sir peter | 08.07.2014 22:53 | mbam.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 08.07.2014
Suchlauf-Zeit: 23:20:34
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.08.10
Rootkit Datenbank: v2014.07.07.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: Sarah
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 247296
Verstrichene Zeit: 8 Min, 10 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 4
PUP.Optional.DefaultTab.A, HKLM\SOFTWARE\CLASSES\APPID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}, In Quarantäne, [8c8ec1dc6b10171f77c1223339c9de22],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\TYPELIB\{DCABB943-792E-44C4-9029-ECBEE6265AF9}, In Quarantäne, [ca50811cdc9f5adc3f423a19808229d7],
PUP.Optional.OutBrowse, HKLM\SOFTWARE\CLASSES\INTERFACE\{3408AC0D-510E-4808-8F7B-6B70B1F88534}, In Quarantäne, [ca50811cdc9f5adc3f423a19808229d7],
PUP.Optional.SearchProtect.A, HKU\S-1-5-21-1941765313-3700113078-3629378886-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}, In Quarantäne, [0119debfe6952b0bb804321c7b876a96],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 1
PUP.Optional.Conduit.A, HKU\S-1-5-21-1941765313-3700113078-3629378886-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://search.conduit.com/?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&SSPV=, Gut: (www.google.com), Schlecht: (hxxp://search.conduit.com/?ctid=CT3323329&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SPB31A67AD-728A-4063-BE1F-4DCDF2953507&SSPV=),Ersetzt,[9b7fb7e6d4a758dea0086a24bc4857a9]
Ordner: 10
PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848],
PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me\cache, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848],
PUP.Optional.SimilarSites.A, C:\Users\Sarah\AppData\Roaming\SimilarSites, In Quarantäne, [c5557a23a9d2aa8c17058c1779890ef2],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\locale, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
Dateien: 29
PUP.Optional.OutBrowse, C:\Users\Sarah\AppData\Local\Temp\DM1392054173.exe, In Quarantäne, [ca50811cdc9f5adc3f423a19808229d7],
PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsg2B2A.exe, In Quarantäne, [e436b3ea176458de56aa3ff158a9dd23],
PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsiFC3E.exe, In Quarantäne, [0f0bb6e791ea89ad17e955db14edaa56],
PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nssFF89.exe, In Quarantäne, [4cceb4e9374432049c645ad6fe03d42c],
PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsx39DB.exe, In Quarantäne, [20fa2b721b603afc08f89b9514ed4fb1],
PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\nsx3D36.exe, In Quarantäne, [81997d20ed8e48ee649c1d13e61bc838],
PUP.Optional.SearchProtect.A, C:\Users\Sarah\AppData\Local\Temp\SearchProtectGeneric.exe, In Quarantäne, [ee2c603d2c4f1f178462b5865aa65da3],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Local\Temp\SearchProtectINT.exe, In Quarantäne, [001adac36516e0569995d94a1de4c13f],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Local\Temp\nsxE7F2\SpSetup.exe, In Quarantäne, [2cee5f3ee299e84e7c7614107f8228d8],
PUP.Optional.Conduit.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\conduit-search.xml, In Quarantäne, [e139abf20774b383d83fba586e9653ad],
PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me\nengine.cookie, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848],
PUP.Optional.NextLive.A, C:\Users\Sarah\AppData\Roaming\newnext.me\cache\spark.bin, In Quarantäne, [48d2f3aacead9d99eaf1277539c9b848],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome.manifest, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\install.rdf, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\aff.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\jquery-1.8.3.min.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\options.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\options.xul, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\overlay.xul, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.html, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\popup.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\content\tabs_listener.js, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\locale\en-US\settings.dtd, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\button.png, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\icon.png, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\main.css, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\overlay.css, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
PUP.Optional.SiteFinder.A, C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\extensions\sitefinder@sitefinder.com\chrome\skin\classic\sitefinder.css, In Quarantäne, [70aab7e688f3f541e9369d0626dcf30d],
Physische Sektoren: 0
(No malicious items detected)
(end) adwCleaner Code:
# AdwCleaner v3.214 - Bericht erstellt am 08/07/2014 um 23:38:46
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Enterprise Service Pack 1 (32 bits)
# Benutzername : Sarah - SARAH-PC
# Gestartet von : C:\Users\Sarah\Downloads\adwcleaner_3.214.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Mobogenie
Ordner Gelöscht : C:\Program Files\SimilarSites
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\genienext
Ordner Gelöscht : C:\Users\Sarah\AppData\Local\Mobogenie
Ordner Gelöscht : C:\Users\Sarah\Documents\Mobogenie
Datei Gelöscht : C:\Users\Sarah\daemonprocess.txt
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (en-US)
[ Datei : C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Datei : C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [1802 octets] - [08/07/2014 23:37:51]
AdwCleaner[S0].txt - [1727 octets] - [08/07/2014 23:38:46]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1787 octets] ########## jrt.txt Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x86
Ran by Sarah on 08.07.2014 at 23:44:25,21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\browserpluginhelper
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Sarah\AppData\Roaming\mozilla\firefox\profiles\1qspa4yq.default\minidumps [20 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.07.2014 at 23:47:45,61
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:05-07-2014 01
Ran by Sarah (administrator) on SARAH-PC on 08-07-2014 23:48:54
Running from C:\Users\Sarah\Downloads
Platform: Microsoft Windows 7 Enterprise Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(iSkySoft) C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.exe
(OpenOffice.org) C:\Program Files\OpenOffice.org 3\program\soffice.bin
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-07-08] (AVAST Software)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [PDFPrint] => C:\Program Files\PDF24\pdf24.exe [189480 2014-02-06] (Geek Software GmbH)
HKLM\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [1734144 2013-05-29] (iSkySoft)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2014-01-30] (Microsoft Corporation)
HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [21444224 2014-05-08] (Skype Technologies S.A.)
HKU\S-1-5-21-1941765313-3700113078-3629378886-1001\...\Run: [Facebook Update] => C:\Users\Sarah\AppData\Local\Facebook\Update\FacebookUpdate.exe [138096 2014-07-08] (Facebook Inc.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Sarah\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Sarah\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
ShortcutTarget: OpenOffice.org 3.3.lnk -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShell.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x123FAC20AE1DCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKLM - Default Value = {CCC7B151-1D8C-11E3-B2AD-F3EF3D58318D}
SearchScopes: HKLM - DefaultScope value is missing.
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.opendoors.de/verfolgung/weltverfolgungsindex2014/weltverfolgungsindex2014/|https://support.mozilla.org/de/products/firefox/get-started
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin: @google.com/npPicasa3,version=3.0.0 - d:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin - C:\Program Files\Java\jre6\bin\npDeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/WLPG,version=16.4.3522.0110 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - d:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\Sarah\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF SearchPlugin: C:\Users\Sarah\AppData\Roaming\Mozilla\Firefox\Profiles\1qspa4yq.default\searchplugins\benefind.xml
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-01-30]
Chrome:
=======
CHR HomePage:
CHR Extension: (Docs) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-08]
CHR Extension: (Google Drive) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-08]
CHR Extension: (YouTube) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-08]
CHR Extension: (Google Search) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-08]
CHR Extension: (avast! Online Security) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2014-07-08]
CHR Extension: (Google Wallet) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-08]
CHR Extension: (Gmail) - C:\Users\Sarah\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-08]
CHR HKLM\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-08]
========================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-08] (AVAST Software)
==================== Drivers (Whitelisted) ====================
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [24184 2014-07-08] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-07-08] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [81768 2014-07-08] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-07-08] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [779536 2014-07-08] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [414520 2014-07-08] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [71944 2014-07-08] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [192352 2014-07-08] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-08 23:48 - 2014-07-08 23:48 - 00010677 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-07-08 23:47 - 2014-07-08 23:47 - 00000883 _____ () C:\Users\Sarah\Desktop\JRT.txt
2014-07-08 23:44 - 2014-07-08 23:44 - 00000000 ____D () C:\Windows\ERUNT
2014-07-08 23:43 - 2014-07-08 23:43 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe
2014-07-08 23:40 - 2014-07-08 23:40 - 00001867 _____ () C:\Users\Sarah\Desktop\AdwCleaner[S0].txt
2014-07-08 23:38 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-07-08 23:37 - 2014-07-08 23:38 - 00000000 ____D () C:\AdwCleaner
2014-07-08 23:37 - 2014-07-08 23:37 - 01346519 _____ () C:\Users\Sarah\Downloads\adwcleaner_3.214.exe
2014-07-08 23:37 - 2014-07-08 23:37 - 00009426 _____ () C:\Users\Sarah\Desktop\mbam.txt
2014-07-08 23:18 - 2014-07-08 23:35 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 23:18 - 2014-07-08 23:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-08 23:18 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-08 23:18 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-08 23:18 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-08 23:17 - 2014-07-08 23:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-08 23:08 - 2014-07-08 23:08 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM8887.tmp
2014-07-08 23:07 - 2014-07-08 23:07 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM68F4.tmp
2014-07-08 22:05 - 2014-07-08 23:39 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 22:05 - 2014-07-08 23:16 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 22:05 - 2014-07-08 22:05 - 00002157 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-08 22:05 - 2014-07-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 18:45 - 2014-07-08 18:46 - 00000000 ____D () C:\Users\Sarah\Downloads\logfiles 08_07_2014
2014-07-08 18:17 - 2014-07-08 18:17 - 00380416 _____ () C:\Users\Sarah\Downloads\Gmer-19357.exe
2014-07-08 17:59 - 2014-07-08 23:48 - 00000000 ____D () C:\FRST
2014-07-08 17:59 - 2014-07-08 17:59 - 01074688 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe
2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable
2014-07-08 16:15 - 2014-07-08 19:20 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job
2014-07-08 16:15 - 2014-07-08 16:20 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job
2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook
2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt
2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-18 17:20 - 2014-07-08 15:14 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-06-11 22:04 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-11 22:04 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-11 22:04 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-11 22:04 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-11 22:04 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-11 22:04 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-11 22:04 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-11 22:04 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-11 22:04 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-11 22:04 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-11 22:04 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-11 22:04 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-11 22:04 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-11 22:04 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-11 22:04 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-11 22:04 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-11 22:04 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-11 22:04 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-11 22:04 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-11 22:04 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-11 22:04 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-11 22:04 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-11 22:04 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-11 22:04 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-11 22:04 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-11 22:04 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-11 22:04 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-11 22:04 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-11 22:04 - 2014-05-08 11:06 - 00919040 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-11 22:04 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-11 22:04 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-11 22:04 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-11 22:04 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-11 22:04 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-11 22:04 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
==================== One Month Modified Files and Folders =======
2014-07-08 23:49 - 2014-07-08 23:48 - 00010677 _____ () C:\Users\Sarah\Downloads\FRST.txt
2014-07-08 23:48 - 2014-07-08 17:59 - 00000000 ____D () C:\FRST
2014-07-08 23:47 - 2014-07-08 23:47 - 00000883 _____ () C:\Users\Sarah\Desktop\JRT.txt
2014-07-08 23:47 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-08 23:47 - 2009-07-14 06:34 - 00021808 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-08 23:46 - 2009-10-15 11:59 - 02507726 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-08 23:44 - 2014-07-08 23:44 - 00000000 ____D () C:\Windows\ERUNT
2014-07-08 23:43 - 2014-07-08 23:43 - 01016261 _____ (Thisisu) C:\Users\Sarah\Downloads\JRT.exe
2014-07-08 23:41 - 2014-02-05 13:19 - 00000000 ___RD () C:\Users\Sarah\Dropbox
2014-07-08 23:41 - 2014-02-05 13:08 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Dropbox
2014-07-08 23:41 - 2014-01-30 11:34 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\Skype
2014-07-08 23:40 - 2014-07-08 23:40 - 00001867 _____ () C:\Users\Sarah\Desktop\AdwCleaner[S0].txt
2014-07-08 23:40 - 2014-02-05 13:16 - 00000000 ____D () C:\Users\Sarah\AppData\Roaming\DropboxMaster
2014-07-08 23:39 - 2014-07-08 22:05 - 00001092 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-08 23:39 - 2014-01-30 11:37 - 00104700 _____ () C:\Windows\PFRO.log
2014-07-08 23:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-08 23:39 - 2009-07-14 06:39 - 00034031 _____ () C:\Windows\setupact.log
2014-07-08 23:38 - 2014-07-08 23:37 - 00000000 ____D () C:\AdwCleaner
2014-07-08 23:38 - 2014-01-30 00:16 - 00000000 ____D () C:\Users\Sarah
2014-07-08 23:38 - 2014-01-30 00:15 - 01379596 _____ () C:\Windows\WindowsUpdate.log
2014-07-08 23:37 - 2014-07-08 23:37 - 01346519 _____ () C:\Users\Sarah\Downloads\adwcleaner_3.214.exe
2014-07-08 23:37 - 2014-07-08 23:37 - 00009426 _____ () C:\Users\Sarah\Desktop\mbam.txt
2014-07-08 23:35 - 2014-07-08 23:18 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-08 23:28 - 2014-01-30 00:13 - 00000000 ____D () C:\Windows\rescache
2014-07-08 23:18 - 2014-07-08 23:18 - 00001024 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-08 23:18 - 2014-07-08 23:18 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-07-08 23:18 - 2014-07-08 23:17 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Sarah\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-08 23:16 - 2014-07-08 22:05 - 00001096 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-08 23:09 - 2014-02-05 14:19 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-08 23:08 - 2014-07-08 23:08 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM8887.tmp
2014-07-08 23:07 - 2014-07-08 23:07 - 00000000 ____D () C:\Users\Sarah\Desktop\WLM68F4.tmp
2014-07-08 22:09 - 2014-02-05 14:19 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-08 22:09 - 2014-02-05 14:19 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-07-08 22:05 - 2014-07-08 22:05 - 00002157 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-07-08 22:05 - 2014-07-08 22:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-07-08 22:05 - 2014-01-30 11:33 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Google
2014-07-08 22:05 - 2014-01-30 11:33 - 00000000 ____D () C:\Program Files\Google
2014-07-08 19:20 - 2014-07-08 16:15 - 00000928 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001UA.job
2014-07-08 18:46 - 2014-07-08 18:45 - 00000000 ____D () C:\Users\Sarah\Downloads\logfiles 08_07_2014
2014-07-08 18:17 - 2014-07-08 18:17 - 00380416 _____ () C:\Users\Sarah\Downloads\Gmer-19357.exe
2014-07-08 17:59 - 2014-07-08 17:59 - 01074688 _____ (Farbar) C:\Users\Sarah\Downloads\FRST.exe
2014-07-08 17:57 - 2014-07-08 17:57 - 00050477 _____ () C:\Users\Sarah\Downloads\Defogger.exe
2014-07-08 17:57 - 2014-07-08 17:57 - 00000000 _____ () C:\Users\Sarah\defogger_reenable
2014-07-08 16:20 - 2014-07-08 16:15 - 00000906 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1941765313-3700113078-3629378886-1001Core.job
2014-07-08 16:15 - 2014-07-08 16:15 - 00000000 ____D () C:\Users\Sarah\AppData\Local\Facebook
2014-07-08 15:49 - 2014-07-08 15:49 - 00001081 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-07-08 15:49 - 2014-07-08 15:49 - 00001069 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-07-08 15:49 - 2014-07-08 15:49 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-07-08 15:47 - 2014-07-08 15:47 - 00284288 _____ (Mozilla) C:\Users\Sarah\Downloads\Firefox Setup Stub 30.0.exe
2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieUserList
2014-07-08 15:46 - 2014-07-08 15:46 - 00000000 __SHD () C:\Users\Sarah\AppData\Local\EmieSiteList
2014-07-08 15:14 - 2014-07-08 15:14 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-07-08 15:14 - 2014-07-08 15:14 - 00002047 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-07-08 15:14 - 2014-06-18 17:20 - 00024184 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-07-08 15:14 - 2014-01-30 10:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-07-08 15:14 - 2014-01-30 10:48 - 00779536 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-07-08 15:14 - 2014-01-30 10:48 - 00414520 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-07-08 15:14 - 2014-01-30 10:48 - 00276432 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-07-08 15:14 - 2014-01-30 10:48 - 00192352 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-07-08 15:14 - 2014-01-30 10:48 - 00081768 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-07-08 15:14 - 2014-01-30 10:48 - 00071944 _____ (AVAST Software) C:\Windows\system32\Drivers\aswstm.sys
2014-07-08 15:14 - 2014-01-30 10:48 - 00067824 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-07-08 15:14 - 2014-01-30 10:48 - 00049944 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-06-24 21:21 - 2014-06-24 21:21 - 00014239 _____ () C:\Users\Sarah\Desktop\Wohnung.odt
2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-24 16:15 - 2014-02-26 21:55 - 00000000 ___RD () C:\Program Files\Skype
2014-06-24 16:15 - 2014-01-30 11:34 - 00000000 ____D () C:\ProgramData\Skype
2014-06-19 22:54 - 2014-02-05 13:19 - 00000000 ____D () C:\Users\Sarah\Desktop\Hochzeit (1)
2014-06-11 22:38 - 2014-01-30 13:43 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-11 22:37 - 2014-01-30 13:43 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
Some content of TEMP:
====================
C:\Users\Sarah\AppData\Local\Temp\6_Offer_5.exe
C:\Users\Sarah\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpo7qvhi.dll
C:\Users\Sarah\AppData\Local\Temp\install_reader11_de_ltr5x32d_awc_aih.exe
C:\Users\Sarah\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\Sarah\AppData\Local\Temp\pdf24-creator-update.exe
C:\Users\Sarah\AppData\Local\Temp\Quarantine.exe
C:\Users\Sarah\AppData\Local\Temp\vlc-2.1.3-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-19 21:43
==================== End Of Log ============================ --- --- --- |