Hier die logs: Code:
# AdwCleaner v3.012 - Bericht erstellt am 14/11/2013 um 17:59:38
# Updated 11/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Mary - MARY-PC
# Gestartet von : C:\Users\Mary2\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Softonic
Ordner Gelöscht : C:\Users\Mary\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\Mary\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\Mary\AppData\Roaming\Softonic
Ordner Gelöscht : C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Datei Gelöscht : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\xzeg935l.default\searchplugins\softonic.xml
Datei Gelöscht : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\xzeg935l.default\user.js
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\Mary\Desktop\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\Mary\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\elchiiiejkobdbblfejjkbphbddgmljf
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\S
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.dskBnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Softonic.SoftonicHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\SoftonicApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\srv.SoftonicSrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{44B50C01-4993-48E2-ADEE-D812BAE2E9A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5018CFD2-804D-4C99-9F81-25EAEA2769DE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A3E2F089-DDBB-4CBF-B06C-5D44DA316ED3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A5679AB0-C59E-49E7-83C4-5289F844A6E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{CA0167C2-6295-41B8-9BDA-704B2F5E4CD9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11D9E165-B8C1-4734-A56C-BC4FCACA966B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{B15F118E-AF21-45E8-A809-29FDD7362565}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E87806B5-E908-45FD-AF5E-957D83E58E68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CF034EA-7B46-48D3-8895-8A14B32AE445}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{5018CFD2-804D-4C99-9F81-25EAEA2769DE}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{087CDC12-0A11-4D1D-8DCF-44185D7C3496}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{088BF3A9-6AE8-47B9-A3FB-26262F236C79}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2AC7B9EB-3881-4EB9-8DEE-0A731A309FDE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{349C0469-ACDD-49DF-9B3E-0D82E7C7DC4D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{41226591-6F7A-4082-B63A-67FE4A0CF7A6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55D69CD1-6715-4C40-BF05-9519AC4DC6E6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66C8FD57-54C4-4D4F-BC95-DCCC763B410A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{717BAE33-7061-4279-8AE5-6C13BC8AF3F9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{84F06F7A-F811-48D7-8B34-3F4145183D8F}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{88F6D55F-AA3F-4003-BE69-4AC1998D6492}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8DBCDED5-08AD-41A2-9BBC-235D84F4FE06}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A0F66203-1A86-4812-9603-A57E09A4D7A3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{BC39D1B3-4471-41C1-AACA-E097FAF4B7AA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DEB85542-1311-4EC6-8A32-5372EB27FC94}
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\smartbar
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Bar]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v25.0 (en-US)
[ Datei : C:\Users\Mary\AppData\Roaming\Mozilla\Firefox\Profiles\xzeg935l.default\prefs.js ]
Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=6824c50f-9445-5032-31da-353b0252f310&searchtype=nt&installDate=27/10/2013");
Zeile gelöscht : user_pref("extensions.Softonic.admin", false);
Zeile gelöscht : user_pref("extensions.Softonic.aflt", "OC");
Zeile gelöscht : user_pref("extensions.Softonic.appId", "{7ABBFE1C-E485-44AA-8F36-353751B4124D}");
Zeile gelöscht : user_pref("extensions.Softonic.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.dfltLng", "de");
Zeile gelöscht : user_pref("extensions.Softonic.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.Softonic.dnsErr", true);
Zeile gelöscht : user_pref("extensions.Softonic.excTlbr", false);
Zeile gelöscht : user_pref("extensions.Softonic.ffxUnstlRst", false);
Zeile gelöscht : user_pref("extensions.Softonic.hmpg", true);
Zeile gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=13&cc=&mi=f6cb62df00000000000000ffb6870569");
Zeile gelöscht : user_pref("extensions.Softonic.id", "f6cb62df00000000000000ffb6870569");
Zeile gelöscht : user_pref("extensions.Softonic.instlDay", "16015");
Zeile gelöscht : user_pref("extensions.Softonic.instlRef", "MOY00621");
Zeile gelöscht : user_pref("extensions.Softonic.newTab", true);
Zeile gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/MOY00621/tb_v1/?SearchSource=15&cc=&mi=f6cb62df00000000000000ffb6870569");
Zeile gelöscht : user_pref("extensions.Softonic.prdct", "Softonic");
Zeile gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic");
Zeile gelöscht : user_pref("extensions.Softonic.rvrt", "false");
Zeile gelöscht : user_pref("extensions.Softonic.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrId", "opencandy2013");
Zeile gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/MOY00621/tb_v1?SearchSource=1&cc=&mi=f6cb62df00000000000000ffb6870569&q=");
Zeile gelöscht : user_pref("extensions.Softonic.vrsn", "1.8.21.14");
Zeile gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.8.21.1411:06:54");
Zeile gelöscht : user_pref("extensions.Softonic.vrsni", "1.8.21.14");
Zeile gelöscht : user_pref("keyword.URL", "hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=6824c50f-9445-5032-31da-353b0252f310&searchtype=ds&installDate=27/10/2013&q=");
[ Datei : C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "141fa880447b27211e6d9d6086742985");
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");
-\\ Google Chrome v31.0.1650.48
[ Datei : C:\Users\Mary\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : search_url
Gelöscht : urls_to_restore_on_startup
[ Datei : C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
Gelöscht : icon_url
Gelöscht : search_url
Gelöscht : keyword
Gelöscht : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [7134 octets] - [30/10/2013 08:07:52]
AdwCleaner[R1].txt - [1671 octets] - [06/11/2013 10:49:04]
AdwCleaner[R2].txt - [13482 octets] - [14/11/2013 17:56:09]
AdwCleaner[S0].txt - [6829 octets] - [30/10/2013 08:10:24]
AdwCleaner[S1].txt - [1680 octets] - [06/11/2013 10:53:32]
AdwCleaner[S2].txt - [11705 octets] - [14/11/2013 17:59:38]
########## EOF - \AdwCleaner\AdwCleaner[S2].txt - [11766 octets] ##########
Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Mary on 14.11.2013 at 21:34:59,05
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{D9F04F1E-F4D2-46A1-BB4A-2F7189DC58C0}
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\user.js
Emptied folder: C:\Users\Mary\AppData\Roaming\mozilla\firefox\profiles\xzeg935l.default\minidumps [1 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.11.2013 at 21:41:29,70
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2013
Ran by Mary2 (ATTENTION: The logged in user is not administrator) on MARY-PC on 14-11-2013 22:01:56
Running from C:\Users\Mary2\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Spotify Ltd) C:\Users\Mary2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Toshiba) C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Mary2\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe
() C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\brccMCtl.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11776104 2011-02-11] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [TosNC] - C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe [597928 2011-03-03] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2531624 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] - C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe [561152 2011-04-20] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] - C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] - C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [SandboxieControl] - "C:\Program Files\Sandboxie\SbieCtrl.exe"
HKCU\...\Run: [Spotify Web Helper] - C:\Users\Mary2\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1104384 2013-07-25] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\Mary2\AppData\Roaming\Spotify\spotify.exe [4640768 2013-07-25] (Spotify Ltd)
HKLM-x32\...\Run: [KeNotify] - C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [HWSetup] - C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [423936 2010-03-04] (TOSHIBA Electronics, Inc.)
HKLM-x32\...\Run: [ToshibaServiceStation] - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ITSecMng] - C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968 2013-08-30] (AVAST Software)
HKLM-x32\...\Run: [BrMfcWnd] - C:\Program Files (x86)\Brother\Brmfcmon\BrMfcWnd.exe [1159168 2009-05-26] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [ControlCenter3] - C:\Program Files (x86)\Brother\ControlCenter3\BrCtrCen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [UIExec] - C:\Program Files (x86)\Mobile Partner Manager\UIExec.exe [138584 2010-07-16] ()
AppInit_DLLs: [ ] ()
AppInit_DLLs-x32: [ ] ()
Startup: C:\Users\Mary2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Mary2\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF459B39D4F1FCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.snapdo.com/?publisher=Tuguu&dpid=TuguuCR&co=DE&userid=6824c50f-9445-5032-31da-353b0252f310&searchtype=ds&q={searchTerms}&installDate=27/10/2013
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: SwissAcademic.Citavi.Picker.IEPicker - {609D670F-B735-4da7-AC6D-F3BD358E325E} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
FireFox:
========
FF ProfilePath: C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default
FF NewTab: hxxp://www.google.com/firefox
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: WOT - C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: groovesharkUnlocker - C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\Extensions\groovesharkUnlocker@overlord1337.xpi
FF Extension: langpack-de - C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\Extensions\langpack-de@firefox.mozilla.org.xpi
FF Extension: No Name - C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\Extensions\{338e0b96-2285-4424-b4c8-e25560750fa3}.xpi
FF Extension: noscript - C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Adblock Plus - C:\Users\Mary2\AppData\Roaming\Mozilla\Firefox\Profiles\vgqfjlso.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKLM-x32\...\Firefox\Extensions: [{8AA36F4F-6DC7-4c06-77AF-5035170634FE}] - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
FF Extension: Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Web) - hxxp://www.google.com
CHR DefaultSuggestURL: (Web) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (Google Docs) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.10_0
CHR Extension: (avast! Online Security) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.11_0
CHR Extension: (Gmail) - C:\Users\Mary2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [46808 2013-08-30] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [137960 2013-08-30] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [1809920 2010-08-04] (Realsil Microelectronics Inc.)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [399432 2012-09-07] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [676936 2012-09-07] (Malwarebytes Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 OpenVPNService; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [14848 2011-12-15] ()
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1326176 2012-06-27] (Secunia)
S2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [681056 2012-06-27] (Secunia)
R2 UI Assistant Service; C:\Program Files (x86)\Mobile Partner Manager\AssistantServices.exe [252784 2010-07-16] ()
R2 WebUpdate4; C:\Windows\SysWOW64\WebUpdateSvc4.exe [293992 2013-03-07] (Data Perceptions / PowerProgrammer)
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [33400 2013-08-30] (AVAST Software)
R1 aswFW; C:\Windows\System32\Drivers\aswFW.sys [131232 2013-08-30] (AVAST Software)
R0 aswKbd; C:\Windows\System32\Drivers\aswKbd.sys [22600 2013-08-30] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [80816 2013-08-30] (AVAST Software)
R0 aswNdis; C:\Windows\System32\DRIVERS\aswNdis.sys [12368 2012-07-13] (ALWIL Software)
R0 aswNdis2; C:\Windows\System32\Drivers\aswNdis2.sys [270824 2013-08-30] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [72016 2013-08-30] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65336 2013-08-30] ()
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [1030952 2013-08-30] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [378944 2013-08-30] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [64288 2013-08-30] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [204880 2013-08-30] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-11-06] (Disc Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2012-09-07] (Malwarebytes Corporation)
S3 AFSLibrary; system32\DRIVERS\AFSRedirLib.sys [x]
S1 AFSRedirector; system32\DRIVERS\AFSRedir.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-14 22:01 - 2013-11-14 22:01 - 01957794 _____ (Farbar) C:\Users\Mary2\Downloads\FRST64.exe
2013-11-14 22:01 - 2013-11-14 22:01 - 00016891 _____ C:\Users\Mary2\Downloads\FRST.txt
2013-11-14 21:51 - 2013-11-14 21:51 - 01957794 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2013-11-14 21:49 - 2013-11-14 21:49 - 00000942 _____ C:\Users\Mary2\Desktop\JRT.txt
2013-11-14 21:41 - 2013-11-14 21:41 - 00000942 _____ C:\Users\Mary\Desktop\JRT.txt
2013-11-14 21:34 - 2013-11-14 21:34 - 01034531 _____ (Thisisu) C:\Users\Mary2\Downloads\JRT.exe
2013-11-14 21:34 - 2013-11-14 21:34 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 17:52 - 2013-11-14 17:52 - 01085542 _____ C:\Users\Mary2\Downloads\adwcleaner.exe
2013-11-14 17:49 - 2013-11-14 17:49 - 00000000 ____D C:\Users\Mary2\Documents\timeseries tool
2013-11-14 10:03 - 2013-11-14 11:04 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 10:03 - 2013-11-14 10:03 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 10:02 - 2013-11-14 11:04 - 00000000 ____D C:\Users\Mary\Desktop\mbar
2013-11-14 10:02 - 2013-11-14 10:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Users\Mary2\Desktop\malewarebyte
2013-11-14 06:28 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-14 06:28 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-14 06:28 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-14 06:28 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-14 06:28 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-14 06:28 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-14 06:28 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-14 06:28 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-14 06:28 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-14 06:28 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-14 06:28 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-14 06:28 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-14 06:27 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 20:33 - 2013-11-13 20:34 - 00028250 _____ C:\Users\Mary2\Desktop\logs.zip
2013-11-13 20:16 - 2013-11-13 20:16 - 722306550 _____ C:\Windows\MEMORY.DMP
2013-11-13 20:16 - 2013-11-13 20:16 - 00000000 ____D C:\Windows\Minidump
2013-11-13 19:54 - 2013-11-13 19:54 - 00377856 _____ C:\Users\Mary2\Desktop\gmer_2.1.19163.exe
2013-11-13 19:47 - 2013-11-13 19:47 - 00000000 ____D C:\FRST
2013-11-13 19:45 - 2013-11-13 19:45 - 00000168 _____ C:\Users\Mary\defogger_reenable
2013-11-13 19:44 - 2013-11-13 19:44 - 00050477 _____ C:\Users\Mary2\Desktop\Defogger.exe
2013-11-13 05:29 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 05:29 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 05:29 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 05:29 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 05:29 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 05:29 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 05:29 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 05:29 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 05:29 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 05:29 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 05:29 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 05:29 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 05:29 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 05:29 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 05:29 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 05:29 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 05:29 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 05:29 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 05:29 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 05:29 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 05:29 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 05:29 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 05:29 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 05:29 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 05:29 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 05:29 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 05:29 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 05:29 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 05:29 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 05:29 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-10 01:10 - 2013-11-10 01:11 - 00000000 ____D C:\Users\Mary2\Documents\biomedizinische signal und datenanalyse
2013-11-06 11:33 - 2013-11-06 11:33 - 00000012 _____ C:\Users\Mary2\Desktop\biomedizinische.txt
2013-11-06 11:08 - 2013-11-06 11:08 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-11-06 11:07 - 2013-11-06 11:07 - 00001957 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-11-06 11:06 - 2013-11-06 11:06 - 00000000 ____D C:\Users\Mary\AppData\Roaming\TuneUp Software
2013-11-06 11:05 - 2013-11-06 11:06 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-11-06 11:05 - 2013-11-06 11:05 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-11-06 11:05 - 2013-11-06 11:05 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-06 11:05 - 2013-11-06 11:05 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-11-06 11:03 - 2013-11-06 11:04 - 13485616 _____ (Disc Soft Ltd) C:\Users\Mary\Downloads\DTLite4481-0347.exe
2013-11-06 10:57 - 2013-11-06 10:57 - 00001680 _____ C:\Users\Mary\Desktop\AdwCleaner[S1].txt
2013-11-06 10:47 - 2013-11-06 10:47 - 01073258 _____ C:\Users\Mary\Downloads\adw311cleaner(1).exe
2013-11-06 10:46 - 2013-11-06 10:47 - 01073258 _____ C:\Users\Mary\Downloads\adw311cleaner.exe
2013-11-06 10:44 - 2013-11-06 10:44 - 13485616 _____ (Disc Soft Ltd) C:\Users\Mary2\Downloads\DTLite4481-0347.exe
2013-10-30 08:07 - 2013-11-14 17:59 - 00000000 ____D C:\AdwCleaner
2013-10-30 07:43 - 2013-10-30 07:43 - 23294592 _____ (Mozilla) C:\Users\Mary2\Downloads\Firefox_Setup_25.0.exe
2013-10-30 00:59 - 2013-10-30 01:00 - 02753344 _____ (AVAST Software) C:\Users\Mary2\Downloads\avast-browser-cleanup.exe
2013-10-28 23:28 - 2013-10-28 23:30 - 00000000 ____D C:\Users\Mary2\Desktop\kölner
2013-10-28 12:10 - 2013-10-28 12:11 - 00000000 ____D C:\Users\Mary2\Documents\Bayes und multiple imputationen
2013-10-27 17:38 - 2013-10-27 18:56 - 00002704 _____ C:\Users\Mary2\skript_1.m
2013-10-27 17:28 - 2013-10-27 17:28 - 00000000 ____D C:\Users\Mary2\Desktop\Octave chek
2013-10-27 17:20 - 2013-10-27 17:20 - 00000083 _____ C:\.octave_hist
2013-10-27 17:19 - 2013-10-27 17:19 - 00001977 _____ C:\Users\Public\Desktop\Octave 3.6.4.lnk
2013-10-27 17:19 - 2013-10-27 17:19 - 00000000 ____D C:\Program Files\octave2
2013-10-27 17:17 - 2013-10-27 17:18 - 71487169 _____ C:\Users\Mary2\Downloads\octave-3.6.4-vs2010-setup(1).exe
2013-10-27 17:15 - 2013-10-27 17:15 - 00000128 _____ C:\Users\Mary2\.octave_hist
2013-10-27 17:09 - 2013-10-27 17:09 - 00001993 _____ C:\Users\Public\Desktop\Octave-3.2.4.lnk
2013-10-27 17:03 - 2013-10-27 17:06 - 00000000 ____D C:\Program Files\Octave
2013-10-27 17:01 - 2013-10-27 17:02 - 72987453 _____ C:\Users\Mary2\Downloads\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe
2013-10-27 16:56 - 2013-10-27 16:55 - 00737280 _____ C:\Users\Mary2\Desktop\signal-1.2.2.tar-1
2013-10-27 16:46 - 2013-10-27 16:49 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-27 16:39 - 2013-10-27 16:41 - 00000000 _____ C:\Users\Mary2\Downloads\octave-3.6.4-vs2010-setup.exe
2013-10-27 16:32 - 2013-10-27 16:41 - 02143152 _____ C:\Users\Mary2\Downloads\octave-3.6.4-vs2010-setup.exe.part
2013-10-27 16:29 - 2013-10-27 16:21 - 00737280 _____ C:\Users\Mary2\Downloads\signal-1.2.2.tar
2013-10-27 16:25 - 2013-11-14 17:59 - 00001086 _____ C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-10-27 16:25 - 2013-11-14 17:59 - 00001056 _____ C:\Users\Mary\Desktop\Search.lnk
2013-10-27 16:22 - 2013-10-27 16:22 - 00319672 _____ C:\Users\Mary2\Downloads\7-zip.exe
2013-10-27 16:21 - 2013-10-27 16:21 - 00161734 _____ C:\Users\Mary2\Downloads\signal-1.2.2.tar.gz
2013-10-27 14:36 - 2013-11-06 11:07 - 00000000 ____D C:\Users\Mary\AppData\Roaming\DAEMON Tools Lite
2013-10-27 14:34 - 2013-11-06 11:07 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-10-27 14:33 - 2013-10-27 14:33 - 00000164 _____ C:\Users\Mary\AppData\Roaming\NIM-Default-Keystore.bin
2013-10-27 14:32 - 2013-10-27 14:32 - 13901152 _____ (Disc Soft Ltd) C:\Users\Mary2\Downloads\DTLite4471-0333.exe
2013-10-26 18:03 - 2013-10-26 18:03 - 00000164 _____ C:\Users\Mary2\AppData\Roaming\NIM-Default-Keystore.bin
2013-10-24 11:14 - 2013-10-24 11:14 - 00000000 ____D C:\Program Files\MIT
2013-10-24 11:13 - 2013-10-24 11:13 - 05207040 _____ C:\Users\Mary2\Downloads\netidmgr-AMD64-rel-2_0_102_907.msi
2013-10-24 11:08 - 2013-10-24 11:08 - 00000000 ____D C:\Neuer Ordner
2013-10-24 11:03 - 2013-10-24 11:03 - 00000408 _____ C:\Users\Mary2\Downloads\krb5.conf
2013-10-24 11:02 - 2013-10-24 11:02 - 00000000 ____D C:\ProgramData\Kerberos
2013-10-24 11:01 - 2013-10-24 11:01 - 08200192 _____ C:\Users\Mary2\Downloads\Heimdal-AMD64-full-1-5-100-930.msi
2013-10-24 11:01 - 2013-10-24 11:01 - 00000169 _____ C:\Windows\krb.con
2013-10-24 11:01 - 2013-10-24 11:01 - 00000069 _____ C:\Windows\krbrealm.con
2013-10-24 11:01 - 2013-10-24 11:01 - 00000000 ____D C:\Program Files (x86)\MIT
2013-10-24 10:58 - 2013-10-24 10:58 - 06722256 _____ (Massachusetts Institute of Technology) C:\Users\Mary2\Downloads\kfw-i386-3-2-2.exe
2013-10-24 10:53 - 2013-10-27 16:49 - 00000000 ____D C:\Program Files\OpenAFS
2013-10-24 10:51 - 2013-10-27 16:48 - 00000000 ____D C:\Program Files (x86)\OpenAFS
2013-10-24 10:51 - 2013-10-24 10:52 - 21049344 _____ C:\Users\Mary2\Downloads\openafs-en_US-64bit-1-7-2700.msi
2013-10-24 10:49 - 2013-10-24 10:49 - 08974336 _____ C:\Users\Mary2\Downloads\openafs-32bit-tools-en_US-1-7-2700.msi
2013-10-18 17:20 - 2013-10-18 17:19 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-18 17:19 - 2013-10-18 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-18 17:19 - 2013-10-18 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-18 17:19 - 2013-10-18 17:19 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-18 17:19 - 2013-10-18 17:19 - 00000000 ____D C:\Program Files\Java
2013-10-18 17:18 - 2013-10-18 17:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-18 17:18 - 2013-10-18 17:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-18 17:18 - 2013-10-18 17:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-18 17:18 - 2013-10-18 17:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-18 17:18 - 2013-10-18 17:18 - 00000000 ____D C:\Program Files (x86)\Java
==================== One Month Modified Files and Folders =======
2013-11-14 22:02 - 2013-11-14 22:01 - 00016891 _____ C:\Users\Mary2\Downloads\FRST.txt
2013-11-14 22:02 - 2012-09-26 18:19 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-14 22:01 - 2013-11-14 22:01 - 01957794 _____ (Farbar) C:\Users\Mary2\Downloads\FRST64.exe
2013-11-14 21:59 - 2012-08-20 18:59 - 00000000 ____D C:\Users\Mary2\AppData\Roaming\Spotify
2013-11-14 21:58 - 2013-01-03 21:21 - 00000000 ____D C:\Users\Mary2\AppData\Roaming\Dropbox
2013-11-14 21:57 - 2013-01-03 21:22 - 00000000 ___RD C:\Users\Mary2\Dropbox
2013-11-14 21:56 - 2012-09-26 18:19 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-14 21:56 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-14 21:56 - 2009-07-14 05:51 - 00070103 _____ C:\Windows\setupact.log
2013-11-14 21:55 - 2012-07-24 21:01 - 02095491 _____ C:\Windows\WindowsUpdate.log
2013-11-14 21:51 - 2013-11-14 21:51 - 01957794 _____ (Farbar) C:\Users\Mary\Downloads\FRST64.exe
2013-11-14 21:49 - 2013-11-14 21:49 - 00000942 _____ C:\Users\Mary2\Desktop\JRT.txt
2013-11-14 21:41 - 2013-11-14 21:41 - 00000942 _____ C:\Users\Mary\Desktop\JRT.txt
2013-11-14 21:34 - 2013-11-14 21:34 - 01034531 _____ (Thisisu) C:\Users\Mary2\Downloads\JRT.exe
2013-11-14 21:34 - 2013-11-14 21:34 - 00000000 ____D C:\Windows\ERUNT
2013-11-14 21:32 - 2011-04-12 08:43 - 00654400 _____ C:\Windows\system32\perfh007.dat
2013-11-14 21:32 - 2011-04-12 08:43 - 00130240 _____ C:\Windows\system32\perfc007.dat
2013-11-14 21:32 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-14 21:31 - 2012-08-21 19:56 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-14 18:09 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-14 18:09 - 2009-07-14 05:45 - 00021808 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-14 18:04 - 2012-07-25 22:28 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-14 18:04 - 2012-07-25 22:28 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-14 17:59 - 2013-10-30 08:07 - 00000000 ____D C:\AdwCleaner
2013-11-14 17:59 - 2013-10-27 16:25 - 00001086 _____ C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2013-11-14 17:59 - 2013-10-27 16:25 - 00001056 _____ C:\Users\Mary\Desktop\Search.lnk
2013-11-14 17:59 - 2013-01-10 22:18 - 00000000 ____D C:\Users\Mary2\Documents\Bewerbung
2013-11-14 17:52 - 2013-11-14 17:52 - 01085542 _____ C:\Users\Mary2\Downloads\adwcleaner.exe
2013-11-14 17:49 - 2013-11-14 17:49 - 00000000 ____D C:\Users\Mary2\Documents\timeseries tool
2013-11-14 11:04 - 2013-11-14 10:03 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-11-14 11:04 - 2013-11-14 10:02 - 00000000 ____D C:\Users\Mary\Desktop\mbar
2013-11-14 10:03 - 2013-11-14 10:03 - 00116440 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-11-14 10:02 - 2013-11-14 10:02 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-11-14 09:59 - 2013-11-14 09:59 - 00000000 ____D C:\Users\Mary2\Desktop\malewarebyte
2013-11-14 06:27 - 2013-07-28 20:59 - 00000000 ____D C:\Windows\system32\MRT
2013-11-14 06:27 - 2012-07-25 18:33 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-14 06:25 - 2012-07-25 19:33 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-14 06:24 - 2013-01-21 23:34 - 00000000 ____D C:\Users\Mary2\AppData\Roaming\Skype
2013-11-13 20:34 - 2013-11-13 20:33 - 00028250 _____ C:\Users\Mary2\Desktop\logs.zip
2013-11-13 20:16 - 2013-11-13 20:16 - 722306550 _____ C:\Windows\MEMORY.DMP
2013-11-13 20:16 - 2013-11-13 20:16 - 00000000 ____D C:\Windows\Minidump
2013-11-13 19:54 - 2013-11-13 19:54 - 00377856 _____ C:\Users\Mary2\Desktop\gmer_2.1.19163.exe
2013-11-13 19:47 - 2013-11-13 19:47 - 00000000 ____D C:\FRST
2013-11-13 19:45 - 2013-11-13 19:45 - 00000168 _____ C:\Users\Mary\defogger_reenable
2013-11-13 19:45 - 2012-07-24 21:10 - 00000000 ____D C:\Users\Mary
2013-11-13 19:44 - 2013-11-13 19:44 - 00050477 _____ C:\Users\Mary2\Desktop\Defogger.exe
2013-11-10 20:45 - 2013-01-28 18:21 - 00000000 ____D C:\Users\Mary2\Documents\bank
2013-11-10 01:11 - 2013-11-10 01:10 - 00000000 ____D C:\Users\Mary2\Documents\biomedizinische signal und datenanalyse
2013-11-06 21:40 - 2010-11-21 04:47 - 00242064 _____ C:\Windows\PFRO.log
2013-11-06 11:33 - 2013-11-06 11:33 - 00000012 _____ C:\Users\Mary2\Desktop\biomedizinische.txt
2013-11-06 11:13 - 2012-07-26 17:26 - 00000000 ____D C:\Users\Mary\AppData\Roaming\Spotify
2013-11-06 11:08 - 2013-11-06 11:08 - 00000000 ____D C:\Users\Public\Documents\DAEMON Tools Images
2013-11-06 11:07 - 2013-11-06 11:07 - 00001957 _____ C:\Users\Public\Desktop\DAEMON Tools Lite.lnk
2013-11-06 11:07 - 2013-10-27 14:36 - 00000000 ____D C:\Users\Mary\AppData\Roaming\DAEMON Tools Lite
2013-11-06 11:07 - 2013-10-27 14:34 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2013-11-06 11:06 - 2013-11-06 11:06 - 00000000 ____D C:\Users\Mary\AppData\Roaming\TuneUp Software
2013-11-06 11:06 - 2013-11-06 11:05 - 00000000 ____D C:\ProgramData\TuneUp Software
2013-11-06 11:05 - 2013-11-06 11:05 - 00283064 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtsoftbus01.sys
2013-11-06 11:05 - 2013-11-06 11:05 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2013-11-06 11:05 - 2013-11-06 11:05 - 00000000 ____D C:\Program Files (x86)\DAEMON Tools Lite
2013-11-06 11:04 - 2013-11-06 11:03 - 13485616 _____ (Disc Soft Ltd) C:\Users\Mary\Downloads\DTLite4481-0347.exe
2013-11-06 10:58 - 2012-07-25 18:19 - 00000000 ____D C:\Users\Mary\AppData\Local\Mozilla
2013-11-06 10:57 - 2013-11-06 10:57 - 00001680 _____ C:\Users\Mary\Desktop\AdwCleaner[S1].txt
2013-11-06 10:47 - 2013-11-06 10:47 - 01073258 _____ C:\Users\Mary\Downloads\adw311cleaner(1).exe
2013-11-06 10:47 - 2013-11-06 10:46 - 01073258 _____ C:\Users\Mary\Downloads\adw311cleaner.exe
2013-11-06 10:44 - 2013-11-06 10:44 - 13485616 _____ (Disc Soft Ltd) C:\Users\Mary2\Downloads\DTLite4481-0347.exe
2013-10-30 08:12 - 2013-02-03 18:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-10-30 07:44 - 2013-09-14 11:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-10-30 07:44 - 2013-02-03 18:35 - 00001154 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2013-10-30 07:43 - 2013-10-30 07:43 - 23294592 _____ (Mozilla) C:\Users\Mary2\Downloads\Firefox_Setup_25.0.exe
2013-10-30 01:00 - 2013-10-30 00:59 - 02753344 _____ (AVAST Software) C:\Users\Mary2\Downloads\avast-browser-cleanup.exe
2013-10-29 19:57 - 2013-04-17 14:47 - 00000000 ____D C:\Users\Mary2\Documents\Aktuelle Trends in der psychologischen Methodenlehre
2013-10-28 23:30 - 2013-10-28 23:28 - 00000000 ____D C:\Users\Mary2\Desktop\kölner
2013-10-28 12:11 - 2013-10-28 12:10 - 00000000 ____D C:\Users\Mary2\Documents\Bayes und multiple imputationen
2013-10-27 18:56 - 2013-10-27 17:38 - 00002704 _____ C:\Users\Mary2\skript_1.m
2013-10-27 17:38 - 2012-08-01 20:50 - 00000000 ____D C:\Users\Mary2
2013-10-27 17:28 - 2013-10-27 17:28 - 00000000 ____D C:\Users\Mary2\Desktop\Octave chek
2013-10-27 17:20 - 2013-10-27 17:20 - 00000083 _____ C:\.octave_hist
2013-10-27 17:19 - 2013-10-27 17:19 - 00001977 _____ C:\Users\Public\Desktop\Octave 3.6.4.lnk
2013-10-27 17:19 - 2013-10-27 17:19 - 00000000 ____D C:\Program Files\octave2
2013-10-27 17:18 - 2013-10-27 17:17 - 71487169 _____ C:\Users\Mary2\Downloads\octave-3.6.4-vs2010-setup(1).exe
2013-10-27 17:15 - 2013-10-27 17:15 - 00000128 _____ C:\Users\Mary2\.octave_hist
2013-10-27 17:11 - 2012-08-01 20:50 - 00000000 ____D C:\Users\Mary2\AppData\Local\VirtualStore
2013-10-27 17:09 - 2013-10-27 17:09 - 00001993 _____ C:\Users\Public\Desktop\Octave-3.2.4.lnk
2013-10-27 17:06 - 2013-10-27 17:03 - 00000000 ____D C:\Program Files\Octave
2013-10-27 17:02 - 2013-10-27 17:01 - 72987453 _____ C:\Users\Mary2\Downloads\Octave-3.2.4_i686-pc-mingw32_gcc-4.4.0_setup.exe
2013-10-27 16:55 - 2013-10-27 16:56 - 00737280 _____ C:\Users\Mary2\Desktop\signal-1.2.2.tar-1
2013-10-27 16:49 - 2013-10-27 16:46 - 00000000 ____D C:\Windows\system32\appmgmt
2013-10-27 16:49 - 2013-10-24 10:53 - 00000000 ____D C:\Program Files\OpenAFS
2013-10-27 16:48 - 2013-10-24 10:51 - 00000000 ____D C:\Program Files (x86)\OpenAFS
2013-10-27 16:47 - 2012-07-24 21:11 - 00000000 ___RD C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-27 16:41 - 2013-10-27 16:39 - 00000000 _____ C:\Users\Mary2\Downloads\octave-3.6.4-vs2010-setup.exe
2013-10-27 16:41 - 2013-10-27 16:32 - 02143152 _____ C:\Users\Mary2\Downloads\octave-3.6.4-vs2010-setup.exe.part
2013-10-27 16:25 - 2011-02-19 23:03 - 00420944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp100.dll
2013-10-27 16:25 - 2011-02-19 00:40 - 00773712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr100.dll
2013-10-27 16:22 - 2013-10-27 16:22 - 00319672 _____ C:\Users\Mary2\Downloads\7-zip.exe
2013-10-27 16:21 - 2013-10-27 16:29 - 00737280 _____ C:\Users\Mary2\Downloads\signal-1.2.2.tar
2013-10-27 16:21 - 2013-10-27 16:21 - 00161734 _____ C:\Users\Mary2\Downloads\signal-1.2.2.tar.gz
2013-10-27 14:33 - 2013-10-27 14:33 - 00000164 _____ C:\Users\Mary\AppData\Roaming\NIM-Default-Keystore.bin
2013-10-27 14:33 - 2012-07-24 21:11 - 00000000 ___RD C:\Users\Mary\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-27 14:32 - 2013-10-27 14:32 - 13901152 _____ (Disc Soft Ltd) C:\Users\Mary2\Downloads\DTLite4471-0333.exe
2013-10-26 18:03 - 2013-10-26 18:03 - 00000164 _____ C:\Users\Mary2\AppData\Roaming\NIM-Default-Keystore.bin
2013-10-24 17:23 - 2013-01-21 23:34 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-24 17:23 - 2013-01-21 23:34 - 00000000 ____D C:\ProgramData\Skype
2013-10-24 11:14 - 2013-10-24 11:14 - 00000000 ____D C:\Program Files\MIT
2013-10-24 11:13 - 2013-10-24 11:13 - 05207040 _____ C:\Users\Mary2\Downloads\netidmgr-AMD64-rel-2_0_102_907.msi
2013-10-24 11:08 - 2013-10-24 11:08 - 00000000 ____D C:\Neuer Ordner
2013-10-24 11:03 - 2013-10-24 11:03 - 00000408 _____ C:\Users\Mary2\Downloads\krb5.conf
2013-10-24 11:02 - 2013-10-24 11:02 - 00000000 ____D C:\ProgramData\Kerberos
2013-10-24 11:01 - 2013-10-24 11:01 - 08200192 _____ C:\Users\Mary2\Downloads\Heimdal-AMD64-full-1-5-100-930.msi
2013-10-24 11:01 - 2013-10-24 11:01 - 00000169 _____ C:\Windows\krb.con
2013-10-24 11:01 - 2013-10-24 11:01 - 00000069 _____ C:\Windows\krbrealm.con
2013-10-24 11:01 - 2013-10-24 11:01 - 00000000 ____D C:\Program Files (x86)\MIT
2013-10-24 10:58 - 2013-10-24 10:58 - 06722256 _____ (Massachusetts Institute of Technology) C:\Users\Mary2\Downloads\kfw-i386-3-2-2.exe
2013-10-24 10:52 - 2013-10-24 10:51 - 21049344 _____ C:\Users\Mary2\Downloads\openafs-en_US-64bit-1-7-2700.msi
2013-10-24 10:49 - 2013-10-24 10:49 - 08974336 _____ C:\Users\Mary2\Downloads\openafs-32bit-tools-en_US-1-7-2700.msi
2013-10-18 17:19 - 2013-10-18 17:20 - 00312744 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-10-18 17:19 - 2013-10-18 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-10-18 17:19 - 2013-10-18 17:19 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-10-18 17:19 - 2013-10-18 17:19 - 00108968 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2013-10-18 17:19 - 2013-10-18 17:19 - 00000000 ____D C:\Program Files\Java
2013-10-18 17:18 - 2013-10-18 17:18 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-18 17:18 - 2013-10-18 17:18 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-18 17:18 - 2013-10-18 17:18 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-18 17:18 - 2013-10-18 17:18 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-18 17:18 - 2013-10-18 17:18 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-17 23:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
Some content of TEMP:
====================
C:\Users\Mary\AppData\Local\Temp\7-zip.exe
C:\Users\Mary\AppData\Local\Temp\BackupSetup.exe
C:\Users\Mary\AppData\Local\Temp\cpufeature.exe
C:\Users\Mary\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Mary\AppData\Local\Temp\ose00000.exe
C:\Users\Mary\AppData\Local\Temp\powerfoxinstaller.exe
C:\Users\Mary\AppData\Local\Temp\Quarantine.exe
C:\Users\Mary\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Mary\AppData\Local\Temp\_is59C3.exe
C:\Users\Mary\AppData\Local\Temp\_isABAA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== End Of Log ============================
--- --- --- |
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Lesestoff:
AdwCleaner auf deinen Desktop.
FRST 32-Bit | FRST 64-Bit
TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
