| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Bitcoin Miner in svhost.exe erscheint nach Neustart wiederWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.09.2013, 09:41
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Ich bin kein Grafikkartenexperte. Das wäre ein neues Thema für unseren Hardwarebereich. Was ist denn jtzt mit GMER?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
10.09.2013, 13:12
| #17 |
 | Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-09-09 07:48:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.17.0 465,76GB
Running: v50wmd1r.exe; Driver: C:\Users\Hiden\AppData\Local\Temp\awtoipow.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88007028d64 12 bytes {MOV RAX, 0xfffffa8006f012a0; JMP RAX}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75]
.text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75]
.text ... * 2
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75]
.text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75]
.text ... * 2
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75]
.text C:\program files (x86)\avira\antivir desktop\avcenter.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75]
.text ... * 2
---- Devices - GMER 2.1 ----
Device \Driver\a8jpcc19 \Device\Scsi\a8jpcc191 fffffa8006f8d2c0
Device \FileSystem\Ntfs \Ntfs fffffa80036732c0
Device \Driver\usbehci \Device\USBPDO-1 fffffa8006e1c2c0
Device \Driver\cdrom \Device\CdRom0 fffffa8006d022c0
Device \Driver\cdrom \Device\CdRom1 fffffa8006d022c0
Device \Driver\cdrom \Device\CdRom2 fffffa8006d022c0
Device \Driver\NetBT \Device\NetBT_Tcpip_{B328ED59-D5CC-4F66-8D88-7F20A95E37F0} fffffa8006b9a2c0
Device \Driver\usbehci \Device\USBFDO-0 fffffa8006e1c2c0
Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80047002c0
Device \Driver\usbehci \Device\USBFDO-1 fffffa8006e1c2c0
Device \Driver\dtsoftbus01 \Device\00000072 fffffa80047002c0
Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006b9a2c0
Device \Driver\dtsoftbus01 \Device\00000073 fffffa80047002c0
Device \Driver\usbehci \Device\USBPDO-0 fffffa8006e1c2c0
Device \Driver\a8jpcc19 \Device\ScsiPort1 fffffa8006f8d2c0
---- Modules - GMER 2.1 ----
Module \SystemRoot\System32\Drivers\a8jpcc19.SYS fffff88003000000-fffff88003051000 (331776 bytes)
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x48 0x20 0xAA ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x1E 0xDD 0x0C ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEC 0x71 0x3A 0x60 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x04 0x18 0x6A 0x6A ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9A 0xE6 0x1F 0x3C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0xC1 0x90 0xAA ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x1E 0xDD 0x0C ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEC 0x71 0x3A 0x60 ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x04 0x18 0x6A 0x6A ...
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9A 0xE6 0x1F 0x3C ...
---- EOF - GMER 2.1 ----
|
|
10.09.2013, 16:32
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Adware/Junkware/Toolbars entfernen
__________________1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
11.09.2013, 09:21
| #19 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 09:59:00
# Updated 07/09/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Hiden - HIDEN-PC
# Gestartet von : C:\Users\Hiden\Desktop\share\adwcleaner.exe
# Option : Suchen
***** [ Dienste ] *****
Dienst Gefunden : winzipersvc
***** [ Dateien / Ordner ] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\bprotector_extensions.sqlite
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\bprotector_prefs.js
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Babylon.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\funmoods.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml
Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js
Datei Gefunden : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser
Ordner Gefunden : C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f}
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40C3CC16-7269-4B32-9531-17F2950FB06F}
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com
Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com
Ordner Gefunden C:\Program Files (x86)\AutoLyrics
Ordner Gefunden C:\Program Files (x86)\Common Files\337
Ordner Gefunden C:\Program Files (x86)\Conduit
Ordner Gefunden C:\Program Files (x86)\FilesFrog Update Checker
Ordner Gefunden C:\Program Files (x86)\MagniPic
Ordner Gefunden C:\Program Files (x86)\Omiga Plus
Ordner Gefunden C:\Program Files (x86)\Protected Search
Ordner Gefunden C:\Program Files (x86)\Red Sky
Ordner Gefunden C:\Program Files (x86)\SafeSaver
Ordner Gefunden C:\Program Files (x86)\SimilarSites
Ordner Gefunden C:\Program Files (x86)\WinZipper
Ordner Gefunden C:\ProgramData\Babylon
Ordner Gefunden C:\ProgramData\BrowserDefender
Ordner Gefunden C:\ProgramData\clsoft ltd
Ordner Gefunden C:\ProgramData\eSafe
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper
Ordner Gefunden C:\ProgramData\Partner
Ordner Gefunden C:\ProgramData\RightClick
Ordner Gefunden C:\ProgramData\StarApp
Ordner Gefunden C:\Users\Hiden\AppData\Local\Conduit
Ordner Gefunden C:\Users\Hiden\AppData\Local\DownTango
Ordner Gefunden C:\Users\Hiden\AppData\Local\Ilivid
Ordner Gefunden C:\Users\Hiden\AppData\Local\PutLockerDownloader
Ordner Gefunden C:\Users\Hiden\AppData\Local\SwvUpdater
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\Browse2Save
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\Conduit
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\delta
Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\SimplyTech
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\eIntaller
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\ExpressFiles
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Funmoods
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\CT2319825
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\jetpack
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Smartbar
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\NCdownloader
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Omiga Plus
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\SimilarSites
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\WinZipper
Ordner Gefunden C:\Users\Hiden\AppData\Roaming\yourfiledownloader
***** [ Verknüpfungen ] *****
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 )
***** [ Registrierungsdatenbank ] *****
Schlüssel Gefunden : HKCU\Software\5b6dfdfb63cb917
Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AutoLyrics
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\simplytech
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\SProtector
Schlüssel Gefunden : HKCU\Software\BI
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\ExpressFiles
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : HKCU\Software\powerpack
Schlüssel Gefunden : HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Somoto
Schlüssel Gefunden : HKCU\Software\StartSearch
Schlüssel Gefunden : [x64] HKCU\Software\APN PIP
Schlüssel Gefunden : [x64] HKCU\Software\BI
Schlüssel Gefunden : [x64] HKCU\Software\Conduit
Schlüssel Gefunden : [x64] HKCU\Software\ExpressFiles
Schlüssel Gefunden : [x64] HKCU\Software\IM
Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller
Schlüssel Gefunden : [x64] HKCU\Software\InstallCore
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\powerpack
Schlüssel Gefunden : [x64] HKCU\Software\PrivitizeVPNInstallDates
Schlüssel Gefunden : [x64] HKCU\Software\Softonic
Schlüssel Gefunden : [x64] HKCU\Software\Somoto
Schlüssel Gefunden : [x64] HKCU\Software\StartSearch
Schlüssel Gefunden : HKLM\SOFTWARE\5b6dfdfb63cb917
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\delta-homesSoftware
Schlüssel Gefunden : HKLM\Software\Desksvc
Schlüssel Gefunden : HKLM\Software\eSafeSecControl
Schlüssel Gefunden : HKLM\Software\ExpressFiles
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\Software\InstallCore
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skiregion-simulator-2012_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skiregion-simulator-2012_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bad-piggies_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bad-piggies_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-taxi_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-taxi_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euro-truck-simulator_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euro-truck-simulator_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fond-decran-gta-5_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fond-decran-gta-5_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gta-iv-san-andreas_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gta-iv-san-andreas_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mousometer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mousometer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_san-andreas-multiplayer_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_san-andreas-multiplayer_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\autolyrics@man-soft.net
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa
Schlüssel Gefunden : HKLM\Software\omigaplusSvc
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\Software\SoftwareUpdater
Schlüssel Gefunden : HKLM\Software\SP Global
Schlüssel Gefunden : HKLM\Software\SProtector
Schlüssel Gefunden : HKLM\Software\V9
Schlüssel Gefunden : HKLM\Software\YourFileDownloader
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\IB Updater
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [autolyrics@man-soft.net]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Wert Gefunden : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q=
Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s
Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s
-\\ Mozilla Firefox v
[ Datei : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\prefs.js ]
Zeile gefunden : user_pref("CT2319825.1000082.isDisplayHidden", "true");
Zeile gefunden : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1Live\",\"url\":\"hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a\"}");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_TMP_city", "VIENNA");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_TMP_country", "AT");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_locId", "USGA0594");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_location", "Vienna, GA");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_region", "OT");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_temp_dis", "c");
Zeile gefunden : user_pref("CT2319825.1000234.TWC_wind_dis", "kmh");
Zeile gefunden : user_pref("CT2319825.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"14°C\",\"temperatureClear\":\"14°C\",\"highTemperature\":\"14°C\",\"lowTemperature\":\"13°C\",\"feelsLike\":\"14°C\",[...]
Zeile gefunden : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.FirstTime", "true");
Zeile gefunden : user_pref("CT2319825.FirstTimeFF3", "true");
Zeile gefunden : user_pref("CT2319825.ID.enc", "NTMxOTQxMjk=");
Zeile gefunden : user_pref("CT2319825.LoginRevertSettingsEnabled", false);
Zeile gefunden : user_pref("CT2319825.RevertSettingsEnabled", true);
Zeile gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("CT2319825.UserID", "UN78966689770749893");
Zeile gefunden : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2319825.autoDisableScopes", 2);
Zeile gefunden : user_pref("CT2319825.browser.search.defaultthis.engineName", true);
Zeile gefunden : user_pref("CT2319825.defaultSearch", "true");
Zeile gefunden : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gefunden : user_pref("CT2319825.enableAlerts", "always");
Zeile gefunden : user_pref("CT2319825.enableSearchFromAddressBar", "true");
Zeile gefunden : user_pref("CT2319825.firstTimeDialogOpened", "true");
Zeile gefunden : user_pref("CT2319825.fixPageNotFoundError", "true");
Zeile gefunden : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true");
Zeile gefunden : user_pref("CT2319825.fixUrls", true);
Zeile gefunden : user_pref("CT2319825.installId", "conduitnsisintegration");
Zeile gefunden : user_pref("CT2319825.installType", "conduitnsisintegration");
Zeile gefunden : user_pref("CT2319825.isCheckedStartAsHidden", true);
Zeile gefunden : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.isFirstTimeToolbarLoading", "false");
Zeile gefunden : user_pref("CT2319825.isNewTabEnabled", false);
Zeile gefunden : user_pref("CT2319825.isPerformedSmartBarTransition", "true");
Zeile gefunden : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gefunden : user_pref("CT2319825.keyword", true);
Zeile gefunden : user_pref("CT2319825.migrateAppsAndComponents", true);
Zeile gefunden : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2Findex.php%3Fstype%3Dlo%26lh%3DAc_cTXr3UD7pTrNX\",\"EB_MAIN_FRAME_TITLE\"[...]
Zeile gefunden : user_pref("CT2319825.openThankYouPage", "false");
Zeile gefunden : user_pref("CT2319825.openUninstallPage", "true");
Zeile gefunden : user_pref("CT2319825.revertSettingsEnabled", "false");
Zeile gefunden : user_pref("CT2319825.search.searchAppId", "128898076802619666");
Zeile gefunden : user_pref("CT2319825.search.searchCount", "0");
Zeile gefunden : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true");
Zeile gefunden : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2319825\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Winload.OurToolbar.com//xpi\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Winload\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354821465896");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1354955096156");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354821466811");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357741309747");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354821466873");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1354955096360");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1357743451250");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354821466838");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1357751367412");
Zeile gefunden : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1357743452626");
Zeile gefunden : user_pref("CT2319825.settingsINI", true);
Zeile gefunden : user_pref("CT2319825.shouldFirstTimeDialog", "false");
Zeile gefunden : user_pref("CT2319825.smartbar.CTID", "CT2319825");
Zeile gefunden : user_pref("CT2319825.smartbar.Uninstall", "0");
Zeile gefunden : user_pref("CT2319825.smartbar.homepage", true);
Zeile gefunden : user_pref("CT2319825.smartbar.isHidden", true);
Zeile gefunden : user_pref("CT2319825.smartbar.toolbarName", "Winload ");
Zeile gefunden : user_pref("CT2319825.startPage", "userChanged");
Zeile gefunden : user_pref("CT2319825.toolbarBornServerTime", "6-12-2012");
Zeile gefunden : user_pref("CT2319825.toolbarCurrentServerTime", "9-1-2013");
Zeile gefunden : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357752043042,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gefunden : user_pref("Smartbar.ConduitHomepagesList", "");
Zeile gefunden : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search");
Zeile gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825");
Zeile gefunden : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gefunden : user_pref("aol_toolbar.default.search.check", false);
Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search");
Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.good-results.info/?pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT&l=1&q=");
Zeile gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Zeile gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Zeile gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Zeile gefunden : user_pref("extensions.BabylonToolbar.babExt", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=117023&tt=4912_5");
Zeile gefunden : user_pref("extensions.BabylonToolbar.bbDpng", "24");
Zeile gefunden : user_pref("extensions.BabylonToolbar.cntry", "AT");
Zeile gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Zeile gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Zeile gefunden : user_pref("extensions.BabylonToolbar.dpkLst", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "6689309A624528F9413A9B148FEF7742");
Zeile gefunden : user_pref("extensions.BabylonToolbar.hmpg", true);
Zeile gefunden : user_pref("extensions.BabylonToolbar.id", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15681");
Zeile gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Zeile gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.4.918:26:07");
Zeile gefunden : user_pref("extensions.BabylonToolbar.newTab", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Zeile gefunden : user_pref("extensions.BabylonToolbar.rvrt", "false");
Zeile gefunden : user_pref("extensions.BabylonToolbar.sg", "azb");
Zeile gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Zeile gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Zeile gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Zeile gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=001620ef000000000000000c4343bd02&q=");
Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9");
Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.4.918:26:07");
Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=4912_5");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false);
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.918:26:07");
Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40incredibar.com:1.5.0,software%40loadtubes.com:1.01,%7B40c3cc16-7269-4b32-9531-17f2950fb06f%7D:10.13.40.15,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17[...]
Zeile gefunden : user_pref("extensions.funmoods.aflt", "nv1");
Zeile gefunden : user_pref("extensions.funmoods.autoRvrt", false);
Zeile gefunden : user_pref("extensions.funmoods.cntry", "AT");
Zeile gefunden : user_pref("extensions.funmoods.cv", "cv5");
Zeile gefunden : user_pref("extensions.funmoods.dfltLng", "");
Zeile gefunden : user_pref("extensions.funmoods.dfltSrch", true);
Zeile gefunden : user_pref("extensions.funmoods.dnsErr", true);
Zeile gefunden : user_pref("extensions.funmoods.envrmnt", "production");
Zeile gefunden : user_pref("extensions.funmoods.excTlbr", false);
Zeile gefunden : user_pref("extensions.funmoods.hdrMd5", "E8A7C63620AD6D0E88CB0F3A084ED5BF");
Zeile gefunden : user_pref("extensions.funmoods.hmpg", true);
Zeile gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548");
Zeile gefunden : user_pref("extensions.funmoods.id", "001999EA7C1120EF");
Zeile gefunden : user_pref("extensions.funmoods.instlDay", "15698");
Zeile gefunden : user_pref("extensions.funmoods.instlRef", "nv1");
Zeile gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true);
Zeile gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:48:13");
Zeile gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Zeile gefunden : user_pref("extensions.funmoods.newTab", true);
Zeile gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548");
Zeile gefunden : user_pref("extensions.funmoods.prdct", "funmoods");
Zeile gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods");
Zeile gefunden : user_pref("extensions.funmoods.sg", "none");
Zeile gefunden : user_pref("extensions.funmoods.smplGrp", "none");
Zeile gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Zeile gefunden : user_pref("extensions.funmoods.tlbrId", "base");
Zeile gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548&q=[...]
Zeile gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Zeile gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:48:13");
Zeile gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Zeile gefunden : user_pref("extensions.funmoods_i.newTab", true);
Zeile gefunden : user_pref("extensions.funmoods_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:48:13");
Zeile gefunden : user_pref("extensions.incredibar.actvtyRptTime", "1354954977193");
Zeile gefunden : user_pref("extensions.incredibar.admin", false);
Zeile gefunden : user_pref("extensions.incredibar.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.incredibar.afterInstallRpt", "sent");
Zeile gefunden : user_pref("extensions.incredibar.cntry", "AT");
Zeile gefunden : user_pref("extensions.incredibar.dfltLng", "EN");
Zeile gefunden : user_pref("extensions.incredibar.dfltlng", "EN");
Zeile gefunden : user_pref("extensions.incredibar.dfltsrch", "false");
Zeile gefunden : user_pref("extensions.incredibar.did", "10643");
Zeile gefunden : user_pref("extensions.incredibar.envrmnt", "production");
Zeile gefunden : user_pref("extensions.incredibar.excTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar.hdrMd5", "EFF9AF06198A7E78C29E60F192565867");
Zeile gefunden : user_pref("extensions.incredibar.hmpg", false);
Zeile gefunden : user_pref("extensions.incredibar.hrdid", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.incredibar.id", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.incredibar.installerproductid", "26");
Zeile gefunden : user_pref("extensions.incredibar.instlday", "15680");
Zeile gefunden : user_pref("extensions.incredibar.instlref", "");
Zeile gefunden : user_pref("extensions.incredibar.isDcmntCmplt", false);
Zeile gefunden : user_pref("extensions.incredibar.isdcmntcmplt", "false");
Zeile gefunden : user_pref("extensions.incredibar.keywordurl", "");
Zeile gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:05:21");
Zeile gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");
Zeile gefunden : user_pref("extensions.incredibar.newtab", "false");
Zeile gefunden : user_pref("extensions.incredibar.newtaburl", "");
Zeile gefunden : user_pref("extensions.incredibar.noFFXTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar.ppd", "1");
Zeile gefunden : user_pref("extensions.incredibar.prdct", "incredibar");
Zeile gefunden : user_pref("extensions.incredibar.productid", "26");
Zeile gefunden : user_pref("extensions.incredibar.prtnrid", "Incredibar");
Zeile gefunden : user_pref("extensions.incredibar.sg", "{smplGrp}");
Zeile gefunden : user_pref("extensions.incredibar.smplgrp", "none");
Zeile gefunden : user_pref("extensions.incredibar.srch", "");
Zeile gefunden : user_pref("extensions.incredibar.srchprvdr", "");
Zeile gefunden : user_pref("extensions.incredibar.tlbrid", "base");
Zeile gefunden : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQRV9rixw&loc=IB_TB&i=26&search=");
Zeile gefunden : user_pref("extensions.incredibar.upn2", "6PQRV9rixw");
Zeile gefunden : user_pref("extensions.incredibar.upn2n", "92544051393484350");
Zeile gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:05:21");
Zeile gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl");
Zeile gefunden : user_pref("extensions.incredibar_i.dfltLng", "");
Zeile gefunden : user_pref("extensions.incredibar_i.did", "10643");
Zeile gefunden : user_pref("extensions.incredibar_i.excTlbr", false);
Zeile gefunden : user_pref("extensions.incredibar_i.id", "001620ef000000000000000c4343bd02");
Zeile gefunden : user_pref("extensions.incredibar_i.installerproductid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.instlDay", "15680");
Zeile gefunden : user_pref("extensions.incredibar_i.instlRef", "");
Zeile gefunden : user_pref("extensions.incredibar_i.ms_url_id", "");
Zeile gefunden : user_pref("extensions.incredibar_i.newTab", false);
Zeile gefunden : user_pref("extensions.incredibar_i.ppd", "1");
Zeile gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.productid", "26");
Zeile gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Zeile gefunden : user_pref("extensions.incredibar_i.smplGrp", "none");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrId", "base");
Zeile gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQRV9rixw&loc=IB_TB&i=26&search=");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2", "6PQRV9rixw");
Zeile gefunden : user_pref("extensions.incredibar_i.upn2n", "92544051393484350");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:05:21");
Zeile gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13&CUI=SB_CUI");
Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("smartbar.originalHomepage", "hxxp://www.google.at/");
Zeile gefunden : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q=");
Zeile gefunden : user_pref("smartbar.originalSearchEngine", "Ask.com");
Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gefunden : user_pref("sweetim.toolbar.searchguard.enable", "");
-\\ Google Chrome v
[ Datei : C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gefunden : icon_url
Gefunden : search_url
Gefunden : keyword
Gefunden : search_url
*************************
AdwCleaner[R0].txt - [44110 octets] - [11/09/2013 09:59:00]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [44171 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.5.9 (09.07.2013:1)
OS: Windows 7 Professional x64
Ran by Hiden on 11.09.2013 at 10:12:06,79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1013355498-1814289779-388905639-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1013355498-1814289779-388905639-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62E3F633-EDFB-44CC-9142-718C84A5CD02}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B5918D46-D596-40AB-B9B9-4235D17141A0}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{43127BD9-3ACA-4259-9A77-D5C69F5CB9BA}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{96932D4E-8C01-43DD-98CC-011CA708A907}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\fighters"
Successfully deleted: [Folder] "C:\Users\Hiden\AppData\Roaming\fighters"
Successfully deleted: [Folder] "C:\Users\Hiden\AppData\Roaming\goforfiles"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{2DB10C62-AF5A-4110-94FD-D90AEDF369B1}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{73E33F05-4EFB-41EA-A363-0E3FDFE7B2AE}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{76BFD201-EEF4-4AB4-B058-DE030E9C9ECD}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{87115E91-3D49-443B-BB51-BCD0FDA0AF3C}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{896DF8D3-46B1-418C-8474-84A9741BDB2A}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{97727E40-0BDD-4B81-A9A7-9F668B6EE871}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{C62D2E80-ED1C-4700-B84B-41CD40B523E9}
Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{CCA577B4-4B62-454A-883F-8031D2392960}
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Hiden\AppData\Roaming\mozilla\firefox\profiles\jjs60k77.default\extensions\staged
Emptied folder: C:\Users\Hiden\AppData\Roaming\mozilla\firefox\profiles\jjs60k77.default\minidumps [74 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.09.2013 at 10:14:02,47
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013
Ran by Hiden (administrator) on HIDEN-PC on 11-09-2013 10:16:47
Running from C:\Users\Hiden\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe
(Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe
(Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov)
HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk
ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk
ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions)
BootExecute: autocheck autochk *
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
FireFox:
========
FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default
FF Homepage: user_pref("browser.startup.homepage", );
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File
FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml
FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi
FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi
FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite
FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com
Chrome:
=======
CHR HomePage: hxxp://www.google.at/
CHR RestoreOnStartup: "https://www.google.at/"
CHR DefaultSearchURL: (Babylon Search) - hxxp://www.google.com
CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll ()
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File
CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0
CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0
CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0
CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0
CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx
CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx
==================== Services (Whitelisted) =================
R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG)
R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] ()
R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek)
==================== Drivers (Whitelisted) ====================
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd)
S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] ()
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.)
U3 ac7mb5mt; C:\Windows\System32\Drivers\ac7mb5mt.sys [0 ] (Advanced Micro Devices)
S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x]
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-09-11 10:14 - 2013-09-11 10:14 - 00004005 _____ C:\Users\Hiden\Desktop\JRT.txt
2013-09-11 10:06 - 2013-09-11 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 09:58 - 2013-09-11 10:02 - 00000000 ____D C:\AdwCleaner
2013-09-09 07:57 - 2013-09-09 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-09 07:55 - 2013-09-09 08:59 - 00000000 ____D C:\Users\Hiden\Desktop\mbar
2013-09-09 07:55 - 2013-09-09 07:41 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Hiden\Desktop\mbar-1.07.0.1005.exe
2013-09-06 08:23 - 2013-09-06 08:23 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Gizmo
2013-09-06 07:52 - 2013-09-06 07:52 - 00030365 _____ C:\ComboFix.txt
2013-09-06 07:40 - 2013-09-06 07:52 - 00000000 ____D C:\Qoobox
2013-09-06 07:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-09-06 07:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-09-06 07:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-09-06 07:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-09-06 07:39 - 2013-09-06 07:51 - 00000000 ____D C:\Windows\erdnt
2013-09-06 07:39 - 2013-09-06 07:38 - 05120615 ____R (Swearware) C:\Users\Hiden\Desktop\ComboFix.exe
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:39 - 2013-09-11 10:15 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-11 10:12 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin
2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb
2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-22 13:14 - 2013-09-11 10:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys
2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini
2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
==================== One Month Modified Files and Folders =======
2013-09-11 10:15 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share
2013-09-11 10:14 - 2013-09-11 10:14 - 00004005 _____ C:\Users\Hiden\Desktop\JRT.txt
2013-09-11 10:12 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job
2013-09-11 10:12 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype
2013-09-11 10:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-09-11 10:11 - 2009-07-14 06:51 - 00113717 _____ C:\Windows\setupact.log
2013-09-11 10:10 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-09-11 10:09 - 2012-12-05 17:57 - 01443947 _____ C:\Windows\WindowsUpdate.log
2013-09-11 10:09 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-09-11 10:09 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-09-11 10:06 - 2013-09-11 10:06 - 00000000 ____D C:\Windows\ERUNT
2013-09-11 10:02 - 2013-09-11 09:58 - 00000000 ____D C:\AdwCleaner
2013-09-11 10:02 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2013-09-11 10:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-09-11 09:53 - 2013-09-11 10:16 - 01949408 _____ (Farbar) C:\Users\Hiden\Desktop\FRST64.exe
2013-09-09 08:59 - 2013-09-09 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-09-09 08:59 - 2013-09-09 07:55 - 00000000 ____D C:\Users\Hiden\Desktop\mbar
2013-09-09 07:41 - 2013-09-09 07:55 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Hiden\Desktop\mbar-1.07.0.1005.exe
2013-09-09 07:41 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-09-09 07:39 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2013-09-06 08:23 - 2013-09-06 08:23 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Gizmo
2013-09-06 07:52 - 2013-09-06 07:52 - 00030365 _____ C:\ComboFix.txt
2013-09-06 07:52 - 2013-09-06 07:40 - 00000000 ____D C:\Qoobox
2013-09-06 07:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default
2013-09-06 07:51 - 2013-09-06 07:39 - 00000000 ____D C:\Windows\erdnt
2013-09-06 07:49 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini
2013-09-06 07:47 - 2010-11-21 05:47 - 00725504 _____ C:\Windows\PFRO.log
2013-09-06 07:47 - 2009-07-14 04:34 - 71086080 _____ C:\Windows\system32\config\software.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.bak
2013-09-06 07:47 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-09-06 07:46 - 2012-12-06 22:12 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\convert
2013-09-06 07:38 - 2013-09-06 07:39 - 05120615 ____R (Swearware) C:\Users\Hiden\Desktop\ComboFix.exe
2013-09-05 14:11 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2
2013-09-05 13:57 - 2013-06-05 17:56 - 00122880 ___SH C:\Users\Hiden\Thumbs.db
2013-09-05 07:27 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan
2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST
2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme
2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools
2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity
2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db
2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4
2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk
2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA
2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3
2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu
2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu
2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden
2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak
2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak
2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak
2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele
2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft
2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3
2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk
2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log
2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft
2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit
2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422
2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help
2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump
2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp
2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT
2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT
2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI
2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games
2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World
2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ'
2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client
2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH
2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft
2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe
2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini
2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’
2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ—
2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp
2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ…
2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ–
2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™
2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ
2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD
2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client
2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood
2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨
2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166
2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft
2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate
2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai
2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish
2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay
2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat
2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat
2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player
2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer
2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤
2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ
2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts
2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3
2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent
2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips
2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3
2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity
2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin
2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google
2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google
2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2
2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO
2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software
2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log
2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios
2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache
2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT
2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info
2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon
2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser
2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games
2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia
2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi
2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF
2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan
2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay
Files to move or delete:
====================
C:\Users\Hiden\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-09-01 12:09
==================== End Of Log ============================
--- --- --- |
|
11.09.2013, 14:17
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2013, 06:39
| #21 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Hiden :: HIDEN-PC [Administrator] Schutz: Aktiviert 11.09.2013 16:15:00 mbam-log-2013-09-11 (16-15-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 250395 Laufzeit: 4 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=7f007effce64fb46a2ad2f0e115843f9
# engine=15091
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-09-11 07:31:12
# local_time=2013-09-11 09:31:12 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 96 19216 244347562 35417 0
# compatibility_mode=5893 16776574 100 94 5214650 130557722 0 0
# scanned=191861
# found=3
# cleaned=0
# scan_time=18530
sh=696254FF4BE9EECAB3EAE8C2FEE3597B21115257 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js.vir"
sh=AA5D115DEFE49B55BD8FF7E84B12F1B6F1748726 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AO application" ac=I fn="D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 10.zip"
sh=0BABE952B708D4DFC2DF9A94BE7BD356F9B1184C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 6.zip"
Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js.vir Win32/Adware.MultiPlug.H application
D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 10.zip Win32/Adware.1ClickDownload.AO application
D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 6.zip Win32/Adware.MultiPlug.H application
|
|
12.09.2013, 12:23
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sind nur irrelevante Reste. Bitte noch TFC ausführen: TFC - Temp File Cleaner Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2013, 12:52
| #23 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder TFC hat so einiges gelöscht, habe jetzt nochmal mbam laufen lassen (keine Funde) und ESET auch nochmal gestartet, läuft aber noch... |
|
12.09.2013, 14:12
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder ESET musst du nicht nochmal ausführen! Die Funde sind irrelevant!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2013, 14:25
| #25 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Okay. Das heißt du bist der Meinung, dass ich es hinter mir habe? Oder gibts sonst nochwas? |
|
12.09.2013, 14:49
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sieht soweit ok aus  Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.09.2013, 14:51
| #27 |
| | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sonst gibts im Moment keine offensichtlichen Probleme (wegen der GraKa Temperatur hilft mir Acid303). Also: VIELEN, VIELEN DANK!!!!!!!!!!!!!!!!!!!!!! Für die Bemühungen und deine Hilfe! VIELEN DANK! |
|
12.09.2013, 15:17
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bitcoin Miner in svhost.exe erscheint nach Neustart wieder |
| abgebrochen, adware/adware.gen7, adware/airinstall.j, adware/bunndle.b, adware/installrex.g.1, adware/somoto.pd, adware/vittalia.af, adware/yontoo.gen, anti-malware, avira antivir, bitcoin, coinminer, eingefangen, malwarebytes, pup.bitcoinminer, pup.funmoods, pup.lyricsad, pup.optional.browserdefender.a, pup.optional.defaulttab.a, pup.optional.delta.a, pup.optional.multiplug.a, pup.optional.optimzerpro.a, pup.optional.sprotect.a, quarantäne, tr/crypt.upkm.gen, tr/rogue.8543085, tr/startpage.cab |
Linear-Darstellung
