|
Plagegeister aller Art und deren Bekämpfung: Bitcoin Miner in svhost.exe erscheint nach Neustart wiederWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.09.2013, 09:41 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Ich bin kein Grafikkartenexperte. Das wäre ein neues Thema für unseren Hardwarebereich. Was ist denn jtzt mit GMER?
__________________ Logfiles bitte immer in CODE-Tags posten |
10.09.2013, 13:12 | #17 |
| Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-09-09 07:48:36 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.17.0 465,76GB Running: v50wmd1r.exe; Driver: C:\Users\Hiden\AppData\Local\Temp\awtoipow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff88007028d64 12 bytes {MOV RAX, 0xfffffa8006f012a0; JMP RAX} ---- User code sections - GMER 2.1 ---- .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75] .text C:\Program Files (x86)\WinZipper\winzipersvc.exe[1720] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75] .text ... * 2 .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75] .text C:\Windows\SysWOW64\svchost.exe[1904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75] .text ... * 2 .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75] .text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[2376] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75] .text ... * 2 .text C:\program files (x86)\avira\antivir desktop\avcenter.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075511465 2 bytes [51, 75] .text C:\program files (x86)\avira\antivir desktop\avcenter.exe[4704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000755114bb 2 bytes [51, 75] .text ... * 2 ---- Devices - GMER 2.1 ---- Device \Driver\a8jpcc19 \Device\Scsi\a8jpcc191 fffffa8006f8d2c0 Device \FileSystem\Ntfs \Ntfs fffffa80036732c0 Device \Driver\usbehci \Device\USBPDO-1 fffffa8006e1c2c0 Device \Driver\cdrom \Device\CdRom0 fffffa8006d022c0 Device \Driver\cdrom \Device\CdRom1 fffffa8006d022c0 Device \Driver\cdrom \Device\CdRom2 fffffa8006d022c0 Device \Driver\NetBT \Device\NetBT_Tcpip_{B328ED59-D5CC-4F66-8D88-7F20A95E37F0} fffffa8006b9a2c0 Device \Driver\usbehci \Device\USBFDO-0 fffffa8006e1c2c0 Device \Driver\dtsoftbus01 \Device\DTSoftBusCtl fffffa80047002c0 Device \Driver\usbehci \Device\USBFDO-1 fffffa8006e1c2c0 Device \Driver\dtsoftbus01 \Device\00000072 fffffa80047002c0 Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa8006b9a2c0 Device \Driver\dtsoftbus01 \Device\00000073 fffffa80047002c0 Device \Driver\usbehci \Device\USBPDO-0 fffffa8006e1c2c0 Device \Driver\a8jpcc19 \Device\ScsiPort1 fffffa8006f8d2c0 ---- Modules - GMER 2.1 ---- Module \SystemRoot\System32\Drivers\a8jpcc19.SYS fffff88003000000-fffff88003051000 (331776 bytes) ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCB 0x48 0x20 0xAA ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x1E 0xDD 0x0C ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEC 0x71 0x3A 0x60 ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x04 0x18 0x6A 0x6A ... Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9A 0xE6 0x1F 0x3C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\ Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0 Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xAC 0xC1 0x90 0xAA ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x3A 0x1E 0xDD 0x0C ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xEC 0x71 0x3A 0x60 ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x04 0x18 0x6A 0x6A ... Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0x9A 0xE6 0x1F 0x3C ... ---- EOF - GMER 2.1 ---- |
10.09.2013, 16:32 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Adware/Junkware/Toolbars entfernen
__________________1. Schritt: adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST 32-Bit | FRST 64-Bit (Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
11.09.2013, 09:21 | #19 |
| Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter # AdwCleaner v3.003 - Bericht erstellt am 11/09/2013 um 09:59:00 # Updated 07/09/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits) # Benutzername : Hiden - HIDEN-PC # Gestartet von : C:\Users\Hiden\Desktop\share\adwcleaner.exe # Option : Suchen ***** [ Dienste ] ***** Dienst Gefunden : winzipersvc ***** [ Dateien / Ordner ] ***** Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\bprotector_extensions.sqlite Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\bprotector_prefs.js Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Babylon.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\babylon1.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\delta.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\funmoods.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\MyStart Search.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Searchab.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\Web Search.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\WebSearch.xml Datei Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\user.js Datei Gefunden : C:\Windows\System32\Tasks\Omiga Plus RunAsStdUser Ordner Gefunden : C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40c3cc16-7269-4b32-9531-17f2950fb06f} Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{40C3CC16-7269-4B32-9531-17F2950FB06F} Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\{462be121-2b54-4218-bf00-b9bf8135b23f} Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ffxtlbr@incredibar.com Ordner Gefunden : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\sparpilot@sparpilot.com Ordner Gefunden C:\Program Files (x86)\AutoLyrics Ordner Gefunden C:\Program Files (x86)\Common Files\337 Ordner Gefunden C:\Program Files (x86)\Conduit Ordner Gefunden C:\Program Files (x86)\FilesFrog Update Checker Ordner Gefunden C:\Program Files (x86)\MagniPic Ordner Gefunden C:\Program Files (x86)\Omiga Plus Ordner Gefunden C:\Program Files (x86)\Protected Search Ordner Gefunden C:\Program Files (x86)\Red Sky Ordner Gefunden C:\Program Files (x86)\SafeSaver Ordner Gefunden C:\Program Files (x86)\SimilarSites Ordner Gefunden C:\Program Files (x86)\WinZipper Ordner Gefunden C:\ProgramData\Babylon Ordner Gefunden C:\ProgramData\BrowserDefender Ordner Gefunden C:\ProgramData\clsoft ltd Ordner Gefunden C:\ProgramData\eSafe Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DownTango Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper Ordner Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZipper Ordner Gefunden C:\ProgramData\Partner Ordner Gefunden C:\ProgramData\RightClick Ordner Gefunden C:\ProgramData\StarApp Ordner Gefunden C:\Users\Hiden\AppData\Local\Conduit Ordner Gefunden C:\Users\Hiden\AppData\Local\DownTango Ordner Gefunden C:\Users\Hiden\AppData\Local\Ilivid Ordner Gefunden C:\Users\Hiden\AppData\Local\PutLockerDownloader Ordner Gefunden C:\Users\Hiden\AppData\Local\SwvUpdater Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\Browse2Save Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\Conduit Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\delta Ordner Gefunden C:\Users\Hiden\AppData\LocalLow\SimplyTech Ordner Gefunden C:\Users\Hiden\AppData\Roaming\dvdvideosoftiehelpers Ordner Gefunden C:\Users\Hiden\AppData\Roaming\eIntaller Ordner Gefunden C:\Users\Hiden\AppData\Roaming\ExpressFiles Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Funmoods Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TornTV.com Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\CT2319825 Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\jetpack Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Smartbar Ordner Gefunden C:\Users\Hiden\AppData\Roaming\NCdownloader Ordner Gefunden C:\Users\Hiden\AppData\Roaming\Omiga Plus Ordner Gefunden C:\Users\Hiden\AppData\Roaming\SimilarSites Ordner Gefunden C:\Users\Hiden\AppData\Roaming\WinZipper Ordner Gefunden C:\Users\Hiden\AppData\Roaming\yourfiledownloader ***** [ Verknüpfungen ] ***** Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk ( hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( hxxp://www.qvo6.com/?utm_source=b&utm_medium=wpc&from=wpc&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1374561914 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\World of Tanks.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 ) Verknüpfung Gefunden : C:\Users\Hiden\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk ( hxxp://search.certified-toolbar.com?si=41460&shortcut=true&tid=2938 ) ***** [ Registrierungsdatenbank ] ***** Schlüssel Gefunden : HKCU\Software\5b6dfdfb63cb917 Schlüssel Gefunden : HKCU\Software\APN PIP Schlüssel Gefunden : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F} Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AutoLyrics Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\simplytech Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gefunden : HKCU\Software\AppDataLow\SProtector Schlüssel Gefunden : HKCU\Software\BI Schlüssel Gefunden : HKCU\Software\Conduit Schlüssel Gefunden : HKCU\Software\ExpressFiles Schlüssel Gefunden : HKCU\Software\IM Schlüssel Gefunden : HKCU\Software\ImInstaller Schlüssel Gefunden : HKCU\Software\InstallCore Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKCU\Software\OCS Schlüssel Gefunden : HKCU\Software\powerpack Schlüssel Gefunden : HKCU\Software\PrivitizeVPNInstallDates Schlüssel Gefunden : HKCU\Software\Softonic Schlüssel Gefunden : HKCU\Software\Somoto Schlüssel Gefunden : HKCU\Software\StartSearch Schlüssel Gefunden : [x64] HKCU\Software\APN PIP Schlüssel Gefunden : [x64] HKCU\Software\BI Schlüssel Gefunden : [x64] HKCU\Software\Conduit Schlüssel Gefunden : [x64] HKCU\Software\ExpressFiles Schlüssel Gefunden : [x64] HKCU\Software\IM Schlüssel Gefunden : [x64] HKCU\Software\ImInstaller Schlüssel Gefunden : [x64] HKCU\Software\InstallCore Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{483830EE-A4CD-4B71-B0A3-3D82E62A6909} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gefunden : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Schlüssel Gefunden : [x64] HKCU\Software\OCS Schlüssel Gefunden : [x64] HKCU\Software\powerpack Schlüssel Gefunden : [x64] HKCU\Software\PrivitizeVPNInstallDates Schlüssel Gefunden : [x64] HKCU\Software\Softonic Schlüssel Gefunden : [x64] HKCU\Software\Somoto Schlüssel Gefunden : [x64] HKCU\Software\StartSearch Schlüssel Gefunden : HKLM\SOFTWARE\5b6dfdfb63cb917 Schlüssel Gefunden : HKLM\Software\Babylon Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\FTDownloader Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2319825 Schlüssel Gefunden : HKLM\Software\Conduit Schlüssel Gefunden : HKLM\Software\DataMngr Schlüssel Gefunden : HKLM\Software\delta-homesSoftware Schlüssel Gefunden : HKLM\Software\Desksvc Schlüssel Gefunden : HKLM\Software\eSafeSecControl Schlüssel Gefunden : HKLM\Software\ExpressFiles Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\pkcdkfohdadbjmlfejhncigcbfkiaamf Schlüssel Gefunden : HKLM\Software\IB Updater Schlüssel Gefunden : HKLM\Software\Iminent Schlüssel Gefunden : HKLM\Software\InstallCore Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\QuickShare_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_hjsplit_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skiregion-simulator-2012_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_skiregion-simulator-2012_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bad-piggies_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_bad-piggies_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_camstudio_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-taxi_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_crazy-taxi_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euro-truck-simulator_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_euro-truck-simulator_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fond-decran-gta-5_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_fond-decran-gta-5_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_funny-voice_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gta-iv-san-andreas_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_gta-iv-san-andreas_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_minecraft_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_morphvox_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mousometer_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_mousometer_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_san-andreas-multiplayer_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_san-andreas-multiplayer_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_slender_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASAPI32 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\wsconduit__166_RASMANCS Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\autolyrics@man-soft.net Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_008a99b9 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_f5d3e0aa Schlüssel Gefunden : HKLM\Software\omigaplusSvc Schlüssel Gefunden : HKLM\Software\PIP Schlüssel Gefunden : HKLM\Software\SoftwareUpdater Schlüssel Gefunden : HKLM\Software\SP Global Schlüssel Gefunden : HKLM\Software\SProtector Schlüssel Gefunden : HKLM\Software\V9 Schlüssel Gefunden : HKLM\Software\YourFileDownloader Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc Schlüssel Gefunden : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd Schlüssel Gefunden : [x64] HKLM\SOFTWARE\IB Updater Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B} Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1 Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}] Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [autolyrics@man-soft.net] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}] Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Wert Gefunden : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}] ***** [ Browser ] ***** -\\ Internet Explorer v10.0.9200.16660 Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - hxxp://www.delta-homes.com/?utm_source=b&utm_medium=newgdp&from=newgdp&uid=WDCXWD5000AAKX-07U6AA0_WD-WCC2EH52748127481&ts=1377252353 Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL] - hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2938 Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page] - hxxp://search.certified-toolbar.com?si=41460&tid=2938&bs=true&q= Einstellung Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s Einstellung Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)] - hxxp://search.certified-toolbar.com?si=41460&bs=true&tid=2938&q=%s -\\ Mozilla Firefox v [ Datei : C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\prefs.js ] Zeile gefunden : user_pref("CT2319825.1000082.isDisplayHidden", "true"); Zeile gefunden : user_pref("CT2319825.1000082.state", "{\"state\":\"stopped\",\"text\":\"1Live\",\"description\":\"1Live\",\"url\":\"hxxp://gffstream.ic.llnwd.net/stream/gffstream_stream_wdr_einslive_a\"}"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_TMP_city", "VIENNA"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_TMP_country", "AT"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_locId", "USGA0594"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_location", "Vienna, GA"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_region", "OT"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_temp_dis", "c"); Zeile gefunden : user_pref("CT2319825.1000234.TWC_wind_dis", "kmh"); Zeile gefunden : user_pref("CT2319825.1000234.weatherData", "{\"icon\":\"29.png\",\"temperature\":\"14°C\",\"temperatureClear\":\"14°C\",\"highTemperature\":\"14°C\",\"lowTemperature\":\"13°C\",\"feelsLike\":\"14°C\",[...] Zeile gefunden : user_pref("CT2319825.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gefunden : user_pref("CT2319825.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gefunden : user_pref("CT2319825.FirstTime", "true"); Zeile gefunden : user_pref("CT2319825.FirstTimeFF3", "true"); Zeile gefunden : user_pref("CT2319825.ID.enc", "NTMxOTQxMjk="); Zeile gefunden : user_pref("CT2319825.LoginRevertSettingsEnabled", false); Zeile gefunden : user_pref("CT2319825.RevertSettingsEnabled", true); Zeile gefunden : user_pref("CT2319825.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="); Zeile gefunden : user_pref("CT2319825.UserID", "UN78966689770749893"); Zeile gefunden : user_pref("CT2319825.addressBarTakeOverEnabledInHidden", "true"); Zeile gefunden : user_pref("CT2319825.autoDisableScopes", 2); Zeile gefunden : user_pref("CT2319825.browser.search.defaultthis.engineName", true); Zeile gefunden : user_pref("CT2319825.defaultSearch", "true"); Zeile gefunden : user_pref("CT2319825.embeddedsData", "[{\"appId\":\"128898076802619666\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...] Zeile gefunden : user_pref("CT2319825.enableAlerts", "always"); Zeile gefunden : user_pref("CT2319825.enableSearchFromAddressBar", "true"); Zeile gefunden : user_pref("CT2319825.firstTimeDialogOpened", "true"); Zeile gefunden : user_pref("CT2319825.fixPageNotFoundError", "true"); Zeile gefunden : user_pref("CT2319825.fixPageNotFoundErrorInHidden", "true"); Zeile gefunden : user_pref("CT2319825.fixUrls", true); Zeile gefunden : user_pref("CT2319825.installId", "conduitnsisintegration"); Zeile gefunden : user_pref("CT2319825.installType", "conduitnsisintegration"); Zeile gefunden : user_pref("CT2319825.isCheckedStartAsHidden", true); Zeile gefunden : user_pref("CT2319825.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gefunden : user_pref("CT2319825.isFirstTimeToolbarLoading", "false"); Zeile gefunden : user_pref("CT2319825.isNewTabEnabled", false); Zeile gefunden : user_pref("CT2319825.isPerformedSmartBarTransition", "true"); Zeile gefunden : user_pref("CT2319825.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Zeile gefunden : user_pref("CT2319825.keyword", true); Zeile gefunden : user_pref("CT2319825.migrateAppsAndComponents", true); Zeile gefunden : user_pref("CT2319825.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2Findex.php%3Fstype%3Dlo%26lh%3DAc_cTXr3UD7pTrNX\",\"EB_MAIN_FRAME_TITLE\"[...] Zeile gefunden : user_pref("CT2319825.openThankYouPage", "false"); Zeile gefunden : user_pref("CT2319825.openUninstallPage", "true"); Zeile gefunden : user_pref("CT2319825.revertSettingsEnabled", "false"); Zeile gefunden : user_pref("CT2319825.search.searchAppId", "128898076802619666"); Zeile gefunden : user_pref("CT2319825.search.searchCount", "0"); Zeile gefunden : user_pref("CT2319825.searchInNewTabEnabledInHidden", "true"); Zeile gefunden : user_pref("CT2319825.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2319825\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Winload.OurToolbar.com//xpi\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Winload\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354821465896"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_appsMetadata_lastUpdate", "1354955096156"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354821466811"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_login_10.13.40.15_lastUpdate", "1357741309747"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354821466873"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_searchAPI_lastUpdate", "1354955096360"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_serviceMap_lastUpdate", "1357743451250"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354821466838"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_toolbarSettings_lastUpdate", "1357751367412"); Zeile gefunden : user_pref("CT2319825.serviceLayer_services_translation_lastUpdate", "1357743452626"); Zeile gefunden : user_pref("CT2319825.settingsINI", true); Zeile gefunden : user_pref("CT2319825.shouldFirstTimeDialog", "false"); Zeile gefunden : user_pref("CT2319825.smartbar.CTID", "CT2319825"); Zeile gefunden : user_pref("CT2319825.smartbar.Uninstall", "0"); Zeile gefunden : user_pref("CT2319825.smartbar.homepage", true); Zeile gefunden : user_pref("CT2319825.smartbar.isHidden", true); Zeile gefunden : user_pref("CT2319825.smartbar.toolbarName", "Winload "); Zeile gefunden : user_pref("CT2319825.startPage", "userChanged"); Zeile gefunden : user_pref("CT2319825.toolbarBornServerTime", "6-12-2012"); Zeile gefunden : user_pref("CT2319825.toolbarCurrentServerTime", "9-1-2013"); Zeile gefunden : user_pref("CT2319825_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1357752043042,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]"); Zeile gefunden : user_pref("Smartbar.ConduitHomepagesList", ""); Zeile gefunden : user_pref("Smartbar.ConduitSearchEngineList", "Winload Customized Web Search"); Zeile gefunden : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="); Zeile gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2319825"); Zeile gefunden : user_pref("aol_toolbar.default.homepage.check", false); Zeile gefunden : user_pref("aol_toolbar.default.search.check", false); Zeile gefunden : user_pref("browser.search.defaultengine", "Web Search"); Zeile gefunden : user_pref("browser.search.defaulturl", "hxxp://websearch.good-results.info/?pid=724&r=2013/02/16&hid=1021253944&lg=EN&cc=AT&l=1&q="); Zeile gefunden : user_pref("extensions.BabylonToolbar.admin", false); Zeile gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Zeile gefunden : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}"); Zeile gefunden : user_pref("extensions.BabylonToolbar.autoRvrt", "false"); Zeile gefunden : user_pref("extensions.BabylonToolbar.babExt", ""); Zeile gefunden : user_pref("extensions.BabylonToolbar.babTrack", "affID=117023&tt=4912_5"); Zeile gefunden : user_pref("extensions.BabylonToolbar.bbDpng", "24"); Zeile gefunden : user_pref("extensions.BabylonToolbar.cntry", "AT"); Zeile gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Zeile gefunden : user_pref("extensions.BabylonToolbar.dfltSrch", true); Zeile gefunden : user_pref("extensions.BabylonToolbar.dpkLst", ""); Zeile gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false); Zeile gefunden : user_pref("extensions.BabylonToolbar.hdrMd5", "6689309A624528F9413A9B148FEF7742"); Zeile gefunden : user_pref("extensions.BabylonToolbar.hmpg", true); Zeile gefunden : user_pref("extensions.BabylonToolbar.id", "001620ef000000000000000c4343bd02"); Zeile gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15681"); Zeile gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Zeile gefunden : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.4.918:26:07"); Zeile gefunden : user_pref("extensions.BabylonToolbar.newTab", false); Zeile gefunden : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"59\",\"lastVrsn\":\"59\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}"); Zeile gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkDS", 0); Zeile gefunden : user_pref("extensions.BabylonToolbar.prtkHmpg", 0); Zeile gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Zeile gefunden : user_pref("extensions.BabylonToolbar.rvrt", "false"); Zeile gefunden : user_pref("extensions.BabylonToolbar.sg", "azb"); Zeile gefunden : user_pref("extensions.BabylonToolbar.smplGrp", "azb"); Zeile gefunden : user_pref("extensions.BabylonToolbar.srcExt", "ss"); Zeile gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Zeile gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=001620ef000000000000000c4343bd02&q="); Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.8.4.9"); Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.4.918:26:07"); Zeile gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.8.4.9"); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babExt", ""); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=117023&tt=4912_5"); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.excTlbr", false); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.newTab", false); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Zeile gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.4.918:26:07"); Zeile gefunden : user_pref("extensions.enabledAddons", "ffxtlbr%40incredibar.com:1.5.0,software%40loadtubes.com:1.01,%7B40c3cc16-7269-4b32-9531-17f2950fb06f%7D:10.13.40.15,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17[...] Zeile gefunden : user_pref("extensions.funmoods.aflt", "nv1"); Zeile gefunden : user_pref("extensions.funmoods.autoRvrt", false); Zeile gefunden : user_pref("extensions.funmoods.cntry", "AT"); Zeile gefunden : user_pref("extensions.funmoods.cv", "cv5"); Zeile gefunden : user_pref("extensions.funmoods.dfltLng", ""); Zeile gefunden : user_pref("extensions.funmoods.dfltSrch", true); Zeile gefunden : user_pref("extensions.funmoods.dnsErr", true); Zeile gefunden : user_pref("extensions.funmoods.envrmnt", "production"); Zeile gefunden : user_pref("extensions.funmoods.excTlbr", false); Zeile gefunden : user_pref("extensions.funmoods.hdrMd5", "E8A7C63620AD6D0E88CB0F3A084ED5BF"); Zeile gefunden : user_pref("extensions.funmoods.hmpg", true); Zeile gefunden : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548"); Zeile gefunden : user_pref("extensions.funmoods.id", "001999EA7C1120EF"); Zeile gefunden : user_pref("extensions.funmoods.instlDay", "15698"); Zeile gefunden : user_pref("extensions.funmoods.instlRef", "nv1"); Zeile gefunden : user_pref("extensions.funmoods.isdcmntcmplt", true); Zeile gefunden : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2219:48:13"); Zeile gefunden : user_pref("extensions.funmoods.mntrvrsn", "1.3.0"); Zeile gefunden : user_pref("extensions.funmoods.newTab", true); Zeile gefunden : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548"); Zeile gefunden : user_pref("extensions.funmoods.prdct", "funmoods"); Zeile gefunden : user_pref("extensions.funmoods.prtnrId", "funmoods"); Zeile gefunden : user_pref("extensions.funmoods.sg", "none"); Zeile gefunden : user_pref("extensions.funmoods.smplGrp", "none"); Zeile gefunden : user_pref("extensions.funmoods.srchPrvdr", "Funmoods"); Zeile gefunden : user_pref("extensions.funmoods.tlbrId", "base"); Zeile gefunden : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&ir=nv1&cd=2XzuyEtN2Y1L1QzutDtDtCzyzyzy0E0AyB0CtCtCtBtD0E0FtN0D0Tzu0CtAyDzytN1L2XzutBtFtBtFtCtFyEtDyB&cr=1614796548&q=[...] Zeile gefunden : user_pref("extensions.funmoods.vrsn", "1.5.23.22"); Zeile gefunden : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2219:48:13"); Zeile gefunden : user_pref("extensions.funmoods.vrsni", "1.5.23.22"); Zeile gefunden : user_pref("extensions.funmoods_i.newTab", true); Zeile gefunden : user_pref("extensions.funmoods_i.smplGrp", "none"); Zeile gefunden : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2219:48:13"); Zeile gefunden : user_pref("extensions.incredibar.actvtyRptTime", "1354954977193"); Zeile gefunden : user_pref("extensions.incredibar.admin", false); Zeile gefunden : user_pref("extensions.incredibar.aflt", "orgnl"); Zeile gefunden : user_pref("extensions.incredibar.afterInstallRpt", "sent"); Zeile gefunden : user_pref("extensions.incredibar.cntry", "AT"); Zeile gefunden : user_pref("extensions.incredibar.dfltLng", "EN"); Zeile gefunden : user_pref("extensions.incredibar.dfltlng", "EN"); Zeile gefunden : user_pref("extensions.incredibar.dfltsrch", "false"); Zeile gefunden : user_pref("extensions.incredibar.did", "10643"); Zeile gefunden : user_pref("extensions.incredibar.envrmnt", "production"); Zeile gefunden : user_pref("extensions.incredibar.excTlbr", false); Zeile gefunden : user_pref("extensions.incredibar.hdrMd5", "EFF9AF06198A7E78C29E60F192565867"); Zeile gefunden : user_pref("extensions.incredibar.hmpg", false); Zeile gefunden : user_pref("extensions.incredibar.hrdid", "001620ef000000000000000c4343bd02"); Zeile gefunden : user_pref("extensions.incredibar.id", "001620ef000000000000000c4343bd02"); Zeile gefunden : user_pref("extensions.incredibar.installerproductid", "26"); Zeile gefunden : user_pref("extensions.incredibar.instlday", "15680"); Zeile gefunden : user_pref("extensions.incredibar.instlref", ""); Zeile gefunden : user_pref("extensions.incredibar.isDcmntCmplt", false); Zeile gefunden : user_pref("extensions.incredibar.isdcmntcmplt", "false"); Zeile gefunden : user_pref("extensions.incredibar.keywordurl", ""); Zeile gefunden : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1421:05:21"); Zeile gefunden : user_pref("extensions.incredibar.mntrvrsn", "1.2.0"); Zeile gefunden : user_pref("extensions.incredibar.newtab", "false"); Zeile gefunden : user_pref("extensions.incredibar.newtaburl", ""); Zeile gefunden : user_pref("extensions.incredibar.noFFXTlbr", false); Zeile gefunden : user_pref("extensions.incredibar.ppd", "1"); Zeile gefunden : user_pref("extensions.incredibar.prdct", "incredibar"); Zeile gefunden : user_pref("extensions.incredibar.productid", "26"); Zeile gefunden : user_pref("extensions.incredibar.prtnrid", "Incredibar"); Zeile gefunden : user_pref("extensions.incredibar.sg", "{smplGrp}"); Zeile gefunden : user_pref("extensions.incredibar.smplgrp", "none"); Zeile gefunden : user_pref("extensions.incredibar.srch", ""); Zeile gefunden : user_pref("extensions.incredibar.srchprvdr", ""); Zeile gefunden : user_pref("extensions.incredibar.tlbrid", "base"); Zeile gefunden : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQRV9rixw&loc=IB_TB&i=26&search="); Zeile gefunden : user_pref("extensions.incredibar.upn2", "6PQRV9rixw"); Zeile gefunden : user_pref("extensions.incredibar.upn2n", "92544051393484350"); Zeile gefunden : user_pref("extensions.incredibar.vrsn", "1.5.11.14"); Zeile gefunden : user_pref("extensions.incredibar.vrsni", "1.5.11.14"); Zeile gefunden : user_pref("extensions.incredibar.vrsnts", "1.5.11.1421:05:21"); Zeile gefunden : user_pref("extensions.incredibar_i.aflt", "orgnl"); Zeile gefunden : user_pref("extensions.incredibar_i.dfltLng", ""); Zeile gefunden : user_pref("extensions.incredibar_i.did", "10643"); Zeile gefunden : user_pref("extensions.incredibar_i.excTlbr", false); Zeile gefunden : user_pref("extensions.incredibar_i.id", "001620ef000000000000000c4343bd02"); Zeile gefunden : user_pref("extensions.incredibar_i.installerproductid", "26"); Zeile gefunden : user_pref("extensions.incredibar_i.instlDay", "15680"); Zeile gefunden : user_pref("extensions.incredibar_i.instlRef", ""); Zeile gefunden : user_pref("extensions.incredibar_i.ms_url_id", ""); Zeile gefunden : user_pref("extensions.incredibar_i.newTab", false); Zeile gefunden : user_pref("extensions.incredibar_i.ppd", "1"); Zeile gefunden : user_pref("extensions.incredibar_i.prdct", "incredibar"); Zeile gefunden : user_pref("extensions.incredibar_i.productid", "26"); Zeile gefunden : user_pref("extensions.incredibar_i.prtnrId", "Incredibar"); Zeile gefunden : user_pref("extensions.incredibar_i.smplGrp", "none"); Zeile gefunden : user_pref("extensions.incredibar_i.tlbrId", "base"); Zeile gefunden : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQRV9rixw&loc=IB_TB&i=26&search="); Zeile gefunden : user_pref("extensions.incredibar_i.upn2", "6PQRV9rixw"); Zeile gefunden : user_pref("extensions.incredibar_i.upn2n", "92544051393484350"); Zeile gefunden : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14"); Zeile gefunden : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1421:05:21"); Zeile gefunden : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14"); Zeile gefunden : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2319825&SearchSource=13&CUI=SB_CUI"); Zeile gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="); Zeile gefunden : user_pref("smartbar.originalHomepage", "hxxp://www.google.at/"); Zeile gefunden : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2319825&SearchSource=2&q="); Zeile gefunden : user_pref("smartbar.originalSearchEngine", "Ask.com"); Zeile gefunden : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ""); Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", ""); Zeile gefunden : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", ""); Zeile gefunden : user_pref("sweetim.toolbar.searchguard.enable", ""); -\\ Google Chrome v [ Datei : C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\preferences ] Gefunden : icon_url Gefunden : search_url Gefunden : keyword Gefunden : search_url ************************* AdwCleaner[R0].txt - [44110 octets] - [11/09/2013 09:59:00] ########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [44171 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 5.5.9 (09.07.2013:1) OS: Windows 7 Professional x64 Ran by Hiden on 11.09.2013 at 10:12:06,79 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1013355498-1814289779-388905639-1000\Software\IB Updater Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1013355498-1814289779-388905639-1000\Software\SweetIM Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Eventlog\Application\omigaplussvc Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_1_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_1_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_rasapi32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\privitizevpn_rasmancs Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASAPI32 Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\APN_ATU3__RASMANCS Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{62E3F633-EDFB-44CC-9142-718C84A5CD02} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B5918D46-D596-40AB-B9B9-4235D17141A0} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{43127BD9-3ACA-4259-9A77-D5C69F5CB9BA} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{96932D4E-8C01-43DD-98CC-011CA708A907} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\ProgramData\apn" Successfully deleted: [Folder] "C:\ProgramData\fighters" Successfully deleted: [Folder] "C:\Users\Hiden\AppData\Roaming\fighters" Successfully deleted: [Folder] "C:\Users\Hiden\AppData\Roaming\goforfiles" Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin" Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{2DB10C62-AF5A-4110-94FD-D90AEDF369B1} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{73E33F05-4EFB-41EA-A363-0E3FDFE7B2AE} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{76BFD201-EEF4-4AB4-B058-DE030E9C9ECD} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{87115E91-3D49-443B-BB51-BCD0FDA0AF3C} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{896DF8D3-46B1-418C-8474-84A9741BDB2A} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{97727E40-0BDD-4B81-A9A7-9F668B6EE871} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{C62D2E80-ED1C-4700-B84B-41CD40B523E9} Successfully deleted: [Empty Folder] C:\Users\Hiden\appdata\local\{CCA577B4-4B62-454A-883F-8031D2392960} ~~~ FireFox Successfully deleted: [Folder] C:\Users\Hiden\AppData\Roaming\mozilla\firefox\profiles\jjs60k77.default\extensions\staged Emptied folder: C:\Users\Hiden\AppData\Roaming\mozilla\firefox\profiles\jjs60k77.default\minidumps [74 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11.09.2013 at 10:14:02,47 Computer was rebooted End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-09-2013 Ran by Hiden (administrator) on HIDEN-PC on 11-09-2013 10:16:47 Running from C:\Users\Hiden\Desktop Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe () C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe (Arainia Solutions) C:\Program Files (x86)\Gizmo\gservice.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Realtek) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (Logitech Inc.) C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Bogdan Sharkov) C:\Program Files (x86)\Clownfish\Clownfish.exe (Arainia Solutions) C:\Program Files (x86)\Gizmo\gizmo.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (Realtek Semiconductor Corp.) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWlan.exe (Microsoft Corporation) C:\Windows\SysWOW64\DllHost.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM\...\Run: [Start WingMan Profiler] - C:\Program Files\Logitech\Gaming Software\LWEMon.exe [190536 2010-06-14] (Logitech Inc.) HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19875432 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [Clownfish] - C:\Program Files (x86)\Clownfish\Clownfish.exe [1276152 2013-07-02] (Bogdan Sharkov) HKCU\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd) HKCU\...\Run: [GizmoDriveDelegate] - C:\Program Files (x86)\Gizmo\gizmo.exe [223640 2013-02-16] (Arainia Solutions) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-08-20] (Avira Operations GmbH & Co. KG) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation) HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Gizmo.lnk ShortcutTarget: Gizmo.lnk -> C:\Program Files (x86)\Gizmo\gizmo.exe (Arainia Solutions) Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LaunchCenter.lnk ShortcutTarget: LaunchCenter.lnk -> C:\Program Files\Fujitsu\LaunchCenter\LaunchCenter.exe (Fujitsu Technology Solutions) BootExecute: autocheck autochk * ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=FTSH&bmod=FTSH StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 FireFox: ======== FF ProfilePath: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default FF Homepage: user_pref("browser.startup.homepage", ); FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll () FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @microsoft.com/GENUINE - disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @canon.com/MycameraPlugin - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @microsoft.com/GENUINE - disabled No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll No File FF SearchPlugin: C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\searchplugins\winload-customized-web-search.xml FF Extension: ftdownloader - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\ftdownloader@ftdownloader.com.xpi FF Extension: torntv - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\torntv@torntv.com.xpi FF Extension: No Name - C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\Extensions\WTB_GLOBAL.sqlite FF HKLM-x32\...\Firefox\Extensions: [511fe088829a4@511fe088829dd.com] C:\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com Chrome: ======= CHR HomePage: hxxp://www.google.at/ CHR RestoreOnStartup: "https://www.google.at/" CHR DefaultSearchURL: (Babylon Search) - hxxp://www.google.com CHR DefaultSuggestURL: (Babylon Search) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\Hiden\AppData\Local\Google\Chrome\Application\29.0.1547.62\pdf.dll () CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (NPCIG.dll) - C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.) CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () CHR Plugin: (Unity Player) - C:\Users\Hiden\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll No File CHR Plugin: (Google Update) - C:\Users\Hiden\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll No File CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll () CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) CHR Extension: (Google Docs) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0 CHR Extension: (Google Drive) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0 CHR Extension: (YouTube) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0 CHR Extension: (Google Search) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0 CHR Extension: (AdBlock) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0 CHR Extension: (Lightning Newtab) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo\1.1.4.9_0 CHR Extension: (DVDVideoSoft Browser Extension) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.2_0 CHR Extension: (Chrome In-App Payments service) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0 CHR Extension: (Gmail) - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1 CHR HKLM-x32\...\Chrome\Extension: [gkjoindjjcmbdpbfppabdgflnkgbbcli] - C:\Program Files (x86)\FTDownloader.com\FTDownloader10.crx CHR HKLM-x32\...\Chrome\Extension: [ifohbjbgfchkkfhphahclmkpgejiplfo] - C:\Users\Hiden\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtab.crx ==================== Services (Whitelisted) ================= R2 Akamai; c:\program files (x86)\common files\akamai/netsession_win_8fa3539.dll [4569856 2013-07-02] (Akamai Technologies, Inc.) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-08-20] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-08-20] (Avira Operations GmbH & Co. KG) R2 DokanMounter; C:\Program Files (x86)\Dokan\DokanLibrary\mounter.exe [14848 2011-01-10] () R2 Gizmo Central; C:\Program Files (x86)\Gizmo\gservice.exe [34728 2013-02-16] (Arainia Solutions) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation) R2 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [45056 2010-01-21] (Realtek) ==================== Drivers (Whitelisted) ==================== R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31968 2012-10-08] (Wondershare) R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-09-04] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132088 2013-08-20] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-03-25] (Avira Operations GmbH & Co. KG) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R2 Dokan; C:\Windows\system32\drivers\dokan.sys [120408 2011-01-10] (Windows (R) Win 7 DDK provider) R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-05-02] (DT Soft Ltd) S3 FUJ02E3; C:\Windows\system32\drivers\FUJ02E3.sys [7296 2006-11-01] (FUJITSU LIMITED) S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] () S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [13368 2013-01-23] () R0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2012-12-08] (Duplex Secure Ltd.) U3 ac7mb5mt; C:\Windows\System32\Drivers\ac7mb5mt.sys [0 ] (Advanced Micro Devices) S0 BootDefragDriver; System32\drivers\BootDefragDriver.sys [x] S3 catchme; \??\C:\ComboFix\catchme.sys [x] S3 IntcAzAudAddService; system32\drivers\RTKVHD64.sys [x] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-09-11 10:14 - 2013-09-11 10:14 - 00004005 _____ C:\Users\Hiden\Desktop\JRT.txt 2013-09-11 10:06 - 2013-09-11 10:06 - 00000000 ____D C:\Windows\ERUNT 2013-09-11 09:58 - 2013-09-11 10:02 - 00000000 ____D C:\AdwCleaner 2013-09-09 07:57 - 2013-09-09 08:59 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-09 07:55 - 2013-09-09 08:59 - 00000000 ____D C:\Users\Hiden\Desktop\mbar 2013-09-09 07:55 - 2013-09-09 07:41 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Hiden\Desktop\mbar-1.07.0.1005.exe 2013-09-06 08:23 - 2013-09-06 08:23 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Gizmo 2013-09-06 07:52 - 2013-09-06 07:52 - 00030365 _____ C:\ComboFix.txt 2013-09-06 07:40 - 2013-09-06 07:52 - 00000000 ____D C:\Qoobox 2013-09-06 07:40 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe 2013-09-06 07:40 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe 2013-09-06 07:40 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe 2013-09-06 07:40 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe 2013-09-06 07:40 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe 2013-09-06 07:40 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe 2013-09-06 07:40 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe 2013-09-06 07:40 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe 2013-09-06 07:39 - 2013-09-06 07:51 - 00000000 ____D C:\Windows\erdnt 2013-09-06 07:39 - 2013-09-06 07:38 - 05120615 ____R (Swearware) C:\Users\Hiden\Desktop\ComboFix.exe 2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST 2013-09-04 16:39 - 2013-09-11 10:15 - 00000000 ____D C:\Users\Hiden\Desktop\share 2013-09-04 14:26 - 2013-09-04 14:28 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4 2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes 2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-04 13:02 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu 2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu 2013-09-04 12:35 - 2013-09-02 11:09 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe 2013-09-04 12:23 - 2013-09-04 16:31 - 00000000 ____D C:\_tools 2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft 2013-09-04 11:42 - 2013-09-11 10:12 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job 2013-09-04 11:42 - 2013-09-04 12:38 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3 2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3 2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk 2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log 2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft 2013-09-04 11:42 - 2013-09-02 11:09 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe 2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit 2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-09-04 11:26 - 2013-06-21 12:23 - 06496544 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll 2013-09-04 11:26 - 2013-06-21 12:23 - 03514656 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll 2013-09-04 11:26 - 2013-06-21 12:23 - 02555680 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll 2013-09-04 11:26 - 2013-06-21 12:23 - 00884512 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe 2013-09-04 11:26 - 2013-06-21 12:23 - 00237856 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll 2013-09-04 11:26 - 2013-06-21 12:23 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll 2013-09-04 11:26 - 2013-06-20 06:17 - 03253909 _____ C:\Windows\system32\nvcoproc.bin 2013-09-04 11:18 - 2013-06-21 14:06 - 27781920 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 21102368 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 15920536 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 15144928 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 13411896 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 12427240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 11235104 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys 2013-09-04 11:18 - 2013-06-21 14:06 - 09239344 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 07687592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 07641832 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 06324360 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 02953504 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 02777888 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 02363680 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 02002720 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 01832224 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6432049.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 01511712 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6432049.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 01059560 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00925648 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00572704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00570656 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00467232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00465184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00266448 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00218592 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00214448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00181488 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll 2013-09-04 11:18 - 2013-06-21 14:06 - 00021578 _____ C:\Windows\system32\nvinfo.pb 2013-09-04 11:18 - 2013-02-25 07:27 - 00194848 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys 2013-09-04 11:18 - 2013-02-25 07:27 - 00031520 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll 2013-09-04 11:18 - 2013-01-29 10:35 - 01510176 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll 2013-09-04 11:17 - 2013-06-21 14:06 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll 2013-09-04 11:17 - 2013-06-21 14:06 - 17560352 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll 2013-09-04 11:17 - 2013-06-21 14:06 - 02936208 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll 2013-09-04 11:17 - 2013-06-21 14:06 - 02597856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll 2013-09-04 11:10 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2013-09-04 11:10 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2013-09-04 11:10 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-09-04 08:52 - 2013-09-04 08:53 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp 2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ' 2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH 2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’ 2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ— 2013-09-01 08:34 - 2013-09-04 10:59 - 00000000 ____D C:\Windows\Minidump 2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp 2013-08-31 10:38 - 2013-08-31 16:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ… 2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ– 2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™ 2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ 2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD 2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨ 2013-08-28 15:03 - 2013-09-04 11:28 - 00000000 ____D C:\hw64_422 2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166 2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft 2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer 2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤ 2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips 2013-08-23 07:34 - 2013-08-23 19:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ 2013-08-22 17:40 - 2013-08-22 17:47 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3 2013-08-22 17:06 - 2013-08-23 16:01 - 00000000 ____D C:\Program Files (x86)\Battlefield 3 2013-08-22 13:14 - 2013-09-11 10:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-08-22 13:14 - 2013-09-04 14:20 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk 2013-08-21 12:43 - 2013-08-21 12:46 - 00000000 ____D C:\Program Files (x86)\Black Ops 2 2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO 2013-08-20 16:26 - 2013-07-22 04:19 - 00126872 _____ (Power Software Ltd) C:\Windows\system32\Drivers\scdemu.sys 2013-08-20 13:26 - 2013-08-29 13:16 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood 2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software 2013-08-19 20:02 - 2013-09-04 14:31 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db 2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios 2013-08-16 18:34 - 2008-07-12 08:18 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll 2013-08-16 18:34 - 2008-07-12 08:18 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll 2013-08-16 18:34 - 2008-07-12 08:18 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll 2013-08-16 18:34 - 2008-07-12 08:18 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll 2013-08-16 18:34 - 2008-07-12 08:18 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll 2013-08-16 18:34 - 2008-07-12 08:18 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll 2013-08-16 18:33 - 2013-09-02 08:17 - 00000109 _____ C:\Windows\disney.ini 2013-08-15 18:42 - 2013-07-26 07:13 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2013-08-15 18:42 - 2013-07-26 07:13 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2013-08-15 18:42 - 2013-07-26 07:13 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2013-08-15 18:42 - 2013-07-26 07:12 - 19239424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 15405056 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 03958784 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 02647040 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2013-08-15 18:42 - 2013-07-26 07:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2013-08-15 18:42 - 2013-07-26 05:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2013-08-15 18:42 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2013-08-15 18:42 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2013-08-15 18:42 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2013-08-15 18:42 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2013-08-15 18:42 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2013-08-15 18:42 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2013-08-15 18:42 - 2013-07-26 04:39 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2013-08-15 18:42 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2013-08-15 11:15 - 2013-08-15 11:16 - 00000000 ____D C:\Program Files (x86)\Canon 2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser 2013-08-15 09:56 - 2013-07-09 07:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll 2013-08-15 09:56 - 2013-07-09 07:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll 2013-08-15 09:56 - 2013-07-09 07:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll 2013-08-15 09:56 - 2013-07-09 07:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll 2013-08-15 09:56 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll 2013-08-15 09:56 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll 2013-08-15 09:56 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll 2013-08-15 09:56 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll 2013-08-15 09:50 - 2013-07-25 11:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL 2013-08-15 09:50 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL 2013-08-15 09:50 - 2013-07-19 03:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll 2013-08-15 09:50 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll 2013-08-15 09:50 - 2013-07-09 08:03 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2013-08-15 09:50 - 2013-07-09 07:54 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2013-08-15 09:50 - 2013-07-09 07:53 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2013-08-15 09:50 - 2013-07-09 07:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll 2013-08-15 09:50 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2013-08-15 09:50 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2013-08-15 09:50 - 2013-07-09 06:53 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2013-08-15 09:50 - 2013-07-09 06:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll 2013-08-15 09:50 - 2013-07-09 06:52 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2013-08-15 09:50 - 2013-07-09 04:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2013-08-15 09:50 - 2013-07-09 04:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2013-08-15 09:50 - 2013-07-09 04:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2013-08-15 09:50 - 2013-07-09 04:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2013-08-15 09:49 - 2013-07-06 08:03 - 01910208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys 2013-08-15 09:49 - 2013-06-15 06:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys 2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF 2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan ==================== One Month Modified Files and Folders ======= 2013-09-11 10:15 - 2013-09-04 16:39 - 00000000 ____D C:\Users\Hiden\Desktop\share 2013-09-11 10:14 - 2013-09-11 10:14 - 00004005 _____ C:\Users\Hiden\Desktop\JRT.txt 2013-09-11 10:12 - 2013-09-04 11:42 - 00000334 _____ C:\Windows\Tasks\GlaryInitialize 3.job 2013-09-11 10:12 - 2012-12-06 17:24 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Skype 2013-09-11 10:11 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2013-09-11 10:11 - 2009-07-14 06:51 - 00113717 _____ C:\Windows\setupact.log 2013-09-11 10:10 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA 2013-09-11 10:09 - 2012-12-05 17:57 - 01443947 _____ C:\Windows\WindowsUpdate.log 2013-09-11 10:09 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-09-11 10:09 - 2009-07-14 06:45 - 00016976 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-09-11 10:06 - 2013-09-11 10:06 - 00000000 ____D C:\Windows\ERUNT 2013-09-11 10:02 - 2013-09-11 09:58 - 00000000 ____D C:\AdwCleaner 2013-09-11 10:02 - 2013-08-22 13:14 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome 2013-09-11 10:01 - 2012-12-22 09:13 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-09-11 09:53 - 2013-09-11 10:16 - 01949408 _____ (Farbar) C:\Users\Hiden\Desktop\FRST64.exe 2013-09-09 08:59 - 2013-09-09 07:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2013-09-09 08:59 - 2013-09-09 07:55 - 00000000 ____D C:\Users\Hiden\Desktop\mbar 2013-09-09 07:41 - 2013-09-09 07:55 - 12907592 _____ (Malwarebytes Corp.) C:\Users\Hiden\Desktop\mbar-1.07.0.1005.exe 2013-09-09 07:41 - 2009-07-14 07:08 - 00032632 _____ C:\Windows\Tasks\SCHEDLGU.TXT 2013-09-09 07:39 - 2013-04-08 15:27 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner 2013-09-06 08:23 - 2013-09-06 08:23 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Gizmo 2013-09-06 07:52 - 2013-09-06 07:52 - 00030365 _____ C:\ComboFix.txt 2013-09-06 07:52 - 2013-09-06 07:40 - 00000000 ____D C:\Qoobox 2013-09-06 07:52 - 2009-07-14 05:20 - 00000000 __RHD C:\Users\Default 2013-09-06 07:51 - 2013-09-06 07:39 - 00000000 ____D C:\Windows\erdnt 2013-09-06 07:49 - 2009-07-14 04:34 - 00000215 _____ C:\Windows\system.ini 2013-09-06 07:47 - 2010-11-21 05:47 - 00725504 _____ C:\Windows\PFRO.log 2013-09-06 07:47 - 2009-07-14 04:34 - 71086080 _____ C:\Windows\system32\config\software.bak 2013-09-06 07:47 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.bak 2013-09-06 07:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2013-09-06 07:47 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\default.bak 2013-09-06 07:47 - 2009-07-14 04:34 - 00028672 _____ C:\Windows\system32\config\security.bak 2013-09-06 07:46 - 2012-12-06 22:12 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\convert 2013-09-06 07:38 - 2013-09-06 07:39 - 05120615 ____R (Swearware) C:\Users\Hiden\Desktop\ComboFix.exe 2013-09-05 14:11 - 2013-02-17 11:08 - 00000000 ____D C:\Users\Hiden\Documents\Euro Truck Simulator 2 2013-09-05 13:57 - 2013-06-05 17:56 - 00122880 ___SH C:\Users\Hiden\Thumbs.db 2013-09-05 07:27 - 2013-03-31 20:04 - 00000000 ____D C:\Program Files (x86)\SpeedFan 2013-09-04 16:55 - 2013-09-04 16:55 - 00000000 ____D C:\FRST 2013-09-04 16:38 - 2012-12-24 22:35 - 00000000 ____D C:\Users\Hiden\Desktop\Programme 2013-09-04 16:31 - 2013-09-04 12:23 - 00000000 ____D C:\_tools 2013-09-04 15:10 - 2013-07-21 21:07 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Audacity 2013-09-04 14:31 - 2013-08-19 20:02 - 00178176 ___SH C:\Users\Hiden\Desktop\Thumbs.db 2013-09-04 14:28 - 2013-09-04 14:26 - 114436733 _____ C:\Users\Hiden\Desktop\Christina Perri - A Thousand Years [Official Music Video].mp4 2013-09-04 14:20 - 2013-08-22 13:14 - 00002372 _____ C:\Users\Hiden\Desktop\Google Chrome.lnk 2013-09-04 14:19 - 2012-12-05 18:10 - 00001427 _____ C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk 2013-09-04 13:54 - 2012-12-06 17:29 - 00000000 ____D C:\Users\Hiden\AppData\Local\CrashDumps 2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Malwarebytes 2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\ProgramData\Malwarebytes 2013-09-04 13:02 - 2013-09-04 13:02 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-04 12:40 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\NVIDIA 2013-09-04 12:38 - 2013-09-04 11:42 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 3 2013-09-04 12:36 - 2013-09-04 12:36 - 00262144 _____ C:\Windows\system32\config\default.gu 2013-09-04 12:36 - 2013-09-04 12:36 - 00028672 _____ C:\Windows\system32\config\software.gu 2013-09-04 12:36 - 2012-12-05 18:05 - 00000000 ____D C:\Users\Hiden 2013-09-04 12:36 - 2009-07-14 04:34 - 71303168 _____ C:\Windows\system32\config\software.gu.bak 2013-09-04 12:36 - 2009-07-14 04:34 - 20447232 _____ C:\Windows\system32\config\system.gu.bak 2013-09-04 12:36 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\security.gu.bak 2013-09-04 12:35 - 2009-07-14 04:34 - 00262144 _____ C:\Windows\system32\config\sam.gu.bak 2013-09-04 11:51 - 2012-12-07 14:49 - 00000000 ___RD C:\Users\Hiden\Desktop\Spiele 2013-09-04 11:48 - 2013-09-04 11:48 - 00000000 ____D C:\ProgramData\GlarySoft 2013-09-04 11:42 - 2013-09-04 11:42 - 00002630 _____ C:\Windows\System32\Tasks\GlaryInitialize 3 2013-09-04 11:42 - 2013-09-04 11:42 - 00001086 _____ C:\Users\Public\Desktop\Glary Utilities 3.lnk 2013-09-04 11:42 - 2013-09-04 11:42 - 00000075 _____ C:\DiskDefrag.log 2013-09-04 11:42 - 2013-09-04 11:42 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\GlarySoft 2013-09-04 11:39 - 2013-09-04 11:39 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\IObit 2013-09-04 11:28 - 2013-08-28 15:03 - 00000000 ____D C:\hw64_422 2013-09-04 11:27 - 2013-09-04 11:27 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-09-04 11:27 - 2012-12-06 09:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-09-04 11:26 - 2012-12-06 09:55 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-09-04 11:26 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\Help 2013-09-04 11:25 - 2012-12-06 09:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-09-04 11:09 - 2013-03-25 14:59 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys 2013-09-04 10:59 - 2013-09-01 08:34 - 00000000 ____D C:\Windows\Minidump 2013-09-04 08:53 - 2013-09-04 08:52 - 00718115 ____N C:\Windows\Minidump\090413-26676-01.dmp 2013-09-04 08:39 - 2012-12-06 09:55 - 00086552 _____ C:\Users\Hiden\AppData\Local\GDIPFONTCACHEV1.DAT 2013-09-04 08:28 - 2009-07-14 06:45 - 00343656 _____ C:\Windows\system32\FNTCACHE.DAT 2013-09-04 08:26 - 2013-04-22 15:30 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames 2013-09-04 08:21 - 2013-02-28 19:49 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2013-09-04 08:20 - 2013-06-20 15:26 - 00000600 _____ C:\Windows\Rtcw.INI 2013-09-04 08:20 - 2012-12-06 16:33 - 00000000 ____D C:\Users\Hiden\Documents\my games 2013-09-04 08:19 - 2013-07-09 17:19 - 00000000 ____D C:\Program Files (x86)\Cube World 2013-09-04 07:54 - 2013-09-04 07:54 - 95812354 _____ C:\Windows\SysWOW64\ທ쇓ᵌ' 2013-09-03 22:12 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\TS3Client 2013-09-03 08:15 - 2013-09-03 08:15 - 95452537 _____ C:\Windows\SysWOW64\峌雠ᵌH 2013-09-02 17:01 - 2012-12-06 21:15 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\.minecraft 2013-09-02 11:09 - 2013-09-04 12:35 - 00024352 _____ C:\Windows\system32\RegBootDefrag.exe 2013-09-02 11:09 - 2013-09-04 11:42 - 00117024 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe 2013-09-02 08:17 - 2013-08-16 18:33 - 00000109 _____ C:\Windows\disney.ini 2013-09-02 08:02 - 2013-09-02 08:02 - 95199985 _____ C:\Windows\SysWOW64\誤軍ᵌ’ 2013-09-01 08:38 - 2013-09-01 08:38 - 95128664 _____ C:\Windows\SysWOW64\豹冮ᵌ— 2013-08-31 18:47 - 2013-08-31 18:47 - 00706105 ____N C:\Windows\Minidump\090113-28423-01.dmp 2013-08-31 16:38 - 2013-08-31 10:38 - 95115989 _____ C:\Windows\SysWOW64\塛ᵌ… 2013-08-30 19:38 - 2013-08-30 19:38 - 94985858 _____ C:\Windows\SysWOW64\쟁䡾ᵌ– 2013-08-30 13:39 - 2013-08-30 13:39 - 94829123 _____ C:\Windows\SysWOW64\합ﬠᵌ™ 2013-08-29 20:41 - 2013-08-29 20:41 - 94663095 _____ C:\Windows\SysWOW64\ꩠ䥦ᵌ 2013-08-29 14:41 - 2013-08-29 14:41 - 94605346 _____ C:\Windows\SysWOW64\浇榏ᵌD 2013-08-29 13:17 - 2013-01-27 13:41 - 00000000 ____D C:\Users\Hiden\AppData\Local\TeamSpeak 3 Client 2013-08-29 13:16 - 2013-08-20 13:26 - 00000000 ____D C:\Users\Hiden\AppData\Local\Captcha_Brotherhood 2013-08-29 08:41 - 2013-08-29 08:41 - 101142192 _____ C:\Windows\SysWOW64\㚣㦶ᵌ¨ 2013-08-28 15:01 - 2013-08-28 15:01 - 00000000 ____D C:\cpu-z-166 2013-08-28 13:13 - 2013-08-28 13:13 - 00000000 ____D C:\ProgramData\SummerSoft 2013-08-28 13:13 - 2012-12-20 15:27 - 00000000 ____D C:\ProgramData\InstallMate 2013-08-28 11:21 - 2013-05-19 10:52 - 00000000 ____D C:\Users\Hiden\AppData\Local\Akamai 2013-08-28 11:21 - 2013-03-21 21:02 - 00000000 ____D C:\Program Files (x86)\Clownfish 2013-08-28 11:21 - 2013-01-27 13:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\ts3overlay 2013-08-28 11:21 - 2010-11-21 09:16 - 00000000 ___RD C:\Users\Public\Recorded TV 2013-08-28 11:21 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration 2013-08-28 10:28 - 2011-02-11 16:47 - 00696620 _____ C:\Windows\system32\perfh007.dat 2013-08-28 10:28 - 2011-02-11 16:47 - 00147916 _____ C:\Windows\system32\perfc007.dat 2013-08-28 10:28 - 2009-07-14 07:13 - 01612484 _____ C:\Windows\system32\PerfStringBackup.INI 2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLV Player 2013-08-25 17:50 - 2013-08-25 17:50 - 00000000 ____D C:\Users\Hiden\AppData\Local\WebPlayer 2013-08-25 15:47 - 2013-08-25 15:47 - 100143688 _____ C:\Windows\SysWOW64\剠楮ᵌ¤ 2013-08-23 19:34 - 2013-08-23 07:34 - 99979851 _____ C:\Windows\SysWOW64\硳ᵌ 2013-08-23 16:09 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Electronic Arts 2013-08-23 16:01 - 2013-08-22 17:06 - 00000000 ____D C:\Program Files (x86)\Battlefield 3 2013-08-23 15:11 - 2012-12-25 11:58 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\uTorrent 2013-08-23 11:27 - 2013-08-23 11:27 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\EvolutionClips 2013-08-22 17:47 - 2013-08-22 17:40 - 00000000 ____D C:\Users\Hiden\Documents\Battlefield 3 2013-08-22 17:39 - 2013-03-09 17:02 - 00000000 ____D C:\Users\Hiden\AppData\Local\Unity 2013-08-22 17:38 - 2013-06-03 21:08 - 00000000 ____D C:\ProgramData\Origin 2013-08-22 13:14 - 2012-12-05 18:07 - 00000000 ____D C:\Users\Hiden\AppData\Local\Google 2013-08-22 13:12 - 2012-12-05 18:07 - 00000000 ____D C:\Program Files (x86)\Google 2013-08-21 12:46 - 2013-08-21 12:43 - 00000000 ____D C:\Program Files (x86)\Black Ops 2 2013-08-20 20:32 - 2012-12-22 09:13 - 00003822 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2013-08-20 20:32 - 2012-12-06 17:01 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2013-08-20 20:32 - 2012-12-06 17:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2013-08-20 16:26 - 2013-08-20 16:26 - 00000000 ____D C:\Program Files (x86)\PowerISO 2013-08-20 15:33 - 2013-09-04 11:10 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys 2013-08-20 15:32 - 2013-09-04 11:10 - 00029984 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll 2013-08-20 15:32 - 2013-09-04 11:10 - 00028448 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll 2013-08-20 13:26 - 2013-08-20 13:26 - 00000000 ____D C:\Program Files (x86)\Brotherhood Software 2013-08-20 10:48 - 2013-05-07 14:15 - 00081112 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys 2013-08-20 10:48 - 2013-03-25 14:59 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys 2013-08-17 10:49 - 2012-12-05 18:01 - 00218987 _____ C:\Windows\DirectX.log 2013-08-16 18:44 - 2013-08-16 18:44 - 00000000 ____D C:\Users\Hiden\AppData\Roaming\Disney Interactive Studios 2013-08-16 15:58 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\rescache 2013-08-15 18:38 - 2013-07-13 13:17 - 00000000 ____D C:\Windows\system32\MRT 2013-08-15 18:37 - 2012-12-06 10:43 - 78161360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2013-08-15 11:20 - 2013-02-26 21:16 - 00037531 ____H C:\Users\Hiden\Desktop\ZbThumbnail.info 2013-08-15 11:16 - 2013-08-15 11:15 - 00000000 ____D C:\Program Files (x86)\Canon 2013-08-15 11:15 - 2013-08-15 11:15 - 00000000 ____D C:\ProgramData\ZoomBrowser 2013-08-15 09:31 - 2013-06-19 16:25 - 00000000 ____D C:\Users\Hiden\Documents\bitComposer Games 2013-08-15 09:30 - 2013-04-28 12:38 - 00000000 ____D C:\Program Files (x86)\Nokia 2013-08-15 09:25 - 2013-07-24 13:22 - 00000000 ____D C:\Users\Hiden\AppData\Local\LogMeIn Hamachi 2013-08-13 19:37 - 2013-08-13 19:37 - 00000000 ___HD C:\Windows\PIF 2013-08-12 12:50 - 2013-08-12 12:50 - 00000000 ____D C:\Program Files (x86)\Dokan 2013-08-12 11:12 - 2013-04-19 21:18 - 00000000 ____D C:\ts3overlay Files to move or delete: ==================== C:\Users\Hiden\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-09-01 12:09 ==================== End Of Log ============================ --- --- --- |
11.09.2013, 14:17 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes Anti-Malware (MBAM) Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
12.09.2013, 06:39 | #21 |
| Bitcoin Miner in svhost.exe erscheint nach Neustart wiederCode:
ATTFilter Malwarebytes Anti-Malware (PRO) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.09.11.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16686 Hiden :: HIDEN-PC [Administrator] Schutz: Aktiviert 11.09.2013 16:15:00 mbam-log-2013-09-11 (16-15-00).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM | P2P Deaktivierte Suchlaufeinstellungen: Durchsuchte Objekte: 250395 Laufzeit: 4 Minute(n), 30 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=7f007effce64fb46a2ad2f0e115843f9 # engine=15091 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-09-11 07:31:12 # local_time=2013-09-11 09:31:12 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1799 16775165 100 96 19216 244347562 35417 0 # compatibility_mode=5893 16776574 100 94 5214650 130557722 0 0 # scanned=191861 # found=3 # cleaned=0 # scan_time=18530 sh=696254FF4BE9EECAB3EAE8C2FEE3597B21115257 ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="C:\Qoobox\Quarantine\C\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js.vir" sh=AA5D115DEFE49B55BD8FF7E84B12F1B6F1748726 ft=0 fh=0000000000000000 vn="Win32/Adware.1ClickDownload.AO application" ac=I fn="D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 10.zip" sh=0BABE952B708D4DFC2DF9A94BE7BD356F9B1184C ft=0 fh=0000000000000000 vn="Win32/Adware.MultiPlug.H application" ac=I fn="D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 6.zip" Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\Hiden\AppData\Roaming\Mozilla\Firefox\Profiles\jjs60k77.default\extensions\511fe088829a4@511fe088829dd.com\content\bg.js.vir Win32/Adware.MultiPlug.H application D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 10.zip Win32/Adware.1ClickDownload.AO application D:\HIDEN-PC\Backup Set 2013-09-01 190002\Backup Files 2013-09-01 190002\Backup files 6.zip Win32/Adware.MultiPlug.H application |
12.09.2013, 12:23 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sind nur irrelevante Reste. Bitte noch TFC ausführen: TFC - Temp File Cleaner Lade dir TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
12.09.2013, 12:52 | #23 |
| Bitcoin Miner in svhost.exe erscheint nach Neustart wieder TFC hat so einiges gelöscht, habe jetzt nochmal mbam laufen lassen (keine Funde) und ESET auch nochmal gestartet, läuft aber noch... |
12.09.2013, 14:12 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder ESET musst du nicht nochmal ausführen! Die Funde sind irrelevant!
__________________ Logfiles bitte immer in CODE-Tags posten |
12.09.2013, 14:25 | #25 |
| Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Okay. Das heißt du bist der Meinung, dass ich es hinter mir habe? Oder gibts sonst nochwas? |
12.09.2013, 14:49 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
12.09.2013, 14:51 | #27 |
| Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Sonst gibts im Moment keine offensichtlichen Probleme (wegen der GraKa Temperatur hilft mir Acid303). Also: VIELEN, VIELEN DANK!!!!!!!!!!!!!!!!!!!!!! Für die Bemühungen und deine Hilfe! VIELEN DANK! |
12.09.2013, 15:17 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Bitcoin Miner in svhost.exe erscheint nach Neustart wieder Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden. Helfen kann dir dabei delfix: Die Reihenfolge ist hier entscheidend.
Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Bitcoin Miner in svhost.exe erscheint nach Neustart wieder |
abgebrochen, adware/adware.gen7, adware/airinstall.j, adware/bunndle.b, adware/installrex.g.1, adware/somoto.pd, adware/vittalia.af, adware/yontoo.gen, anti-malware, avira antivir, bitcoin, coinminer, eingefangen, malwarebytes, pup.bitcoinminer, pup.funmoods, pup.lyricsad, pup.optional.browserdefender.a, pup.optional.defaulttab.a, pup.optional.delta.a, pup.optional.multiplug.a, pup.optional.optimzerpro.a, pup.optional.sprotect.a, quarantäne, tr/crypt.upkm.gen, tr/rogue.8543085, tr/startpage.cab |