FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-08-2013 01
Ran by Peter (administrator) on 14-08-2013 17:37:12
Running from C:\Users\Peter\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVG Technologies CZ, s.r.o.) D:\AVGANT~1\avgrsa.exe
(AVG Technologies CZ, s.r.o.) D:\AVG antivirus\avgcsrva.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) D:\AVG antivirus\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) D:\AVG antivirus\avgwdsvc.exe
(MSI) C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(AVG Technologies CZ, s.r.o.) D:\AVG antivirus\avgui.exe
(AVG Technologies CZ, s.r.o.) D:\AVG antivirus\avgnsa.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7188552 2013-05-27] (Realtek Semiconductor)
MountPoints2: {a3c44cb5-9d57-11e1-8455-806e6f6e6963} - E:\SETUP.EXE
MountPoints2: {c3bcec92-bba0-11e2-b80c-8c89a584d284} - H:\Startme.exe
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Super-Charger] - C:\Program Files (x86)\MSI\Super-Charger\Super-Charger.exe [506864 2013-03-08] (MSI)
HKLM-x32\...\Run: [Logitech G35] - C:\Program Files (x86)\Logitech\G35\G35.exe [1811800 2010-10-05] (Logitech(c))
HKLM-x32\...\Run: [AVG_UI] - D:\AVG antivirus\avgui.exe [4411440 2013-07-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [Live Update 5] - C:\Program Files (x86)\MSI\Live Update 5\BootStartLiveupdate.exe [315392 2012-01-30] ()
HKLM-x32\...\Run: [MailCheck IE Broker] - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck_Broker.exe [1519680 2013-06-27] (1und1 Mail und Media GmbH)
AppInit_DLLs: C:\PROGRA~3\NVIDIA~1\NVSTRE~1\rxinput.dll C:\PROGRA~3\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~3\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
ProxyServer: :0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {791F4938-1F53-42E2-8FAA-1ED9EA04E04B} URL = hxxp://go.web.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {AE6FBC7C-6110-4BD7-8F32-BA4998324B08} URL = hxxp://search.gmx.com/web?q={searchTerms}&origin=tb_splugin_ie
SearchScopes: HKCU - {D90FC07B-B601-4E85-8ECE-CB3055E233E4} URL = hxxp://go.1und1.de/tb/ie_searchplugin/?su={searchTerms}
SearchScopes: HKCU - {FDC17D6D-15AC-446B-A323-4B107C64527D} URL = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: WEB.DE MailCheck BHO - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft WebPageAdjuster Class - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKLM-x32 - WEB.DE MailCheck - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Toolbar: HKCU - WEB.DE MailCheck - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
Handler: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Handler-x32: webde - {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\WEB.DE MailCheck\IE\WEB.DE_MailCheck.dll (1und1 Mail und Media GmbH)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default
FF NetworkProxy: "no_proxies_on", "127.0.0.1"
FF NetworkProxy: "socks", "127.0.0.1"
FF NetworkProxy: "socks_port", 9050
FF NetworkProxy: "socks_remote_dns", true
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.1 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.132.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\webde-suche.xml
FF Extension: ProxTube - Gesperrte YouTube Videos entsperren - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\Extensions\ich@maltegoetz.de
FF Extension: toolbar - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\Extensions\toolbar@web.de.xpi
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
FF Extension: No Name - C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==================== Services (Whitelisted) =================
R2 AVGIDSAgent; D:\AVG antivirus\avgidsagent.exe [4939312 2013-07-04] (AVG Technologies CZ, s.r.o.)
R2 avgwd; D:\AVG antivirus\avgwdsvc.exe [283136 2013-07-23] (AVG Technologies CZ, s.r.o.)
R2 MSI_SuperCharger; C:\Program Files (x86)\MSI\Super-Charger\ChargeService.exe [161264 2013-02-20] (MSI)
R2 NitroReaderDriverReadSpool3; C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [230416 2013-03-26] (Nitro PDF Software)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-02-03] ()
S3 DAUpdaterSvc; C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe [x]
==================== Drivers (Whitelisted) ====================
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [246072 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [71480 2013-07-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [206648 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [311608 2013-07-20] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [116536 2013-07-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [45880 2013-07-10] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [240952 2013-03-21] (AVG Technologies CZ, s.r.o.)
R3 LADF_DHP2; C:\Windows\System32\DRIVERS\ladfDHP2amd64.sys [62168 2010-09-29] (Logitech)
R3 LADF_SBVM; C:\Windows\System32\DRIVERS\ladfSBVMamd64.sys [377176 2010-09-29] (Logitech)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
R3 NTIOLib_1_0_3; C:\Program Files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [13368 2012-10-25] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
S3 NTIOLib_1_0_4; C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [14136 2010-10-22] (MSI)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
S3 rzendpt; C:\Windows\System32\DRIVERS\rzendpt.sys [22016 2012-11-07] (Razer USA Ltd)
S3 NTIOLib_1_0_C; \??\E:\NTIOLib_X64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-14 17:25 - 2013-08-14 17:25 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 17:24 - 2013-08-14 17:24 - 00004279 _____ C:\Users\Peter\Desktop\AdwCleaner[0].txt
2013-08-14 17:20 - 2013-08-14 17:22 - 00000000 ____D C:\AdwCleaner
2013-08-14 16:30 - 2013-08-14 16:30 - 01158897 _____ (Thisisu) C:\Users\Peter\Desktop\JRT.exe
2013-08-14 16:30 - 2013-08-14 16:30 - 00800594 _____ C:\Users\Peter\Desktop\adwcleaner.exe
2013-08-14 14:38 - 2013-08-14 14:38 - 01575570 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2013-08-14 11:34 - 2013-08-14 11:34 - 00003878 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\ProgramData\UUdb
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\ProgramData\1&1 Mail & Media GmbH
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-08-14 10:52 - 2013-08-14 10:52 - 00052146 _____ C:\Users\Peter\Desktop\bookmarks.html
2013-08-14 10:50 - 2013-08-14 10:50 - 00027896 _____ C:\Users\Peter\Desktop\bookmarks-2013-08-14.json
2013-08-14 07:19 - 2013-08-14 07:20 - 00015894 _____ C:\Users\Peter\Desktop\Addition.txt
2013-08-13 18:17 - 2013-08-13 18:17 - 00000000 ____D C:\Users\Peter\AppData\Local\PAYDAY
2013-08-13 16:53 - 2013-08-13 16:53 - 00000221 _____ C:\Users\Peter\Desktop\PAYDAY The Heist.url
2013-08-13 16:53 - 2013-08-13 16:53 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-13 15:41 - 2013-08-13 15:41 - 00000000 ____D C:\FRST
2013-08-13 15:40 - 2013-08-13 15:40 - 00000000 _____ C:\Users\Peter\defogger_reenable
2013-08-13 15:39 - 2013-08-14 07:06 - 00000000 ____D C:\Users\Peter\Desktop\Virenkampf
2013-08-13 15:38 - 2013-08-13 15:38 - 00377856 _____ C:\Users\Peter\Downloads\nn4icltp.exe
2013-08-13 10:33 - 2013-08-13 10:33 - 00000000 ____D C:\NvidiaLogging
2013-08-13 10:32 - 2013-05-14 21:28 - 00039712 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-13 10:32 - 2013-05-14 21:27 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-13 10:32 - 2013-05-14 21:27 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-13 10:18 - 2013-08-13 10:18 - 00002007 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
==================== One Month Modified Files and Folders =======
2013-08-14 17:35 - 2013-07-02 14:11 - 00000000 ____D C:\ProgramData\MFAData
2013-08-14 17:28 - 2013-08-14 17:28 - 00001708 _____ C:\Users\Peter\Desktop\JRT.txt
2013-08-14 17:25 - 2013-08-14 17:25 - 00000000 ____D C:\Windows\ERUNT
2013-08-14 17:24 - 2013-08-14 17:24 - 00004279 _____ C:\Users\Peter\Desktop\AdwCleaner[0].txt
2013-08-14 17:22 - 2013-08-14 17:20 - 00000000 ____D C:\AdwCleaner
2013-08-14 17:18 - 2012-07-14 13:57 - 00000000 ____D C:\Users\Peter\AppData\Local\PMB Files
2013-08-14 17:18 - 2012-07-14 13:57 - 00000000 ____D C:\ProgramData\PMB Files
2013-08-14 16:49 - 2013-04-25 21:34 - 00001108 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-14 16:41 - 2012-05-20 21:04 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-14 16:30 - 2013-08-14 16:30 - 01158897 _____ (Thisisu) C:\Users\Peter\Desktop\JRT.exe
2013-08-14 16:30 - 2013-08-14 16:30 - 00800594 _____ C:\Users\Peter\Desktop\adwcleaner.exe
2013-08-14 14:38 - 2013-08-14 14:38 - 01575570 _____ (Farbar) C:\Users\Peter\Desktop\FRST64.exe
2013-08-14 14:38 - 2012-05-14 02:22 - 00000000 ____D C:\Users\Peter
2013-08-14 14:30 - 2012-05-20 21:49 - 00000000 ____D C:\Program Files (x86)\Steam
2013-08-14 11:34 - 2013-08-14 11:34 - 00003878 _____ C:\Windows\System32\Tasks\Registration 1und1 Task
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\ProgramData\UUdb
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\ProgramData\1&1 Mail & Media GmbH
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\Program Files\WEB.DE MailCheck
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\WEB.DE MailCheck
2013-08-14 11:34 - 2013-08-14 11:34 - 00000000 ____D C:\Program Files (x86)\1und1Softwareaktualisierung
2013-08-14 10:52 - 2013-08-14 10:52 - 00052146 _____ C:\Users\Peter\Desktop\bookmarks.html
2013-08-14 10:50 - 2013-08-14 10:50 - 00027896 _____ C:\Users\Peter\Desktop\bookmarks-2013-08-14.json
2013-08-14 07:39 - 2009-07-14 06:45 - 00027216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-14 07:39 - 2009-07-14 06:45 - 00027216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-14 07:35 - 2012-05-14 02:03 - 01794718 _____ C:\Windows\WindowsUpdate.log
2013-08-14 07:31 - 2013-04-25 21:34 - 00001104 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-14 07:31 - 2012-05-14 02:46 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-14 07:31 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-14 07:31 - 2009-07-14 06:51 - 00098214 _____ C:\Windows\setupact.log
2013-08-14 07:20 - 2013-08-14 07:19 - 00015894 _____ C:\Users\Peter\Desktop\Addition.txt
2013-08-14 07:06 - 2013-08-13 15:39 - 00000000 ____D C:\Users\Peter\Desktop\Virenkampf
2013-08-13 18:17 - 2013-08-13 18:17 - 00000000 ____D C:\Users\Peter\AppData\Local\PAYDAY
2013-08-13 18:17 - 2012-05-22 00:15 - 00716912 _____ C:\Windows\DirectX.log
2013-08-13 16:53 - 2013-08-13 16:53 - 00000221 _____ C:\Users\Peter\Desktop\PAYDAY The Heist.url
2013-08-13 16:53 - 2013-08-13 16:53 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-13 15:41 - 2013-08-13 15:41 - 00000000 ____D C:\FRST
2013-08-13 15:40 - 2013-08-13 15:40 - 00000000 _____ C:\Users\Peter\defogger_reenable
2013-08-13 15:38 - 2013-08-13 15:38 - 00377856 _____ C:\Users\Peter\Downloads\nn4icltp.exe
2013-08-13 12:15 - 2012-05-20 21:39 - 00000000 ____D C:\Program Files (x86)\Origin
2013-08-13 12:14 - 2012-05-20 21:41 - 00000000 ____D C:\Users\Peter\AppData\Local\Origin
2013-08-13 12:14 - 2012-05-20 21:39 - 00000000 ____D C:\Users\Peter\AppData\Roaming\Origin
2013-08-13 10:33 - 2013-08-13 10:33 - 00000000 ____D C:\NvidiaLogging
2013-08-13 10:33 - 2012-05-14 02:46 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-08-13 10:33 - 2012-05-14 02:41 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-08-13 10:29 - 2013-07-02 14:15 - 00000582 _____ C:\Users\Public\Desktop\AVG 2013.lnk
2013-08-13 10:18 - 2013-08-13 10:18 - 00002007 _____ C:\Users\Public\Desktop\Live Update 5.lnk
2013-08-13 05:44 - 2013-04-25 21:34 - 00004104 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-08-13 05:44 - 2013-04-25 21:34 - 00003852 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-07-20 01:51 - 2013-07-20 01:51 - 00311608 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgloga.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00246072 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsdrivera.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00206648 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgldx64.sys
2013-07-20 01:50 - 2013-07-20 01:50 - 00071480 _____ (AVG Technologies CZ, s.r.o.) C:\Windows\system32\Drivers\avgidsha.sys
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-13 11:28
==================== End Of Log ============================
--- --- --- Code:
# AdwCleaner v3.000 - Report created14/08/2013at17:20:58
# Updated 13/08/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Peter - DIGITALATES
# Running from : C:\Users\Peter\Desktop\adwcleaner.exe
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Peter\AppData\Roaming\BabSolution
Folder Deleted : C:\Users\Peter\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Peter\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Peter\AppData\Roaming\OpenCandy
File Deleted : C:\Users\Peter\AppData\Local\Temp\Uninstall.exe
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\5e2888ce73bec10
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{8C8222B7-83EF-43F2-AF59-D4CAAD3D0853}
Key Deleted : HKU\S-1-5-21-1779598452-667764557-2055712093-1004\Software\Microsoft\Internet Explorer\SearchScopes\{8C8222B7-83EF-43F2-AF59-D4CAAD3D0853}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKLM\Software\DataMngr
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] No bad entry found.
-\\ Mozilla Firefox v22.0 (de)
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\11-suche.xml
File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\Babylon.xml
File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\searchplugins\delta.xml
File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\foxydeal.sqlite
File Deleted : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\user.js
[ File : C:\Users\Peter\AppData\Roaming\Mozilla\Firefox\Profiles\b0810lp1.default\prefs.js ]
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "de");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "54fec70a00000000000000ff310aae17");
Line Deleted : user_pref("extensions.delta.instlDay", "15882");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.21.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.21.522:39:57");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.21.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121562&tt=250613_gr4&tsp=4925");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .ti[...]
Line Deleted : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
Line Deleted : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .titl[...]
*************************
AdwCleaner[0].txt - [4141 octets] - [14/08/2013 17:20:58]
########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [4200 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.4.5 (08.13.2013:1)
OS: Windows 7 Professional x64
Ran by Peter on 14.08.2013 at 17:25:34,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\TaskScheduler_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\TaskScheduler_RASMANCS
~~~ Files
Successfully deleted: [File] "C:\Windows\wininit.ini"
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Peter\appdata\local\{75955C33-3484-45C7-86D7-310CF2561ED1}
Successfully deleted: [Empty Folder] C:\Users\Peter\appdata\local\{D64F693B-930C-4FD9-8BCF-E049AF707E29}
Successfully deleted: [Empty Folder] C:\Users\Peter\appdata\local\{F38CBA55-37E1-42BC-8443-90B7232C6C45}
~~~ FireFox
Successfully deleted: [File] C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\b0810lp1.default\invalidprefs.js
Emptied folder: C:\Users\Peter\AppData\Roaming\mozilla\firefox\profiles\b0810lp1.default\minidumps [298 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.08.2013 at 17:28:32,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
