:38 - 2013-12-12 20:04 - 02166784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-26 09:38 - 2013-12-12 20:04 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-26 09:35 - 2013-12-12 20:04 - 05769216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-26 09:32 - 2013-12-12 20:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-26 09:28 - 2013-12-12 20:04 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-26 09:16 - 2013-12-12 20:04 - 04243968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-26 09:02 - 2013-12-12 20:04 - 01995264 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-26 08:48 - 2013-12-12 20:04 - 12996608 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-26 08:32 - 2013-12-12 20:04 - 01928192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-26 08:26 - 2013-12-12 20:04 - 11221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-26 08:07 - 2013-12-12 20:04 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-26 07:40 - 2013-12-12 20:04 - 01395200 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-26 07:34 - 2013-12-12 20:04 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-26 07:34 - 2013-12-12 20:04 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-26 07:33 - 2013-12-12 20:04 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-26 07:27 - 2013-12-12 20:04 - 01157632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-24 18:55 - 2012-04-03 18:42 - 00000000 ____D C:\Users\Anna\AppData\Local\Adobe
2013-11-23 19:26 - 2013-12-12 10:39 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-23 18:47 - 2013-12-12 10:39 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-14 21:43 - 2013-08-14 18:04 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 21:41 - 2012-03-06 09:50 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Files to move or delete:
====================
C:\ProgramData\RegistryReviver.exe
C:\Users\Public\AlexaNSISPlugin.6500.dll
Some content of TEMP:
====================
C:\Users\Anna\AppData\Local\Temp\avgnt.exe
C:\Users\Anna\AppData\Local\Temp\BackupSetup.exe
C:\Users\Anna\AppData\Local\Temp\HPHelpUpdater.exe
C:\Users\Anna\AppData\Local\Temp\Quarantine.exe
C:\Users\Anna\AppData\Local\Temp\Resource.exe
C:\Users\Anna\AppData\Local\Temp\sp58915.exe
C:\Users\Anna\AppData\Local\Temp\uninst1.exe
C:\Users\Anna\AppData\Local\Temp\UninstallHPSA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-14 11:13
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-12-2013 01
Ran by Anna at 2013-12-14 12:05:47
Running from C:\Users\Anna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1EMAMREH
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.9.0.1200)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Agatha Christie - Peril at End House (x32 Version: 2.2.0.95)
aioprnt (Version: 5.3.1.0)
aioscnnr (x32 Version: 6.2.3.10)
aioscnnr (x32 Version: 7.6.13.10)
AMD APP SDK Runtime (Version: 2.4.595.10)
AMD VISION Engine Control Center (x32 Version: 2011.0531.2216.38124)
ATI Catalyst Install Manager (Version: 3.0.825.0)
Avira Antivirus Premium (x32 Version: 14.0.1.759)
Bejeweled 3 (x32 Version: 2.2.0.97)
Blasterball 3 (x32 Version: 2.2.0.97)
Bounce Symphony (x32 Version: 2.2.0.97)
Cake Mania (x32 Version: 2.2.0.95)
CANON iMAGE GATEWAY MyCamera Download Plugin (x32 Version: 3.1.1.2)
CANON iMAGE GATEWAY Task for ZoomBrowser EX (x32 Version: 1.9.0.9)
Canon MOV Decoder (x32 Version: 1.8.0.7)
Canon MOV Encoder (x32 Version: 1.6.0.1)
Canon MovieEdit Task for ZoomBrowser EX (x32 Version: 3.7.0.4)
Canon Utilities CameraWindow DC 8 (x32 Version: 8.4.0.3)
Canon Utilities CameraWindow Launcher (x32 Version: 7.5.0.2)
Canon Utilities Movie Uploader for YouTube (x32 Version: 1.2.0.7)
Canon Utilities MyCamera (x32 Version: 7.4.0.2)
Canon Utilities PhotoStitch (x32 Version: 3.1.22.46)
Canon Utilities ZoomBrowser EX (x32 Version: 6.7.0.24)
Canon ZoomBrowser EX Memory Card Utility (x32 Version: 1.5.0.9)
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center InstallProxy (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Localization All (x32 Version: 2011.0531.2216.38124)
Catalyst Control Center Profiles Desktop (x32 Version: 2011.0531.2216.38124)
CCC Help Chinese Standard (x32 Version: 2011.0531.2215.38124)
CCC Help Chinese Traditional (x32 Version: 2011.0531.2215.38124)
CCC Help Czech (x32 Version: 2011.0531.2215.38124)
CCC Help Danish (x32 Version: 2011.0531.2215.38124)
CCC Help Dutch (x32 Version: 2011.0531.2215.38124)
CCC Help English (x32 Version: 2011.0531.2215.38124)
CCC Help Finnish (x32 Version: 2011.0531.2215.38124)
CCC Help French (x32 Version: 2011.0531.2215.38124)
CCC Help German (x32 Version: 2011.0531.2215.38124)
CCC Help Greek (x32 Version: 2011.0531.2215.38124)
CCC Help Hungarian (x32 Version: 2011.0531.2215.38124)
CCC Help Italian (x32 Version: 2011.0531.2215.38124)
CCC Help Japanese (x32 Version: 2011.0531.2215.38124)
CCC Help Korean (x32 Version: 2011.0531.2215.38124)
CCC Help Norwegian (x32 Version: 2011.0531.2215.38124)
CCC Help Polish (x32 Version: 2011.0531.2215.38124)
CCC Help Portuguese (x32 Version: 2011.0531.2215.38124)
CCC Help Russian (x32 Version: 2011.0531.2215.38124)
CCC Help Spanish (x32 Version: 2011.0531.2215.38124)
CCC Help Swedish (x32 Version: 2011.0531.2215.38124)
CCC Help Thai (x32 Version: 2011.0531.2215.38124)
CCC Help Turkish (x32 Version: 2011.0531.2215.38124)
ccc-utility64 (Version: 2011.0531.2216.38124)
center (x32 Version: 7.7.2.0)
Chronicles of Albian (x32 Version: 2.2.0.95)
Chuzzle Deluxe (x32 Version: 2.2.0.95)
Cradle of Rome 2 (x32 Version: 2.2.0.95)
D3DX10 (x32 Version: 15.4.2368.0902)
dm-Fotowelt (x32 Version: 5.0.4)
DriverTuner 3.1.0.0 (x32 Version: 3.1.0.0)
Duplicate Cleaner Free 3.2.1 (x32 Version: 3.2.1)
essentials (x32 Version: 7.7.2.0)
Farm Frenzy (x32 Version: 2.2.0.95)
FATE (x32 Version: 2.2.0.97)
FileHippo.com Update Checker (x32)
Fotogalerie (x32 Version: 16.4.3508.0205)
Google Chrome (x32 Version: 31.0.1650.63)
Google Earth (x32 Version: 7.1.2.2041)
Google Update Helper (x32 Version: 1.3.22.3)
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.95)
Haufe Formular-Manager (x32 Version: 12.05.03.0009)
Haufe iDesk-Browser (x32 Version: 12.10.08.8873)
Haufe iDesk-Service (x32 Version: 12.11.21.8888)
Haufe-Lexware ERiC (x32 Version: 15.03.00.0005)
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000)
HP Auto (Version: 1.0.12935.3667)
HP Client Services (Version: 1.1.12938.3539)
HP Customer Experience Enhancements (x32 Version: 6.0.1.7)
HP Games (x32 Version: 1.0.2.5)
HP LinkUp (x32 Version: 2.01.028)
HP Odometer (x32 Version: 2.10.0000)
HP Setup (x32 Version: 8.7.4747.3786)
HP Setup Manager (x32 Version: 1.1.13880.3792)
HP Support Information (x32 Version: 10.1.1000)
HP Update (x32 Version: 5.002.003.003)
HP Vision Hardware Diagnostics (Version: 2.9.0.0)
HydraVision (x32 Version: 4.2.200.0)
ImageMixer VCD/DVD2 for OLYMPUS (x32 Version: 2.01.102.1)
Java 7 Update 45 (64-bit) (Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Java(TM) 6 Update 13 (64-bit) (Version: 6.0.130)
Java(TM) 6 Update 35 (x32 Version: 6.0.350)
Jewel Quest Solitaire (x32 Version: 2.2.0.95)
Jewel Quest: The Sleepless Star - Collector's Edition (x32 Version: 2.2.0.95)
Kodak AIO Printer (Version: 7.7.2.0)
KODAK All-in-One Software (x32 Version: 7.7.6.0)
KODAK Create@Home Software (für dm) (x32 Version: 7.3.8392)
Konz 2012 (x32 Version: 1.00.0000)
Konz 2013 (x32 Version: 1.00.0000)
LabelPrint (x32 Version: 2.5.3925)
Lexware buchhalter 2013 (x32 Version: 18.51.00.0371)
Lexware Elster (x32 Version: 13.15.00.0074)
Lexware Info Service (x32 Version: 2.90.00.0009)
Lexware online banking (x32 Version: 20.00.00.0059)
Lohnsteuer-Tabellen (x32 Version: 4.1.0.0)
Magic Desktop (x32 Version: 3.0)
Mah Jong Medley (x32 Version: 2.2.0.95)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
metaCrawler (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Mathematics (x32 Version: 4.0)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000)
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Outlook Connector (x32 Version: 14.0.5118.5000)
Microsoft Office Professional Edition 2003 (x32 Version: 11.0.8173.0)
Microsoft Office Starter 2010 - Deutsch (x32 Version: 14.0.4763.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SkyDrive (HKCU Version: 16.4.6013.0910)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft WSE 3.0 Runtime (x32 Version: 3.0.5305.0)
Movie Maker (x32 Version: 16.4.3508.0205)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Mystery of Mortlake Mansion (x32 Version: 2.2.0.97)
MyTomTom 3.2.0.1220 (x32 Version: 3.2.0.1220)
Namco All-Stars: PAC-MAN (x32 Version: 2.2.0.95)
NetCologne NetDSL-Installationsdateien entfernen (x32)
ocr (x32 Version: 6.2.3.50)
OLYMPUS Master (x32 Version: 1.42.5000)
OpenOffice.org 3.4.1 (x32 Version: 3.41.9593)
PDF Complete Special Edition (x32 Version: 4.0.54)
Penguins! (x32 Version: 2.2.0.95)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.95)
PlayReady PC Runtime amd64 (Version: 1.3.0)
Polar Bowler (x32 Version: 2.2.0.97)
Power2Go (x32 Version: 6.1.5331)
PreReq (x32 Version: 6.2.4.0)
PrintProjects (x32 Version: 1.0.0.10712)
Ratelex 2000 V. 3.6 (x32 Version: V. 3.6)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6531)
Recovery Manager (x32 Version: 5.5.0.4320)
Registry Reviver (Version: 3.0.1.142)
Remote Graphics Receiver (x32 Version: 5.4.5)
Slingo Deluxe (x32 Version: 2.2.0.95)
Steuer 2011 (x32 Version: 19.00.7304)
Steuer 2012 (x32 Version: 20.00.8137)
TeamViewer 7 (x32 Version: 7.0.12799)
TomTom HOME (x32 Version: 2.9.7)
TomTom HOME Visual Studio Merge Modules (x32 Version: 1.0.2)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update Installer for WildTangent Games App (x32)
Vacation Quest - The Hawaiian Islands (x32 Version: 2.2.0.97)
Virtual Villagers - The Secret City (x32 Version: 2.2.0.95)
Visual Studio C++ 10.0 Runtime (x32 Version: 10.0.0)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.2)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live Family Safety (Version: 16.4.3508.0205)
Windows Live Family Safety (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
Windows Live Writer (x32 Version: 16.4.3508.0205)
Windows Live Writer Resources (x32 Version: 16.4.3508.0205)
Windows Media Center Add-in for Silverlight (x32 Version: 4.7.3.0)
Zinio Reader 4 (x32 Version: 4.2.4164)
Zuma Deluxe (x32 Version: 2.2.0.95)
==================== Restore Points =========================
01-12-2013 13:49:33 Installed Java 7 Update 45 (64-bit)
03-12-2013 13:32:49 Installed Google Earth.
03-12-2013 16:15:45 Windows Update
03-12-2013 19:42:38 Windows Update
10-12-2013 16:37:11 Windows Update
12-12-2013 19:02:40 Windows Update
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {084E5737-9EA6-4B77-9FE8-88183F13907D} - \MetaCrawler No Task File
Task: {18BFF88D-C4A0-4389-8B09-15CB107F82DC} - System32\Tasks\{9BEDB6C5-D123-44AF-97EF-9C193BF9EC97} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {19808A24-27C9-4632-8236-45CEBD6F94F9} - System32\Tasks\{B19BFBD3-22E7-40B1-8092-5E0933F64BFB} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {208DDB4F-44CF-4B94-8BFF-0D16CA12594F} - System32\Tasks\{5B24A3E6-8484-451D-AC85-8119A1AA3093} => Chrome.exe
Task: {2898FA0B-BFB3-4255-BA06-E621803BA92B} - System32\Tasks\{5EE4981E-4C60-4D95-A137-28D6B1684E15} => G:\Fehler 0x8004210A\setup.exe
Task: {28C53F3E-7359-46D2-91EC-6F86E7A08FAD} - System32\Tasks\{81587730-B882-4280-AEF9-DA69CD1E799F} => C:\Program Files (x86)\McAfee Security Scan\3.0.207\mcuicnt.exe
Task: {2C258B51-4D4B-4A60-B867-2F4C95216304} - System32\Tasks\{D56307B7-5708-42CF-AC0F-ABE15B9FA25B} => G:\Fehler 0x8004210A\setup.exe
Task: {2C283087-C7AF-4A3D-9A41-F90ABD3742CC} - System32\Tasks\{C1E8B04E-84D0-4D81-9BFF-A03FCA749C81} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {33CCD810-6700-4215-8F61-04878E3E7CE6} - System32\Tasks\{32F73D83-6C58-4536-AD9E-F14806ECF03F} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {3AE89158-85A2-480F-AEDD-A720F74D92DF} - System32\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling) => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe [2013-09-10] (ReviverSoft LLC)
Task: {3B08B24C-0FF2-4CB1-95AE-784EFC5D0EDB} - System32\Tasks\{ACF5D4BD-FF59-4B01-91B2-970FACBCBEDE} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {3C581A9D-01E7-4546-9F80-4285FE0F374E} - System32\Tasks\{CCB9DD6C-4693-44B6-BC40-1C7E28B676E4} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/abandoninstall?page=tsMain&installinfo=google-toolbar:notoffered;notincluded,google-chrome:notoffered;disabled
Task: {46E5FF93-CC87-4037-94CC-037139968D8C} - System32\Tasks\{09F221CF-5372-4EBC-A941-0C25D8BA0C4F} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {56C8A226-B660-433D-847E-E8CB350F927B} - System32\Tasks\{76E36731-5736-4569-85A6-FE0670CEAF75} => G:\Programme\stman2012.exe
Task: {5D6F3C68-F43D-40C6-AF2C-A5AF23EC9D8D} - System32\Tasks\{9E4DEDD3-6C2E-4CBE-9972-C7B59E61036B} => Chrome.exe
Task: {661B4304-FA5E-4BC0-AC4C-8F8AE71EFE85} - System32\Tasks\PrintProjects Communicator => C:\ProgramData\PrintProjects\Communicator.exe [2013-01-27] ()
Task: {6679333B-5E69-4B0C-9204-7B147E778085} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2013-11-22] (Hewlett-Packard)
Task: {67CBE5E6-DAE4-4E11-A357-AE187C95906A} - \Dealply No Task File
Task: {6C483C03-8FD1-44E0-B84D-6247FFC4C7B3} - System32\Tasks\{BF4AD9D4-27AD-4FEE-871B-FF0CDF4C02FD} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {6C5C22AF-0EE2-4D92-AA4A-173933E27239} - System32\Tasks\{97ED5C55-9D35-4713-8D4F-DCC5A954C281} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {6FD9D447-9D2F-41A4-AAAD-CFA0D1EFA4E9} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2013-09-23] (Hewlett-Packard Company)
Task: {8800D31B-1993-4306-872E-28A27E87D4A6} - System32\Tasks\{86A7E65F-EA74-48C8-BE48-F829E2218ADE} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {919AFD07-5D0C-4DE1-8170-76E2CDCAE020} - System32\Tasks\0 => Iexplore.exe
Task: {9A867098-A4E0-4FC0-A2F2-819C511136C7} - System32\Tasks\{4B9CC145-EDE1-43FE-9507-F860382684C0} => C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe [2013-11-27] (Avira Operations GmbH & Co. KG)
Task: {A3D13AB7-45E4-45BC-8FB2-5904025C656E} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-07-21] (CyberLink)
Task: {B45E8B42-3FED-4187-B7E0-440FED723D16} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {B5F9F659-CB8C-4427-AC83-E073C6B9CD37} - System32\Tasks\{E39B35A4-6CFE-49B7-8891-C89ED75D6ABA} => Chrome.exe
Task: {B91F8336-43B0-48BE-BE95-E850F143FDDE} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2011-06-15] ()
Task: {C0CBB9F9-205D-4CBC-8888-FD067B9F6D65} - System32\Tasks\{FC35D34F-B49D-4354-AB3C-12AF5B01AE0A} => Iexplore.exe hxxp://ui.skype.com/ui/0/5.3.0.111.396/de/eula
Task: {C6273A4B-2967-47BA-863B-4584F06F05FE} - System32\Tasks\{69B65542-C7B3-414B-8887-24545BB287E6} => C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\ZoomBrowser.exe [2010-10-28] ()
Task: {C9F85312-E50E-4851-95A7-AD7F1088E2CC} - System32\Tasks\{549F9680-829F-4CB3-B1E7-6CDD14632762} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {D1E8142B-02C7-42A5-A48C-6E5B9B666524} - System32\Tasks\{4865926C-8A7E-4A41-84BC-586F1DFCEEB9} => C:\Windows\ISW\netcol.dsl\signup\service.exe [2003-07-30] (ProDyne)
Task: {D700C092-3399-41FE-BDCE-24E066236C65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {E3E76A49-EADB-4556-94A9-693C048A0EB4} - System32\Tasks\{892FFB6F-60EC-45AD-8761-7DF820F915FD} => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master\OLYMPUS Master.exe [2006-05-16] (OLYMPUS IMAGING CORP.)
Task: {EC92B5DD-48DD-4006-BB47-42E77E31AFFA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2012-09-27] (Hewlett-Packard Company)
Task: {ECE8C452-3F6F-493C-A448-77F5A2256E5D} - System32\Tasks\HPCeeScheduleForAnna => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: {F1C80705-9190-4C5F-9087-68B55427A86F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {F75561FD-3233-4E3E-8252-DEFD36A3211B} - System32\Tasks\4563 => C:\Users\Anna\AppData\Local\Temp\launchie.vbsC:\Users\Anna\AppData\Local\Temp\launchie.vbs //B
Task: {F926BAC4-1F1B-4723-93A3-24BD9FFFAFA7} - System32\Tasks\{F925D1D6-B290-4F3D-97B0-3A1CB3D2EE55} => C:\Program Files (x86)\Uniblue\PowerSuite\launcher.exe
Task: {FA209C9C-3F6D-4E9A-87D9-BDB268ECBC14} - System32\Tasks\{55DFE667-D8AD-4CD7-8B29-E68BA369E5C1} => G:\Fehler 0x8004210A\setup.exe
Task: {FD8A9183-5055-4469-8667-FE183FD0047A} - System32\Tasks\{104A9456-5371-4F06-9435-57CFB4552876} => G:\Programme\stman2012.exe
Task: {FDBAB1AA-1C65-4A66-88EE-C55F41B78BB2} - \BitGuard No Task File
Task: {FEB83217-414D-4B5F-A80F-4A7C8AA6DD27} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-03] (Google Inc.)
Task: {FF80DD1C-03A9-4E20-9E16-E33B3E5B6C21} - System32\Tasks\HPCeeScheduleForANNA-HP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForANNA-HP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\HPCeeScheduleForAnna.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
Task: C:\Windows\Tasks\PrintProjects Communicator.job => C:\ProgramData\PrintProjects\Communicator.exe
Task: C:\Windows\Tasks\Start Registry Reviver for Anna-HP@Anna(scheduling).job => C:\Program Files\ReviverSoft\Registry Reviver\RegistryReviver.exe
==================== Loaded Modules (whitelisted) =============
2012-11-08 15:31 - 2012-11-08 15:21 - 00397088 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2012-11-20 00:32 - 2012-11-20 00:32 - 00103824 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\pywintypes24.dll
2012-11-21 00:24 - 2012-11-21 00:24 - 00071056 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\zlib.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00032144 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32process.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32event.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00054672 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_socket.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00017296 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\_ssl.pyd
2012-11-21 00:19 - 2012-11-21 00:19 - 00832912 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\LIBEAY32.dll
2012-11-21 00:19 - 2012-11-21 00:19 - 00161168 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\SSLEAY32.dll
2012-11-21 00:31 - 2012-11-21 00:31 - 00075152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32api.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00019344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32evtlog.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00029584 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\servicemanager.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00083344 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32file.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32pipe.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00107920 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32security.pyd
2012-11-21 00:31 - 2012-11-21 00:31 - 00037776 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32service.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00021392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPersistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00014224 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.TimeStamp.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\persistent.cPickleCache.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00026512 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Acquisition._Acquisition.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020880 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ExtensionClass._ExtensionClass.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00010640 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ComputedAttribute._ComputedAttribute.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00027024 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\AccessControl.cAccessControl.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Record._Record.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00020368 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\DocumentTemplate.cDocumentTemplate.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00140688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\pyexpat.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00058768 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._OIBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IOBTree.pyd
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._IIBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Persistence._Persistence.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MethodObject._MethodObject.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011152 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Missing._Missing.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00011664 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\MultiMapping._MultiMapping.pyd
2012-11-21 00:24 - 2012-11-21 00:24 - 00013712 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\DLLs\select.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\ZODB.winlock.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.stopper.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00010128 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\Products.ZCTextIndex.okascore.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00341392 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\_jpype.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00013200 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\normalizer.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00012688 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\TextIndexNG2\indexsupport.pyd
2012-03-29 05:41 - 2012-03-29 05:41 - 00607232 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\OSR32V10.dll
2012-11-21 01:40 - 2012-11-21 01:40 - 00062864 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\BTrees._fsBTree.pyd
2012-11-21 01:41 - 2012-11-21 01:41 - 00271760 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Zope\lib\python\M2Crypto.__m2crypto.pyd
2012-10-19 10:28 - 2012-10-19 10:28 - 00024464 _____ () C:\Program Files (x86)\Haufe\iDesk\iDeskService\Lib\site-packages\win32\win32wnet.pyd
2013-08-01 11:47 - 2013-08-01 11:47 - 00026040 _____ () C:\Program Files (x86)\MyTomTom 3\DeviceDetection.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00074680 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterBase.dll
2013-08-01 11:47 - 2013-08-01 11:47 - 00317880 _____ () C:\Program Files (x86)\MyTomTom 3\TomTomSupporterProxy.dll
2012-08-10 15:51 - 2012-08-10 15:51 - 00985088 _____ () C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (12/10/2013 05:42:28 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung wurde aufgrund eines Fehlers beim Schreiben am Sicherungsspeicherort "G:\" nicht abgeschlossen. Fehler: "Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)"
Error: (12/05/2013 11:07:45 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: OUTLOOK.EXE, Version: 11.0.8326.0, Zeitstempel: 0x4c1c2372
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x320
Startzeit der fehlerhaften Anwendung: 0xOUTLOOK.EXE0
Pfad der fehlerhaften Anwendung: OUTLOOK.EXE1
Pfad des fehlerhaften Moduls: OUTLOOK.EXE2
Berichtskennung: OUTLOOK.EXE3
Error: (12/04/2013 07:28:20 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/04/2013 05:39:35 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/04/2013 05:39:21 PM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error: (12/04/2013 05:22:29 PM) (Source: Application Hang) (User: )
Description: Programm avcenter.exe, Version 14.0.1.641 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 700
Startzeit: 01cef10cae3aecf4
Endzeit: 60000
Anwendungspfad: C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
Berichts-ID: 062aaf7c-5d00-11e3-bcad-38607789fdcd
System errors:
=============
Error: (12/14/2013 11:59:41 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (12/14/2013 08:30:22 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (12/14/2013 08:29:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/14/2013 08:29:33 AM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/13/2013 11:53:41 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (12/13/2013 11:42:17 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Avira Email Schutz" wurde mit folgendem dienstspezifischem Fehler beendet: %%1.
Error: (12/13/2013 11:41:33 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Easybits Services for Windows" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (12/13/2013 11:41:10 PM) (Source: Application Popup) (User: )
Description: Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\Drivers\cdrbsdrv.SYS nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version des Treibers zu erhalten.
Error: (12/13/2013 11:39:56 PM) (Source: DCOM) (User: )
Description: {E10F6C3A-F1AE-4ADC-AA9D-2FE65525666E}
Error: (12/13/2013 10:52:10 PM) (Source: DCOM) (User: )
Description: C:\PROGRA~2\MICROS~1\OFFICE11\OUTLOOK.EXE -Embedding740{0006F020-0000-0000-C000-000000000046}
Microsoft Office Sessions:
=========================
Error: (12/10/2013 05:42:28 PM) (Source: Windows Backup)(User: )
Description: G:\Der Sicherungsort wurde nicht gefunden oder ist ungültig. Überprüfen Sie die Sicherungseinstellungen und den Sicherungsort. (0x81000006)
Error: (12/05/2013 11:07:45 AM) (Source: Application Error)(User: )
Description: OUTLOOK.EXE11.0.8326.04c1c2372ntdll.dll6.1.7601.18247521ea8e7c0000374000ce75332001cef1a0de614771C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXEC:\Windows\SysWOW64\ntdll.dll1589ab73-5d95-11e3-b36b-38607789fdcd
Error: (12/04/2013 07:28:20 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
Error: (12/04/2013 05:39:35 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
Error: (12/04/2013 05:39:21 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Users\Anna\Downloads\esetsmartinstaller_enu.exe
Error: (12/04/2013 05:22:29 PM) (Source: Application Hang)(User: )
Description: avcenter.exe14.0.1.64170001cef10cae3aecf460000C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe062aaf7c-5d00-11e3-bcad-38607789fdcd
==================== Memory info ===========================
Percentage of memory in use: 18%
Total physical RAM: 8178.82 MB
Available physical RAM: 6674.5 MB
Total Pagefile: 9711 MB
Available Pagefile: 7349.2 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (OS) (Fixed) (Total:1850.26 GB) (Free:1769.53 GB) NTFS
Drive d: (HP_RECOVERY) (Fixed) (Total:12.65 GB) (Free:1.48 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive h: (MyDrive) (Fixed) (Total:465.76 GB) (Free:444.8 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: E91B7F62)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=-212318814208) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13 GB) - (Type=07 NTFS)
========================================================
Disk: 2 (Size: 466 GB) (Disk ID: 5B5D6C0A)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Was auffällt: Nach wie vor führt das Klicken eines Hyperlinks in Outlook dazu, dass angezeigt wird, das Plus-HD 1.6 abgestürzt sei. Das habe ich eigentlich deinstalliert. Außerdem lässt sich nach wie vor der Emailschutz von Antivir nicht aktivieren. Da ist scheinbar immernoch was faul. |
|
14.12.2013, 16:42
| #10 |
| /// the machine /// TB-Ausbilder | Delta-Homes bzw. QV06 in IE, FF und Chrome Antivir deinstallierne und neu installieren. GLeiches mit allen Browsern. Dann bitte nen frischen Scan mit FRST machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
