| berufspyroma | 18.03.2014 12:40 |
Avira meldet mir /Adware/Installcore.gen als virus beim download
Hier erst mal der log zu adwcleaner : Code:
# AdwCleaner v3.022 - Bericht erstellt am 18/03/2014 um 12:26:58
# Aktualisiert 13/03/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Gerrit Lamade - GERRITLAMADE-PC
# Gestartet von : C:\Users\Gerrit Lamade\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Speed Maximizer
Ordner Gelöscht : C:\Program Files (x86)\openit
Ordner Gelöscht : C:\Program Files (x86)\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\DigitalSites
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Media Finder
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gerrit Lamade\Documents\PC Speed Maximizer
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\SweetPacksToolbarData
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\anttoolbar@ant.com
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\EFGLQA@78ETGYN-0W7FN789T87.COM
Ordner Gelöscht : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\plugin@yontoo.com.xpi
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\babylon1.xml
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\searchplugins\SweetIm.xml
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage
Datei Gelöscht : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.babylon.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\Tasks\Digital Sites.job
Datei Gelöscht : C:\Windows\System32\Tasks\Digital Sites
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [PC Speed Maximizer]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\MF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetim_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\sweetpacksupdatemanager_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gelöscht : HKCU\Software\ded788b36ebd48
Schlüssel Gelöscht : HKLM\SOFTWARE\ded788b36ebd48
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gimp_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\MediaFinder
Schlüssel Gelöscht : HKCU\Software\pc speed maximizer
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\openit open it!
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v0.0.0.0
-\\ Mozilla Firefox v17.0.1 (de)
[ Datei : C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\prefs.js ]
Zeile gelöscht : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112670&tt=5112_3&babsrc=HP_sst&mntrId=f89a7ba90000000000002a7c8f55afac");
Zeile gelöscht : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112670&tt=5112_3&babsrc=HP_sst&mntrId=f89a7ba90000000000002a7c8f55afac|hxxp://www.giga.de/");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", "3");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.dpkLst", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "BCE4E5FDB0BCB417A09E90930707B431");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.id", "f89a7ba90000000000002a7c8f55afac");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlDay", "15696");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.7.210:20:02");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"62\",\"lastVrsn\":\"62\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.sg", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=f89a7ba90000000000002a7c8f55afac&q=");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsn", "1.8.7.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar.vrsni", "1.8.7.2");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112670&tt=5112_3");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.srcExt", "sst");
Zeile gelöscht : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.7.210:20:04");
Zeile gelöscht : user_pref("extentions.y2layers.installId", "DB2AC404-E88C-4EA2-FF19-EDCCCEAF4C92");
Zeile gelöscht : user_pref("extentions.y2layers.installId_backup", "DB2AC404-E88C-4EA2-FF19-EDCCCEAF4C92");
Zeile gelöscht : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.cda.returnValue", "hide");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff.asp?lang=$locale_id;&toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Zeile gelöscht : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.created", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.newtab.enable", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.prad.initialized_by_rc", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.ask.com?o=10148&l=dis&tb=ARS");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Zeile gelöscht : user_pref("sweetim.toolbar.rc.url", "hxxp://www.sweetim.com/simffbar/rc.html?toolbar_version=$ITEM_VERSION;&crg=$cargo;");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.callback", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.elementid", "id_predict_include_script");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.id", "id_script_prad");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.callback", "simVerification");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.elementid", "id_script_sim_fb");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.id", "id_script_fb_hxxpS");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.2.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history", "niky%20bondageforte");
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "0");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{6E3AD03D-A437-11E1-A18C-206A8A2A6533}");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={6E3AD03D-A437-11E1-A18C-206A8A2A6533}");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.9.0.0");
-\\ Google Chrome v33.0.1750.154
[ Datei : C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [17994 octets] - [18/03/2014 12:20:04]
AdwCleaner[R1].txt - [18199 octets] - [18/03/2014 12:25:47]
AdwCleaner[S0].txt - [17688 octets] - [18/03/2014 12:26:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17749 octets] ##########
JRT log: Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Home Premium x64
Ran by Gerrit Lamade on 18.03.2014 at 12:31:59,27
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3766026839-3968851945-2601719143-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\AboutURLs\\Tabs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3766026839-3968851945-2601719143-1001\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A899DAE3-52DB-4A99-A663-6787560641B9}
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{10B0A3B7-F676-4B17-90C3-99155A7E6150}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{114F5E76-0B41-4F7C-B3AE-F238A545009D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{1194412D-EBCD-40AD-99DE-9C557B5EB23F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{21BCBC58-1FD1-4663-A2B8-F7E0E09C7563}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{22AA1C08-4F6F-42FF-827C-370D76D716CD}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{22BCAEC3-9428-4EEE-B852-B6E3413946A8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{24D4B53D-B951-471B-B501-2BACE3E7879C}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{296297B6-E9FE-4ACF-8860-82DE46FC62FF}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{2982BD22-F77E-47AC-9063-1E5143BB0878}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{2C1055AD-6B68-42DB-B27D-8DBCA876B791}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{309A9E11-4601-469C-8C4E-36EC3D9A6DA5}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{30A6FC53-C427-46EF-A87D-FA4F8C0F3D5E}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{30E30265-47AB-44B8-9DA6-C0BB5946F01B}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{31CDE0A7-C93F-4F3C-9114-62F13B7A2F59}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3B7F10CA-746B-4FAC-923A-EF9D471A1FCC}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3C70C5A6-19E5-4434-B4FF-AF74348BE377}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3E2F7863-C86B-46E2-AB27-9260279C8397}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{3E3EEBB0-2ED5-4C62-96A8-3A1239CEDE4D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4199814F-D05A-4601-896F-D1AACA3FF542}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4444120C-82D5-4D73-A1C5-A66AEA3B17C8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4BA19534-D930-4CD4-A19D-EE7E948A17F5}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{4CEAB331-944D-47C2-9FDA-A7088F8D57A7}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{51457B08-F583-4673-ABFC-0EE824F46A0A}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{518E506D-12C8-4B81-813F-BE83978AB8BF}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{53FC1D8D-6BB5-4DBF-A564-55ABB9D9BB17}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{5544C6D8-6394-4DB7-B254-0C0E59B1FBB6}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{5B21C405-999C-4FCC-9847-DF491F820AC0}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{5CB3A3B1-76EE-47B5-8245-409CCD516B33}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{60E34792-2D3B-4CE7-8095-25F7E6B18FAB}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{61446E74-23DB-4612-B94F-2F28CDAA76FB}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{6D3D7A4F-0289-4E08-A4D9-5D195A6EDF03}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{6FE2F8B5-7375-42EF-94F0-A31BE37D2A16}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{73B081B7-4475-44C0-980C-F6A177E25EF8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{788FC708-11F8-42EB-8663-E74C1DCB2087}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{797CD386-1B7B-40E6-82DC-9D735006B4DA}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{79967808-4450-470E-8C55-CC1510571AA6}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{79C27B6A-532F-4D3A-B723-9CD00E0208D8}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{7ED5937E-9D9E-431C-B399-040175AE0DAA}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{849E9EED-353C-48E6-8F0E-E27E585A5BD2}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{895F1046-2BEE-451A-969A-BEE684322AFD}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{8AE76171-A38E-4D8A-A663-C2F4957DCB9F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{8B9C02CC-ECA3-4218-B0D2-1C038DF1AE0C}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{8DE8444C-6CA4-4D44-B5FD-969CC9621469}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{9071EC5A-1306-451E-A8F8-0D049A447385}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{91CD6B17-DD0D-4B4C-8249-97A0B93C3B2E}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{9E90A3AE-C739-47E0-B90F-B142D6609F18}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{A8F56588-9CF8-4477-9FFB-26A9D9AB284F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{AA5719D1-5E37-49BF-ACE3-364AD465B2A3}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{AD33541B-301D-468E-972D-B3E83A6AED6F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{AD36A682-1E68-46D8-ABC5-7FB55ACAEB4A}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B1746F1E-4B5B-483A-9815-82B79685D051}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B25754F7-D20F-4EBA-8E7C-0FA44CFCE526}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B328A4B6-8F96-4EEB-8ED7-D3C6FA8135E0}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B4344920-6934-4767-BDA6-FB3DD6EF81F4}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B5273F53-73B6-46C1-BEC2-329CB1AB6713}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B7D63159-975A-4EAD-BDE0-ECE041507990}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{B8D8543F-1FB6-4101-8E16-640720FEF63F}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{BE6ED236-5279-4AF6-A8A7-6371C4486A53}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C25BBEAB-5142-4818-904D-6F18A5C83268}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C263E0C8-6F05-42C7-87F9-46D21B1CBF80}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C729B94D-8A43-4122-8265-27D155F0661D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{C9851C6C-1B91-44EC-B5E3-A6775FA90DA7}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{CA0BBA8B-B9AE-4845-90F9-E2F87AF4298A}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{CB8D4333-64D6-4F58-8CA7-A139E95F7C15}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{D1C5E35C-D16B-47A1-848F-245FFEE0E58D}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{D9607F8F-D286-49FC-A556-7A0B20F95EEE}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{DABAD26F-C501-4049-B7B9-DCEC9412E7F3}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{DB3702EB-E0EE-41DB-B84E-C8F0286E37EE}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{DF5688EF-EB19-456A-8774-A17954B82D4B}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{E63C1D54-CF0E-427B-BA62-1955F351DCCB}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{E819AB9A-3ACF-4FA4-BCDA-DEF10CE2EA98}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{EA33A20F-F27C-4E5F-9ECC-66CD91541291}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{F4446CA5-26AC-4BEA-BA65-CA65CA5FBE82}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{FC2FBBFA-828E-43F9-B090-D352A0D21103}
Successfully deleted: [Empty Folder] C:\Users\Gerrit Lamade\appdata\local\{FD67FD8B-FA9C-4206-B0A2-E17F24B2762E}
~~~ FireFox
Successfully deleted: [File] C:\Users\Gerrit Lamade\AppData\Roaming\mozilla\firefox\profiles\qxttwuha.default\extensions\oneclickdownloader@oneclickdownloader.com.xpi
Emptied folder: C:\Users\Gerrit Lamade\AppData\Roaming\mozilla\firefox\profiles\qxttwuha.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 18.03.2014 at 12:37:21,81
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST log:
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Gerrit Lamade (administrator) on GERRITLAMADE-PC on 18-03-2014 12:39:15
Running from C:\Users\Gerrit Lamade\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 8
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(AVM Berlin) C:\Program Files (x86)\1&1\IGDCTRL.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
( ) C:\Windows\system32\lxdrcoms.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NTI, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Protexis Inc.) c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
() C:\Windows\SysWOW64\ieconfig_1und1_svc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler.exe
(Google Inc.) C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\GoogleCrashHandler64.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11101800 2010-07-29] (Realtek Semiconductor)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [861216 2010-06-11] (Acer Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324608 2010-06-10] (Alcor Micro Corp.)
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\System32\LogiLDA.dll [1832760 2012-09-20] (Logitech, Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-11] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642656 2013-03-28] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\...\Run: [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [Google Update] - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-09-08] (Google Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [iCloudServices] - C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Run: [ApplePhotoStreams] - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3766026839-3968851945-2601719143-1001\...\Policies\Explorer: [DisallowRun] 1
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.giga.de/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.myheritage.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
BHO: V-bates - {21EAF666-26B3-4a3c-ABD0-CA2F5A326744} - C:\Program Files\V-bates\Extension64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
BHO-x32: 1&&1 Internet AG Browser Configuration by mquadr.at - {D48FF4B4-E68F-47D1-8E25-81A0F0EEB341} - C:\Windows\SysWow64\ieconfig_1und1.dll (mquadr.at software engineering und consulting GmbH)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: HKLM-x32 {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} hxxp://www.myheritage.de/Genoogle/Components/ActiveX/SearchEngineQuery.dll
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 10 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 02 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 03 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 04 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Winsock: Catalog9 23 C:\Program Files (x86)\1&1\\sarah.dll [24880] (AVM Berlin)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=1.6.0_37 - C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Gerrit Lamade\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Amazon-Icon - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\amazon-icon@giga.de [2013-12-13]
FF Extension: Adblock Plus - C:\Users\Gerrit Lamade\AppData\Roaming\Mozilla\Firefox\Profiles\qxttwuha.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-09-07]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-10]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012-10-18]
Chrome:
=======
CHR DefaultSearchURL: https://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=fflb&q={searchTerms}&ie=utf-8&oe=utf-8&aq=t&channel=rcs
CHR DefaultNewTabURL:
CHR Extension: (Google Docs) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-17]
CHR Extension: (Google Drive) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-17]
CHR Extension: (YouTube) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-17]
CHR Extension: (Google-Suche) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-17]
CHR Extension: (Amazon-Icon) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg [2013-12-13]
CHR Extension: (Google Wallet) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (Google Mail) - C:\Users\Gerrit Lamade\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-17]
CHR HKLM-x32\...\Chrome\Extension: [mkcedibhemacmilmkpndpkoidlnmgngg] - C:\Users\Gerrit Lamade\ChromeExtensions\mkcedibhemacmilmkpndpkoidlnmgngg\amazon.crx [2013-12-13]
==================== Services (Whitelisted) =================
R2 AntiVirFirewallService; C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [1012280 2013-12-18] (Avira Operations GmbH & Co. KG)
R2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe [896592 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-11] (Avira Operations GmbH & Co. KG)
R2 IGDCTRL; C:\Program Files (x86)\1&1\IGDCTRL.EXE [87344 2007-10-25] (AVM Berlin)
R2 lxdr_device; C:\Windows\system32\lxdrcoms.exe [1040552 2008-05-16] ( )
S4 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-27] (Egis Technology Inc.)
R2 NTISchedulerSvc; C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144640 2010-04-17] (NTI, Inc.)
R2 serviceIEConfig; C:\Windows\SysWOW64\ieconfig_1und1_svc.exe [1053848 2011-06-16] ()
==================== Drivers (Whitelisted) ====================
R3 avfwim; C:\Windows\System32\DRIVERS\avfwim.sys [114608 2013-02-12] (Avira GmbH)
R1 avfwot; C:\Windows\System32\DRIVERS\avfwot.sys [141376 2013-02-12] (Avira GmbH)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 TurboB; C:\Windows\System32\DRIVERS\TurboB.sys [13784 2009-11-02] ()
S3 AmUStor; \SystemRoot\system32\drivers\AmUStor.SYS [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-03-18 12:37 - 2014-03-18 12:37 - 00010800 _____ () C:\Users\Gerrit Lamade\Desktop\JRT.txt
2014-03-18 12:31 - 2014-03-18 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-18 12:20 - 2014-03-18 12:27 - 00000000 ____D () C:\AdwCleaner
2014-03-18 12:18 - 2014-03-18 12:18 - 01950720 _____ () C:\Users\Gerrit Lamade\Downloads\adwcleaner.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 01037734 _____ (Thisisu) C:\Users\Gerrit Lamade\Downloads\JRT.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 00001125 _____ () C:\Users\Gerrit Lamade\Desktop\PC Speed Maximizer.lnk
2014-03-18 12:16 - 2014-03-18 12:16 - 00685456 _____ () C:\Users\Gerrit Lamade\Downloads\ZipExtractorSetup.exe
2014-03-18 11:50 - 2014-03-18 12:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 11:50 - 2014-03-18 11:50 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 11:49 - 2014-03-18 12:06 - 00000000 ____D () C:\Users\Gerrit Lamade\Desktop\mbar
2014-03-18 11:49 - 2014-03-18 11:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 11:48 - 2014-03-18 11:49 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Gerrit Lamade\Downloads\mbar-1.07.0.1009.exe
2014-03-18 09:40 - 2014-03-18 09:40 - 00028800 _____ () C:\Users\Gerrit Lamade\Downloads\FRSTscan 18.03.2014.txt
2014-03-18 09:36 - 2014-03-18 09:39 - 00043146 _____ () C:\Users\Gerrit Lamade\Downloads\Addition.txt
2014-03-18 09:34 - 2014-03-18 12:39 - 00016055 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 09:33 - 2014-03-18 12:39 - 00000000 ____D () C:\FRST
2014-03-18 09:32 - 2014-03-18 09:33 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:55 - 2014-03-18 12:28 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-17 17:55 - 2014-03-18 12:00 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:56 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-13 21:31 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-13 21:31 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-13 21:31 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-13 21:31 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-13 21:31 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-13 21:31 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-01 11:34 - 2014-03-18 12:28 - 00002520 _____ () C:\Windows\setupact.log
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:42 - 2014-02-20 22:43 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel
==================== One Month Modified Files and Folders =======
2014-03-18 12:39 - 2014-03-18 09:34 - 00016055 _____ () C:\Users\Gerrit Lamade\Downloads\FRST.txt
2014-03-18 12:39 - 2014-03-18 09:33 - 00000000 ____D () C:\FRST
2014-03-18 12:37 - 2014-03-18 12:37 - 00010800 _____ () C:\Users\Gerrit Lamade\Desktop\JRT.txt
2014-03-18 12:36 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-18 12:36 - 2009-07-14 05:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-18 12:31 - 2014-03-18 12:31 - 00000000 ____D () C:\Windows\ERUNT
2014-03-18 12:28 - 2014-03-17 17:55 - 00001120 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-18 12:28 - 2014-03-01 11:34 - 00002520 _____ () C:\Windows\setupact.log
2014-03-18 12:28 - 2011-06-13 14:21 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-03-18 12:28 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-18 12:27 - 2014-03-18 12:20 - 00000000 ____D () C:\AdwCleaner
2014-03-18 12:27 - 2011-01-08 16:29 - 01998582 _____ () C:\Windows\WindowsUpdate.log
2014-03-18 12:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2014-03-18 12:18 - 2014-03-18 12:18 - 01950720 _____ () C:\Users\Gerrit Lamade\Downloads\adwcleaner.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 01037734 _____ (Thisisu) C:\Users\Gerrit Lamade\Downloads\JRT.exe
2014-03-18 12:18 - 2014-03-18 12:18 - 00001125 _____ () C:\Users\Gerrit Lamade\Desktop\PC Speed Maximizer.lnk
2014-03-18 12:16 - 2014-03-18 12:16 - 00685456 _____ () C:\Users\Gerrit Lamade\Downloads\ZipExtractorSetup.exe
2014-03-18 12:08 - 2012-09-08 20:22 - 00001152 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA.job
2014-03-18 12:06 - 2014-03-18 11:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-03-18 12:06 - 2014-03-18 11:49 - 00000000 ____D () C:\Users\Gerrit Lamade\Desktop\mbar
2014-03-18 12:00 - 2014-03-17 17:55 - 00001124 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-18 11:53 - 2012-09-08 20:02 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-18 11:50 - 2014-03-18 11:50 - 00119000 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-18 11:49 - 2014-03-18 11:49 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-18 11:49 - 2014-03-18 11:48 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Gerrit Lamade\Downloads\mbar-1.07.0.1009.exe
2014-03-18 09:40 - 2014-03-18 09:40 - 00028800 _____ () C:\Users\Gerrit Lamade\Downloads\FRSTscan 18.03.2014.txt
2014-03-18 09:39 - 2014-03-18 09:36 - 00043146 _____ () C:\Users\Gerrit Lamade\Downloads\Addition.txt
2014-03-18 09:33 - 2014-03-18 09:32 - 02157056 _____ (Farbar) C:\Users\Gerrit Lamade\Downloads\FRST64.exe
2014-03-18 05:31 - 2013-06-02 07:57 - 00177758 _____ () C:\Windows\PFRO.log
2014-03-18 05:31 - 2012-09-08 20:23 - 00002255 _____ () C:\Users\Gerrit Lamade\Desktop\Google Chrome.lnk
2014-03-17 22:06 - 2013-05-07 17:26 - 00000000 ____D () C:\Users\Gerrit Lamade\AppData\Local\Firestorm
2014-03-17 17:56 - 2014-03-17 17:56 - 00002255 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-17 17:56 - 2014-03-17 17:54 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-17 17:55 - 2014-03-17 17:55 - 00004120 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-17 17:55 - 2014-03-17 17:55 - 00003868 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-17 17:54 - 2014-03-17 17:54 - 00847848 _____ (Google Inc.) C:\Users\Gerrit Lamade\Downloads\ChromeSetup.exe
2014-03-16 13:08 - 2012-09-08 20:22 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core.job
2014-03-14 15:43 - 2011-01-09 01:21 - 00652000 _____ () C:\Windows\system32\perfh007.dat
2014-03-14 15:43 - 2011-01-09 01:21 - 00136924 _____ () C:\Windows\system32\perfc007.dat
2014-03-14 15:43 - 2009-07-14 06:13 - 01494422 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-14 05:33 - 2013-06-02 07:57 - 00375168 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-14 05:32 - 2012-05-10 07:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-14 05:32 - 2010-11-19 04:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-11 18:53 - 2012-09-08 20:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 18:53 - 2012-09-08 20:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 18:53 - 2012-09-08 20:02 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-10 07:33 - 2011-05-10 21:34 - 00000000 ____D () C:\Bilder
2014-03-05 05:31 - 2009-07-14 06:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-04 20:46 - 2014-03-04 20:46 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-04 20:46 - 2011-05-09 17:58 - 00000000 ____D () C:\ProgramData\Skype
2014-03-01 11:34 - 2014-03-01 11:34 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-28 23:18 - 2011-05-09 17:36 - 01468702 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-20 22:44 - 2014-02-20 22:44 - 00001787 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-02-20 22:43 - 2014-02-20 22:42 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-02-20 22:43 - 2011-09-20 10:06 - 00000000 ____D () C:\Program Files\iTunes
2014-02-20 22:43 - 2011-08-14 22:01 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-02-20 22:42 - 2014-02-20 22:42 - 00000000 ____D () C:\Program Files\iPod
2014-02-20 22:31 - 2011-05-19 21:53 - 00000000 ____D () C:\ProgramData\Apple
2014-02-19 09:15 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2014-02-16 22:48 - 2013-07-28 21:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-02-16 22:46 - 2011-06-05 16:34 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-02-16 15:16 - 2014-02-16 15:16 - 00016192 _____ () C:\Users\Gerrit Lamade\AppData\Local\recently-used.xbel
2014-02-16 15:16 - 2012-07-19 19:49 - 00000000 ____D () C:\Users\Gerrit Lamade\.gimp-2.8
2014-02-16 13:03 - 2012-09-08 20:22 - 00004138 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001UA
2014-02-16 13:03 - 2012-09-08 20:22 - 00003742 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3766026839-3968851945-2601719143-1001Core
Some content of TEMP:
====================
C:\Users\Gerrit Lamade\AppData\Local\Temp\avgnt.exe
C:\Users\Gerrit Lamade\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-03-10 21:05
==================== End Of Log ============================
--- --- ---
--- --- --- |
FRST 32-Bit | FRST 64-Bit
Lesestoff:
Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
AdwCleaner auf deinen Desktop.
