| Ritaratlos | 03.02.2015 08:18 |
Hallo Cosinus,
anbei logs
adwcleaner: Code:
# AdwCleaner v4.109 - Bericht erstellt am 03/02/2015 um 07:49:22
# Aktualisiert 24/01/2015 von Xplode
# Database : 2015-02-02.1 [Live]
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : xxxxxxxxxx - DESKTOP-PC
# Gestartet von : C:\Users\xxxxxxxxxx\Downloads\AdwCleaner_4.109.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\SecTaskMan
Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Software Update Utility
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Local\SecTaskMan
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Local\Winamp Toolbar
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Ordner Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\toolbar@ask.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
Datei Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\searchplugins\safesearch.xml
Datei Gelöscht : C:\Users\xxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\user.js
***** [ Tasks ] *****
Task Gelöscht : Scheduled Update for Ask Toolbar
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdate
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{134B5A9E-37E4-4B34-93B8-94ED49FF6DDB}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3A8D9662-4E9F-4402-9DFC-4564479A471E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{134B5A9E-37E4-4B34-93B8-94ED49FF6DDB}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{134B5A9E-37E4-4B34-93B8-94ED49FF6DDB}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\APN
Schlüssel Gelöscht : HKLM\SOFTWARE\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Daten Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - 192.168.*.*;*.local
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17496
-\\ Mozilla Firefox v35.0.1 (x86 de)
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.date", "4");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.lastDate", "3");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.lastMonth", "1");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.lastYear", "2015");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.month", "69");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.prevMonth", "865");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.total", "16655");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.week", "69");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("aol_toolbar.surf.year", "933");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("extensions.xpiState", "{\"app-profile\":{\"2020Player@2020Technologies.com\":{\"d\":\"C:\\\\Users\\\\xxxxxxxxxx\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\7s6g5qp4.default\[...]
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EBF-412A-8BD7-DF1C6FBBA016&[...]
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.buttons.layout", "shoutcast_30026;mobile/android_33522;post_to_twitter_33500;facebook_45469;;post_to_twitter_46693;facebook_46704;ebay_46803");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.cookie.homepage", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.cookie.search", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.curtain.congrats", "none");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.default.homepage.check", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.default.search.check", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.guid", "{A8B7DCA3-EC35-8F85-5A3C-64AB494D005B}");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.homepageprotection.enabled", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.distroid", "winamp");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.9397");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.lid", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.mtmhp", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.install.ncid", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "3");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "1");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2015");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.log", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "12");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "15");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "58");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "8");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "17");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2012");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.relatednews.enabled", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1422945208968");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.button", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.cid", "09-04-2013");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.instd", "20120812155613915");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.oid", "12-08-2012");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.placement", "left");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.savehistory", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.search.source", "winamp-ff");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.searchprotection.enabled", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.skin.custom", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.degc", "-9");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.degf", "15");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/33_n.png");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.metric", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.update", "1422945208970");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.weather.zipcode", "10065");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
[7s6g5qp4.default\prefs.js] - Zeile gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
*************************
AdwCleaner[R0].txt - [22488 octets] - [03/02/2015 07:37:17]
AdwCleaner[S0].txt - [22194 octets] - [03/02/2015 07:49:22]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22255 octets] ##########
JRT: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.2 (02.02.2015:1)
OS: Windows 7 Home Premium x64
Ran by xxxxxxxxxxx on 03.02.2015 at 7:59:11,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9"
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\searchplugins\aol-search.xml
Successfully deleted: [Folder] C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\winamptoolbardata
Successfully deleted the following from C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\prefs.js
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=C93D1590-C539-4FDB-8493-A71C05BAF874&apn_ptnrs=9M&apn_sauid=3DDC48D7-3EB
Emptied folder: C:\Users\xxxxxxxxxxx\AppData\Roaming\mozilla\firefox\profiles\7s6g5qp4.default\minidumps [37 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.02.2015 at 8:01:54,14
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
und Neuscan FRST:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2015
Ran by xxxxxxxxxxx (administrator) on DESKTOP-PC on 03-02-2015 08:08:26
Running from C:\Users\xxxxxxxxxxx\Downloads
Loaded Profiles: xxxxxxxxxxx (Available profiles: xxxxxxxxxxx)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nero AG) C:\Program Files (x86)\Motorola Media Link\Lite\NServiceEntry.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(Prolific Technology Inc.) C:\Windows\SysWOW64\IoctlSvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\n360.exe
() C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe
(TuneUp Software) C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesApp64.exe
() C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(SYDATEC) C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe
(OLYMPUS IMAGING CORP.) C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe
(LaCie SA) C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
() C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
(CyberLink Corp.) C:\Program Files (x86)\Hewlett-Packard\Media\DVD\DVDAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_16_0_0_296.exe
(Farbar) C:\Users\xxxxxxxxxxx\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [SmartMenu] => C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [610360 2009-07-08] ()
HKLM\...\Run: [CanonMyPrinter] => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2779024 2011-03-14] (CANON INC.)
HKLM-x32\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM-x32\...\Run: [LaunchHPOSIAPP] => C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe [385024 2009-04-03] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Remote Solution] => C:\Program Files (x86)\Hewlett-Packard\HP Remote Solution\HP_Remote_Solution.exe [656896 2009-05-26] ()
HKLM-x32\...\Run: [UpdatePRCShortCut] => C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe [1086760 2009-09-01] (Nero AG)
HKLM-x32\...\Run: [AppleSyncNotifier] => C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-03] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2014-10-11] (Apple Inc.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2011-01-15] (CANON INC.)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2012-06-20] (Nullsoft, Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2557976 2014-06-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2009-08-20] (Hewlett-Packard Company)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [Password Guard v3] => C:\Program Files (x86)\SYDATEC\Password Guard v3\pwgtray.exe [675464 2009-10-27] (SYDATEC)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [OM2_Monitor] => C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe [95536 2007-09-04] (OLYMPUS IMAGING CORP.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\...\Run: [LaCie Ethernet Agent Startup] => C:\Program Files (x86)\LaCie\Network Assistant\LaCie Network Assistant.exe [5722112 2009-10-16] (LaCie SA)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Quicken 2010 Zahlungserinnerung.lnk
ShortcutTarget: Quicken 2010 Zahlungserinnerung.lnk -> C:\Program Files (x86)\Lexware\Quicken\2010\billmind.exe (Lexware GmbH & Co. KG)
ShellIconOverlayIdentifiers: [OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: [OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\buShell.dll (Symantec Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-232553567-516970607-3978274004-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-232553567-516970607-3978274004-1001\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKLM-x32 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-232553567-516970607-3978274004-1001 -> {57948E9B-85E2-4A57-B023-93A71375A317} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=cb-hp06&type=ie2008
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com.tw/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {28B66320-9687-4B13-8757-36F901887AB5} hxxp://fotobuch.whitewall.com/ips-opdata/layout/avenso/objects/canvasx.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_296.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_296.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: 20-20 3D Viewer - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\2020Player@2020Technologies.com [2011-03-25]
FF Extension: Garmin Communicator - C:\Users\xxxxxxxxxxx\AppData\Roaming\Mozilla\Firefox\Profiles\7s6g5qp4.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-24]
FF HKLM-x32\...\Firefox\Extensions: [{7BA52691-1876-45ce-9EE6-54BCB3B04BBC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\coFFPlgn
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn [2015-02-03]
Chrome:
=======
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\Exts\Chrome.crx [2014-09-26]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 AAV UpdateService; C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [138192 2011-02-07] ()
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2009-08-20] (Hewlett-Packard Company) [File not signed]
R2 MotoHelper; C:\Program Files (x86)\Motorola\MotoHelper\MotoHelperService.exe [214896 2011-12-06] ()
R2 N360; C:\Program Files (x86)\Norton 360 Premier Edition\Engine\21.6.0.32\N360.exe [265040 2014-09-21] (Symantec Corporation)
R2 PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [87344 2009-09-01] (Prolific Technology Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [481304 2014-06-24] (Sony Corporation)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [2145080 2014-07-16] (TuneUp Software)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\BASHDefs\20150106.001\BHDrvx64.sys [1622744 2015-01-06] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1506000.020\ccSetx64.sys [162392 2013-09-26] (Symantec Corporation)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-12-12] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-12-12] (Symantec Corporation)
S3 EST_Server; C:\Windows\System32\DRIVERS\GenHC.sys [194048 2008-11-25] ( ) [File not signed]
S3 GigasetGenericUSB_x64; C:\Windows\System32\DRIVERS\GigasetGenericUSB_x64.sys [54272 2009-02-20] (Siemens Home and Office Communication Devices GmbH & Co. KG)
S3 gwiopm; C:\Program Files (x86)\Slotman\gwiopm.sys [3904 1998-06-03] () [File not signed]
R1 IDSVia64; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\IPSDefs\20150130.001\IDSvia64.sys [668888 2015-01-16] (Symantec Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.019\ENG64.SYS [129752 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360 Premier Edition\NortonData\21.1.0.18\Definitions\VirusDefs\20150202.019\EX64.SYS [2137304 2015-01-20] (Symantec Corporation)
R3 SRTSP; C:\Windows\System32\Drivers\N360x64\1506000.020\SRTSP64.SYS [876248 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1506000.020\SRTSPX64.SYS [37592 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1506000.020\SYMDS64.SYS [493656 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1506000.020\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-01-07] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1506000.020\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [14112 2014-06-23] (TuneUp Software)
R2 {55662437-DA8C-40c0-AADA-2C816A897A49}; c:\Program Files (x86)\Hewlett-Packard\Media\DVD\000.fcl [146928 2009-07-23] (CyberLink Corp.)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EST_BusEnum; system32\DRIVERS\GenBus.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 motmodem; system32\DRIVERS\motmodem.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]
S3 PCDSRVC{F36B3A4C-F95654BD-06000000}_0; \??\c:\program files\pc-doctor for windows\pcdsrvc_x64.pkms [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 08:07 - 2015-02-03 08:07 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxxxx\Downloads\FRST64(1).exe
2015-02-03 08:01 - 2015-02-03 08:01 - 00002425 _____ () C:\Users\xxxxxxxxxxx\Desktop\JRT.txt
2015-02-03 07:58 - 2015-02-03 07:58 - 01388274 _____ (Thisisu) C:\Users\xxxxxxxxxxx\Downloads\JRT.exe
2015-02-03 07:37 - 2015-02-03 07:49 - 00000000 ____D () C:\AdwCleaner
2015-02-03 07:36 - 2015-02-03 07:36 - 02194432 _____ () C:\Users\xxxxxxxxxxx\Downloads\AdwCleaner_4.109.exe
2015-02-02 21:23 - 2015-02-02 21:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-02-02 21:20 - 2015-02-02 21:20 - 16466552 _____ (Malwarebytes Corp.) C:\Users\xxxxxxxxxxx\Downloads\mbar-1.08.3.1004.exe
2015-02-01 23:11 - 2015-02-01 23:11 - 00029927 _____ () C:\ComboFix.txt
2015-02-01 22:41 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-02-01 22:41 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-02-01 22:41 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-02-01 22:41 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-02-01 22:40 - 2015-02-01 23:11 - 00000000 ____D () C:\Qoobox
2015-02-01 22:39 - 2015-02-01 23:08 - 00000000 ____D () C:\Windows\erdnt
2015-02-01 22:37 - 2015-02-01 22:37 - 05611408 ____R (Swearware) C:\Users\xxxxxxxxxxx\Downloads\ComboFix.exe
2015-02-01 22:05 - 2015-02-03 08:03 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\Virusabarbeitung
2015-02-01 20:22 - 2015-02-01 20:22 - 00563608 _____ () C:\Windows\Minidump\020115-37923-01.dmp
2015-02-01 19:53 - 2015-02-01 19:53 - 00380416 _____ () C:\Users\xxxxxxxxxxx\Downloads\Gmer-19357.exe
2015-02-01 19:44 - 2015-02-03 08:08 - 00021343 _____ () C:\Users\xxxxxxxxxxx\Downloads\FRST.txt
2015-02-01 19:44 - 2015-02-03 08:08 - 00000000 ____D () C:\FRST
2015-02-01 19:44 - 2015-02-01 19:47 - 00056745 _____ () C:\Users\xxxxxxxxxxx\Downloads\Addition.txt
2015-02-01 19:43 - 2015-02-01 19:43 - 02131456 _____ (Farbar) C:\Users\xxxxxxxxxxx\Downloads\frst64.exe
2015-02-01 19:40 - 2015-02-01 19:40 - 00000000 _____ () C:\Users\xxxxxxxxxxx\defogger_reenable
2015-02-01 19:39 - 2015-02-01 19:39 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(3).exe
2015-01-31 15:06 - 2015-01-31 15:06 - 00664576 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50562.msi
2015-01-30 12:42 - 2015-01-30 12:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-01-30 12:32 - 2015-01-30 12:32 - 37987520 _____ (Microsoft Corporation) C:\Users\xxxxxxxxxxx\Downloads\Windows-KB890830-x64-V5.20.exe
2015-01-25 22:40 - 2015-01-25 22:40 - 00353101 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit20084.mini.diagcab
2015-01-25 22:39 - 2015-01-25 22:40 - 01059840 _____ () C:\Users\xxxxxxxxxxx\Downloads\MicrosoftFixit50981.msi
2015-01-25 21:31 - 2015-02-02 21:23 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-25 21:31 - 2015-02-02 21:22 - 00097496 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-25 21:31 - 2015-01-25 21:31 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-25 21:31 - 2015-01-25 21:31 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-25 21:31 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-25 21:31 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-25 21:30 - 2015-01-25 21:30 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\xxxxxxxxxxx\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-25 20:32 - 2015-01-25 20:32 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\ProcAlyzer Dumps
2015-01-25 19:46 - 2015-01-25 20:15 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-25 19:46 - 2015-01-25 19:46 - 00001393 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00001381 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-01-25 19:46 - 2015-01-25 19:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-25 19:46 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-25 19:45 - 2015-01-25 19:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-25 19:42 - 2015-01-25 19:42 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer(1).exe
2015-01-25 19:40 - 2015-01-25 19:40 - 01191200 _____ () C:\Users\xxxxxxxxxxx\Downloads\SpyBot Search Destroy - CHIP-Installer.exe
2015-01-24 20:25 - 2015-01-24 20:25 - 00000256 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_enable.log
2015-01-24 20:24 - 2015-01-24 20:24 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(2).exe
2015-01-24 20:21 - 2015-01-24 20:21 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger(1).exe
2015-01-24 20:19 - 2015-02-01 19:40 - 00000484 _____ () C:\Users\xxxxxxxxxxx\Downloads\defogger_disable.log
2015-01-24 20:18 - 2015-01-24 20:18 - 00050477 _____ () C:\Users\xxxxxxxxxxx\Downloads\Defogger.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 02935152 _____ () C:\Users\xxxxxxxxxxx\Downloads\SecurityTaskManager_Setup.exe
2015-01-24 14:30 - 2015-01-24 14:30 - 00001160 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001149 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00001137 _____ () C:\Users\Public\Desktop\Security Task Manager.lnk
2015-01-24 14:30 - 2015-01-24 14:30 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2015-01-24 13:57 - 2015-01-24 13:57 - 00000000 ____D () C:\NPE
2015-01-24 13:52 - 2015-01-24 15:12 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\NPE
2015-01-16 11:35 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-16 11:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-16 11:35 - 2014-12-12 06:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-16 11:35 - 2014-12-12 06:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-16 11:35 - 2014-12-12 06:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-16 11:35 - 2014-12-12 06:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-16 11:35 - 2014-12-12 06:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-16 11:35 - 2014-12-12 06:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-16 11:35 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-16 11:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-16 11:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-03 07:59 - 2011-05-29 06:26 - 00000000 ____D () C:\Users\xxxxxxxxxxx\Documents\Outlook-Dateien
2015-02-03 07:58 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-02-03 07:58 - 2009-07-14 05:45 - 00018512 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-02-03 07:53 - 2013-04-10 09:29 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\CrashDumps
2015-02-03 07:50 - 2012-08-13 06:15 - 00000000 ____D () C:\Temp
2015-02-03 07:50 - 2009-11-13 22:12 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-03 07:50 - 2009-09-18 20:39 - 00742822 _____ () C:\Windows\PFRO.log
2015-02-03 07:50 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-02-03 07:50 - 2009-07-14 05:51 - 00109737 _____ () C:\Windows\setupact.log
2015-02-03 07:49 - 2009-09-25 02:05 - 01798320 _____ () C:\Windows\WindowsUpdate.log
2015-02-03 07:28 - 2009-11-13 22:12 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-02 22:12 - 2012-04-20 05:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-02 21:29 - 2010-05-13 11:16 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\HpUpdate
2015-02-01 22:58 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-02-01 22:56 - 2014-03-21 15:30 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Roaming\KeePass
2015-02-01 22:53 - 2014-03-21 15:25 - 00000000 ____D () C:\Program Files (x86)\KeePass Password Safe 2
2015-02-01 20:43 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-02-01 20:22 - 2010-02-04 08:07 - 00000000 ____D () C:\Windows\Minidump
2015-02-01 20:21 - 2010-02-04 08:07 - 1176796061 _____ () C:\Windows\MEMORY.DMP
2015-02-01 20:09 - 2011-11-08 20:00 - 00000000 ____D () C:\ProgramData\CanonIJPLM
2015-02-01 19:40 - 2009-11-13 16:19 - 00000000 ____D () C:\Users\xxxxxxxxxxx
2015-01-31 15:58 - 2009-11-13 16:20 - 00000000 ____D () C:\Users\xxxxxxxxxxx\AppData\Local\Hewlett-Packard
2015-01-31 15:19 - 2012-05-03 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-01-31 12:29 - 2009-11-13 21:22 - 00000552 _____ () C:\Windows\Tasks\PCDRScheduledMaintenance.job
2015-01-25 22:14 - 2009-11-13 16:26 - 00133760 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-25 22:13 - 2009-07-14 05:45 - 00480016 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 21:45 - 2009-07-14 08:45 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 21:12 - 2012-04-20 05:05 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-01-25 21:12 - 2012-04-20 05:05 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-01-25 21:12 - 2011-05-15 06:01 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-01-24 13:52 - 2009-09-18 20:50 - 00000000 ____D () C:\ProgramData\Norton
2015-01-16 12:42 - 2013-08-16 06:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-16 12:14 - 2009-09-19 06:25 - 00699432 _____ () C:\Windows\system32\perfh007.dat
2015-01-16 12:14 - 2009-09-19 06:25 - 00149572 _____ () C:\Windows\system32\perfc007.dat
2015-01-16 12:14 - 2009-07-14 06:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-11 20:40 - 2012-02-10 09:24 - 00017447 _____ () C:\Users\xxxxxxxxxxx\Documents\SDK_Rückzahlungen.xlsx
==================== Files in the root of some directories =======
2009-11-17 21:52 - 2009-11-17 21:52 - 3211264 _____ () C:\Program Files (x86)\Common FilesDDBACSetup.msi
2013-11-27 23:46 - 2013-11-27 23:46 - 49940480 _____ () C:\Program Files (x86)\GUT57F0.tmp
2009-11-21 23:05 - 2014-08-04 07:09 - 0000151 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\default.rss
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Devices
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dialogs
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Dictionaries
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\Digital Basic
2009-12-14 20:53 - 2009-12-14 20:53 - 0000000 _____ () C:\Users\xxxxxxxxxxx\AppData\Roaming\downloads.m3u
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\images
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\Users\xxxxxxxxxxx\AppData\Roaming\libiconv
2012-11-04 16:56 - 2014-02-13 07:15 - 0007599 _____ () C:\Users\xxxxxxxxxxx\AppData\Local\Resmon.ResmonCfg
2009-11-16 20:29 - 2009-11-16 20:29 - 0000268 ___RH () C:\ProgramData\Abstract
2009-11-16 20:35 - 2009-11-16 20:35 - 0000012 ___RH () C:\ProgramData\Alerts
2009-11-16 20:29 - 2009-11-16 20:29 - 0000012 ___RH () C:\ProgramData\Analog Pad
2010-02-09 08:16 - 2010-02-09 08:16 - 0000268 ___RH () C:\ProgramData\Digital Light
2010-02-09 08:15 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\Digital Mono
2010-02-09 08:20 - 2010-02-09 08:20 - 0000268 ___RH () C:\ProgramData\DirectoryService
2009-12-23 11:17 - 2009-12-23 11:17 - 0000268 ___RH () C:\ProgramData\Displays
2010-02-09 08:16 - 2010-02-09 08:16 - 0000012 ___RH () C:\ProgramData\Licenses
2010-02-09 08:15 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\Limiter
2010-02-09 08:20 - 2010-02-09 08:20 - 0000012 ___RH () C:\ProgramData\MAS
2009-12-23 11:17 - 2009-12-23 11:17 - 0000012 ___RH () C:\ProgramData\MIDI Devices
2010-02-09 08:20 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbw.DAT
2010-02-09 08:13 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbx.DAT
2009-12-23 11:15 - 2014-08-13 07:45 - 0000020 ____H () C:\ProgramData\PKP_DLbz.DAT
2010-02-09 08:16 - 2010-02-09 08:16 - 0000020 ____H () C:\ProgramData\PKP_DLck.DAT
2009-11-16 20:35 - 2014-08-10 16:18 - 0000020 ____H () C:\ProgramData\PKP_DLdu.DAT
2009-11-16 20:29 - 2014-05-18 21:30 - 0000020 ____H () C:\ProgramData\PKP_DLdw.DAT
2009-11-16 20:35 - 2009-11-16 20:35 - 0000268 ___RH () C:\ProgramData\programs
2012-09-28 13:05 - 2012-09-28 13:05 - 0000138 _____ () C:\ProgramData\zltclhakprijrji
Some content of TEMP:
====================
C:\Users\xxxxxxxxxxx\AppData\Local\Temp\Quarantine.exe
C:\Users\xxxxxxxxxxx\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-24 12:39
==================== End Of Log ============================
--- --- --- |
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
Malwarebytes Anti-Malware 
