Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Alt 14.10.2013, 17:19   #1
Gwellion
 

Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome) - Standard

Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)



Hallo,
ums gleich vorweg zu sagen, dies ist ein Privater PC am Arbeitsplatz (sieht man daran das ich zwar in der Domäne hänge aber auch z.B. Steam installiert habe). Ich bin (alleine) EDV-Abteilung oder so ähnlich.. Bitte helft mir.

Ich bin es gewohnt Probleme allein zu lösen, daher bin ich auch mit REVO uninstaller und CCleaner über die Maschine gegangen bevor ich hier http://www.trojaner-board.de/142333-...entfernen.html gefolgt bin.

Ich stelle leider fest das ich an diesem Punkt nicht wirklich beschwerdefrei bin.
Folgende Symptome:
Avira läßt sich nur direkt nach dem Booten ausschalten.
Nach dem Booten geht sofort Chrome mit dem Profil meiner Frau auf mit searchgol als start/suchseite (quasi google ersatz).

Natürlich kann ich den Rechner neu installieren.. quasi in bruteforce alle ausführbaren programme, scripte, dll's löschen und nur die "daten" retten.. aber was ist mit PDF o.ä. also dokumente die ausführbaren code und daten enthalten?

Ah ja. beim defogger habe ich keine Logdatei defogger_disable bekommen, habe darauf wieder eingeschaltet und erneut disabled... Aber alles was ich gefunden habe ist eine defogger_enable..

Frst.txt:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013
Ran by henry (administrator) on FARAHLON764 on 14-10-2013 11:55:18
Running from C:\Users\henry\Desktop
Windows 8 Pro with Media Center (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\WINDOWS\system32\AEADISRV.EXE
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkDMS.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe
(REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe
() C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
() C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
(UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe
(Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe
(Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
(VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe
(Soluto) C:\Program Files\Soluto\soluto.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BioWare) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Users\henry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
() C:\Users\henry\moneyplex\mpxalarm.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Raptr, Inc) C:\PROGRA~2\Raptr\raptr.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Microsoft Corporation) C:\WINDOWS\WinStore\WSHost.exe
(Reasonable Software House Ltd.) C:\Program Files (x86)\Reasonable NoClone 2013\NoClone.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe
(Dropbox, Inc.) C:\Users\henry\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
(Raptr, Inc) C:\PROGRA~2\Raptr\raptr_im.exe
(Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
() C:\Program Files (x86)\Tuso\Fiabee Sync\Fiabee.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe
(Futuredial Inc.) C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe
(Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google) C:\Users\henry\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
() C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe
(UltraVNC) C:\Program Files\UltraVNC\vncviewer.exe
(FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe
(Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\MetaExtractor.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [3995824 2013-02-14] (Stardock Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.)
HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation)
HKLM\...\Run: [cFosSpeed] - C:\Program Files\cFosSpeed\cFosSpeed.exe [1587040 2013-04-19] (cFos Software GmbH)
HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-09-23] (Copyright 2013 SAMSUNG)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit
HKCU\...\Run: [D4DD019F40E41690F6DF0D6C69DAE93C752087EE._service_run] - C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.)
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics)
HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-05] (Valve Corporation)
HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-05-08] (TrueCrypt Foundation)
HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE [6595928 2012-05-25] (Yahoo! Inc.)
HKCU\...\Run: [Raptr] - C:\PROGRA~2\Raptr\raptrstub.exe [55360 2013-09-17] (Raptr, Inc)
HKCU\...\Run: [SkyDrive] - C:\Users\henry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation)
HKCU\...\Run: [Google Update] - C:\Users\henry\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-09] (Google Inc.)
HKCU\...\Run: [moneyplex Alarm] - C:\Users\henry\moneyplex\mpxalarm
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.)
HKCU\...\Run: [Reasonable NoClone] - C:\Program Files (x86)\Reasonable NoClone 2013\NoClone.exe [2298880 2013-04-12] (Reasonable Software House Ltd.)
HKCU\...\Run: [GoogleChromeAutoLaunch_6409145A4A71BEA61BB52E08FDE70AA2] - C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.)
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung)
HKCU\...\Run: [chromium] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.)
MountPoints2: {6ff9c302-c1e1-11e2-be92-000272a66d56} - "G:\AutoRun.exe" 
MountPoints2: {b16780b6-a7f3-11e2-be90-000272a66d56} - "E:\AutoRun.exe" 
MountPoints2: {dffb8163-ed60-11e2-be99-000272a66d56} - "G:\AutoRun.exe" 
HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Ai Nap] - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [1439360 2010-03-10] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-18] (cyberlink)
HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] ()
HKLM-x32\...\Run: [Fiabee] - C:\Program Files (x86)\Tuso\Fiabee Sync\Fiabee.exe [9934032 2012-08-23] ()
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [611968 2010-01-13] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [TurboV] - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [5672576 2010-03-08] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2011-03-01] (CyberLink Corp.)
HKLM-x32\...\Run: [InstantBurn] - C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.)
HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] ()
HKLM-x32\...\Run: [ASUS Sync Loader] - C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [638976 2013-03-01] (Futuredial Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-07-17] (Avira Operations GmbH & Co. KG)
HKU\henry.***Domäne***\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\henry.***Domäne***\...\Run: [ROC_JAN2013_TB] - "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe"  /PROMPT /CMPID=JAN2013_TB
HKU\henry.***Domäne***\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe"  /PROMPT /CMPID=JUNE2013_TB
HKU\henry.***Domäne***\...\RunOnce: [WindowsAnytimeUpgradeResults.exe] - C:\Windows\System32\WindowsAnytimeUpgradeResults.exe [92672 2012-07-26] (Microsoft Corporation)
Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\henry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk
ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation)
Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

ProxyServer: http=172.21.12.12:8123;https=172.21.12.12:8123;socks=127.0.0.1:1080
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65EA2C7711B0CB01
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
SearchScopes: HKCU - DefaultScope {10A47EA0-714E-499D-BEE0-E616F3123D0C} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
SearchScopes: HKCU - {10A47EA0-714E-499D-BEE0-E616F3123D0C} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
SearchScopes: HKCU - {D392FFEB-8F85-4903-A08D-E1A6E2344844} URL = hxxp://wow.freierbund.de/index.php?pID=16&s={searchTerms}&x=1
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -  No File
BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
BHO-x32: ReasonableToolbar.ToolbarBHO - {d8961a1e-25db-33c9-a7c9-3d3e3266b5b8} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.69\npchrome_frame.dll (Google Inc.)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll ()
Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH)
Toolbar: HKLM-x32 - ReasonableToolbar - {c9a6357b-25cc-4bcf-96c1-78736985d413} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation)
Toolbar: HKCU -  No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU -  No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} -  No File
Toolbar: HKCU -  No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} -  No File
DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab
DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://192.168.123.18/DVRemoteAx.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.69\npchrome_frame.dll (Google Inc.)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.123.3

FireFox:
========
FF ProfilePath: C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin HKCU: @Skype.com/Skype Web Plugin - C:\Users\henry\AppData\Local\Skype\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\henry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\searchplugins\freier-bund-map--guide.xml
FF SearchPlugin: C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\searchplugins\speedydragon.xml
FF Extension: Deutsches Wörterbuch - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\de-DE@dictionaries.addons.mozilla.org
FF Extension: Виявлення пристроїв Logitech - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\DeviceDetection@logitech.com
FF Extension: United States English Spellchecker - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\en-US@dictionaries.addons.mozilla.org
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\fb_add_on@avm.de
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\foxmarks@kei.com
FF Extension: LastPass - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\support@lastpass.com
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash
FF Extension: Flashblock - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
FF Extension: DownloadHelper - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: checkplaces - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\checkplaces@andyhalford.com.xpi
FF Extension: fdm_ffext - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\fdm_ffext@freedownloadmanager.org
FF Extension: finder - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\finder@meingutscheincode.de.xpi
FF Extension: firefox - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\firefox@ghostery.com.xpi
FF Extension: personas - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\personas@christopher.beard.xpi
FF Extension: sipgateffx - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\sipgateffx@michael.rotmanov.xpi
FF Extension: socialfixer - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\socialfixer@mattkruse.com.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 &lt;video&gt; - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\

Chrome: 
=======
CHR HomePage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=EEB200FFCD992AA0&affID=121565&tsp=5017
CHR RestoreOnStartup: "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=EEB200FFCD992AA0&affID=121565&tsp=5017"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Users\henry\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\henry\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\henry\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Users\henry\AppData\Local\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org)
CHR Plugin: (Google Talk Plugin) - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Skype Web Plugin) - C:\Users\henry\AppData\Local\Skype\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Skype Click to Call) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0
CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe [404360 2013-09-10] (Samsung)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-17] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [815160 2013-08-09] (Avira Operations GmbH & Co. KG)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [480096 2013-04-19] (cFos Software GmbH)
R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink)
R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] ()
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 GJService; C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [3031624 2010-12-05] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation)
R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-09-23] (Copyright 2013 SAMSUNG)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [159800 2012-10-28] (Soluto)
R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA)
R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [1907656 2010-11-28] (UltraVNC)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation)
R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2012-01-20] (Xobni Corporation)
S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe" [x]

==================== Drivers (Whitelisted) ====================

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] ()
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-12-05] ()
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-08-22] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-07-15] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG)
S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT)
R1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.)
R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.)
R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-11-26] (Paragon Software Group)
R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-12-05] ()
R3 Maplom; C:\Windows\System32\Drivers\Maplom.sys [33864 2010-12-05] (SlySoft Inc.)
R3 MaplomL; C:\Windows\System32\Drivers\MaplomL.sys [58440 2010-12-05] (SlySoft Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation)
R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [178728 2009-05-12] (Marvell Semiconductor, Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation)
S3 ogtap100; C:\Windows\system32\DRIVERS\ogtap100.sys [36736 2013-04-03] (The OpenVPN Project)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-04-01] (Splashtop Inc.)
S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation)
R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-10-26] (Acronis)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.)
R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell)
R3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x64.sys [x]
S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x]
U3 idsvc; 
U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-10-14 10:58 - 2013-10-14 10:58 - 00000000 _____ C:\Users\henry\defogger_reenable
2013-10-14 10:48 - 2013-10-14 10:48 - 01954124 _____ (Farbar) C:\Users\henry\Desktop\FRST64.exe
2013-10-14 10:45 - 2013-10-14 10:45 - 00050477 _____ C:\Users\henry\Desktop\Defogger.exe
2013-10-14 09:58 - 2013-10-14 09:58 - 100838232 _____ C:\WINDOWS\SysWOW64\跶擡炜ĩ
2013-10-14 09:57 - 2013-10-14 09:57 - 00000022 _____ C:\WINDOWS\S.dirmngr
2013-10-14 09:05 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2013-10-14 09:05 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
2013-10-14 09:05 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2013-10-14 09:05 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll
2013-10-14 09:05 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll
2013-10-14 09:05 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx
2013-10-14 09:05 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx
2013-10-14 09:05 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll
2013-10-14 09:05 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll
2013-10-14 09:05 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2013-10-14 09:05 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2013-10-14 09:05 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
2013-10-14 09:05 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2013-10-14 09:05 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2013-10-14 09:05 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2013-10-14 09:05 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
2013-10-14 09:05 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2013-10-14 09:05 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2013-10-14 09:05 - 2013-07-31 01:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml
2013-10-14 09:05 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
2013-10-14 09:05 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
2013-10-14 09:05 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll
2013-10-14 09:05 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2013-10-14 09:05 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2013-10-14 09:05 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2013-10-11 19:05 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-10-11 19:05 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-10-11 19:05 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-10-11 19:05 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-10-11 19:05 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-10-11 19:05 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-10-11 19:05 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-10-11 19:05 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-10-11 19:05 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-10-11 19:05 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-10-11 19:05 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-10-11 19:05 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-10-11 19:05 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-10-11 19:05 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-10-11 19:05 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-10-11 19:05 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-10-11 19:05 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-10-11 19:05 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2013-10-11 19:05 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2013-10-11 19:05 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2013-10-11 19:05 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2013-10-11 19:05 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2013-10-11 19:05 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
2013-10-11 19:05 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2013-10-11 19:05 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2013-10-11 19:05 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2013-10-11 19:05 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
2013-10-11 19:05 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2013-10-11 19:05 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2013-10-11 19:05 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2013-10-11 19:05 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2013-10-11 19:04 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2013-10-11 19:04 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll
2013-10-11 18:57 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2013-10-11 18:57 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 18:57 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-11 18:57 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys
2013-10-11 18:57 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2013-10-11 18:57 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2013-10-11 18:57 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2013-10-11 18:57 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
2013-10-11 18:57 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2013-10-11 18:57 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2013-10-11 18:57 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
2013-10-11 18:57 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
2013-10-11 18:57 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2013-10-11 18:57 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
2013-10-11 18:57 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2013-10-11 18:57 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2013-10-11 18:57 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2013-10-11 18:57 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2013-10-11 18:57 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
2013-10-11 18:57 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2013-10-11 18:57 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2013-10-11 18:57 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2013-10-11 18:57 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2013-10-08 19:30 - 2013-10-08 19:31 - 00001300 _____ C:\WINDOWS\system32\TeamViewer8_Hooks.log
2013-10-08 18:58 - 2013-10-08 18:58 - 00000000 ____D C:\Users\henry\AppData\Roaming\Avira
2013-10-08 18:54 - 2013-10-08 18:54 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-10-08 18:52 - 2013-10-08 18:52 - 00002038 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\ProgramData\Avira
2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-08 18:52 - 2013-08-22 17:51 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2013-10-08 18:52 - 2013-07-15 16:08 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2013-10-08 18:52 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
2013-10-02 11:05 - 2013-10-02 11:05 - 00067181 _____ C:\Users\henry\Desktop\JRT.txt
2013-10-02 11:01 - 2013-10-02 11:01 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-01 19:04 - 2013-10-01 19:07 - 00000000 ____D C:\AdwCleaner
2013-10-01 19:04 - 2013-10-01 19:04 - 01045226 _____ C:\Users\henry\Downloads\adwcleaner.exe
2013-10-01 18:39 - 2013-10-01 18:39 - 00081335 _____ C:\Users\henry\Downloads\FRST.txt
2013-10-01 18:38 - 2013-10-01 18:39 - 00064453 _____ C:\Users\henry\Downloads\Addition.txt
2013-10-01 18:36 - 2013-10-01 18:36 - 01953880 _____ (Farbar) C:\Users\henry\Downloads\FRST64.exe
2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\FRST
2013-10-01 12:52 - 2013-10-01 12:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 12:51 - 2013-10-01 12:51 - 00002105 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2013-10-01 12:47 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
2013-10-01 12:47 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432723.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432723.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
2013-10-01 12:47 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
2013-10-01 12:47 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys
2013-10-01 12:47 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll
2013-10-01 12:47 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll
2013-10-01 12:46 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll
2013-10-01 12:46 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll
2013-10-01 12:42 - 2013-10-01 12:42 - 00000000 ____D C:\NVIDIA
2013-10-01 09:55 - 2013-10-01 09:55 - 00000000 ____D C:\Users\henry\Desktop\rkill
2013-10-01 09:54 - 2013-10-01 09:57 - 00002792 _____ C:\Users\henry\Desktop\Rkill.txt
2013-10-01 09:53 - 2013-10-01 09:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\henry\Downloads\rkill.com
2013-09-30 16:29 - 2013-09-30 16:29 - 00002410 _____ C:\Users\Public\Desktop\Bitvise SSH Client.lnk
2013-09-30 16:29 - 2013-09-30 16:29 - 00000000 ____D C:\Program Files (x86)\Bitvise SSH Client
2013-09-30 16:28 - 2013-09-30 16:29 - 07304920 _____ C:\Users\henry\Downloads\BvSshClient-Inst.exe
2013-09-27 17:51 - 2013-09-30 17:16 - 00010662 _____ C:\Users\henry\Documents\fingPersist.tmp
2013-09-27 17:51 - 2013-09-27 23:11 - 00009116 _____ C:\Users\henry\Documents\Fing.html
2013-09-27 16:47 - 2013-09-27 16:47 - 00000000 ____D C:\Users\henry\AppData\Roaming\Overlook
2013-09-27 16:46 - 2013-09-27 16:46 - 03165917 _____ C:\Users\henry\Downloads\overlook-fing-2.2.exe
2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\ProgramData\Overlook
2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\Program Files (x86)\Overlook Fing 2.2
2013-09-27 10:00 - 2013-10-14 09:58 - 00162649 _____ C:\WINDOWS\setupact.log
2013-09-27 10:00 - 2013-09-27 10:00 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-27 09:59 - 2013-10-14 09:55 - 00115614 _____ C:\WINDOWS\PFRO.log
2013-09-27 09:28 - 2013-09-27 09:28 - 00000000 ____D C:\Users\henry\AppData\Local\avgchrome
2013-09-27 08:44 - 2013-09-27 08:44 - 00031107 _____ C:\Users\henry\Downloads\crunchbang-11-20130506-i486.iso.torrent
2013-09-26 17:35 - 2013-09-26 17:35 - 00001081 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 17:35 - 2013-09-26 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-26 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2013-09-26 17:11 - 2013-09-26 17:11 - 00000000 ____D C:\Users\henry\Documents\Egosoft
2013-09-26 16:52 - 2013-09-26 16:53 - 00018473 _____ C:\WINDOWS\DirectX.log
2013-09-26 16:19 - 2013-09-26 16:20 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\henry\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-26 11:02 - 2013-09-26 11:45 - 832569344 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-i386.iso
2013-09-26 09:39 - 2013-09-26 10:21 - 823132160 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-amd64.iso
2013-09-25 14:53 - 2013-09-25 14:53 - 01111358 _____ C:\Users\henry\Downloads\DualBootUtilities-1.0.1.zip
2013-09-25 14:52 - 2013-09-25 14:53 - 06687638 _____ C:\Users\henry\Downloads\DualBootPatcher-1.9.zip
2013-09-25 11:54 - 2013-09-25 11:54 - 00447201 _____ C:\Users\henry\Downloads\DualBootSwitcher-1.0.apk
2013-09-24 15:43 - 2013-09-24 15:47 - 91155016 _____ (Copyright 2013 SAMSUNG) C:\Users\henry\Downloads\SamsungLink_Installer64.exe
2013-09-24 11:53 - 2013-09-24 11:53 - 00176719 _____ C:\Users\henry\Downloads\CCEnhancer-3.8-multilanguage.zip
2013-09-24 11:43 - 2013-09-24 11:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-24 11:41 - 2013-09-24 11:41 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-24 11:00 - 2013-09-24 11:00 - 00776040 _____ C:\Users\henry\Documents\cc_20130924_110035.reg
2013-09-23 08:51 - 2013-09-23 08:52 - 00000000 ____D C:\Users\henry\Downloads\Odin3-v3.09
2013-09-23 08:51 - 2013-09-23 08:51 - 00820100 _____ C:\Users\henry\Downloads\Odin3-v3.09.rar
2013-09-20 07:30 - 2013-09-20 07:30 - 00000222 _____ C:\Users\henry\Desktop\X3 Albion Prelude.url
2013-09-20 07:30 - 2013-09-20 07:30 - 00000220 _____ C:\Users\henry\Desktop\X3 Terran Conflict.url
2013-09-20 07:30 - 2013-09-20 07:30 - 00000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Roaming\MusicBrainz
2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Local\cache
2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Program Files (x86)\MusicBrainz Picard

==================== One Month Modified Files and Folders =======

2013-10-14 11:51 - 2010-01-23 13:07 - 00000000 ____D C:\Users\henry\AppData\Roaming\Free Download Manager
2013-10-14 11:50 - 2012-10-30 14:23 - 01257676 _____ C:\WINDOWS\WindowsUpdate.log
2013-10-14 11:50 - 2010-03-06 17:44 - 00000000 ____D C:\Users\henry\AppData\Roaming\Skype
2013-10-14 11:43 - 2009-11-22 01:02 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10275E3E-1283-4D8C-AB6E-ACF96EB5F677}
2013-10-14 11:30 - 2012-05-11 09:50 - 00000000 ____D C:\Users\henry\AppData\Roaming\Dropbox
2013-10-14 11:30 - 2012-04-10 09:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2013-10-14 11:24 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache
2013-10-14 11:06 - 2009-11-22 02:08 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-14 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru
2013-10-14 10:58 - 2013-10-14 10:58 - 00000000 _____ C:\Users\henry\defogger_reenable
2013-10-14 10:58 - 2012-11-09 12:28 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001UA.job
2013-10-14 10:58 - 2012-10-30 13:54 - 00000000 ____D C:\Users\henry
2013-10-14 10:58 - 2010-01-23 13:07 - 00000000 ____D C:\Program Files (x86)\Free Download Manager
2013-10-14 10:48 - 2013-10-14 10:48 - 01954124 _____ (Farbar) C:\Users\henry\Desktop\FRST64.exe
2013-10-14 10:45 - 2013-10-14 10:45 - 00050477 _____ C:\Users\henry\Desktop\Defogger.exe
2013-10-14 10:45 - 2010-01-24 12:29 - 00000000 ____D C:\Users\henry\Documents\Outlook-Dateien
2013-10-14 10:41 - 2012-02-28 15:28 - 00000000 ____D C:\Users\henry\AppData\Roaming\Fiabee
2013-10-14 10:06 - 2012-10-15 19:18 - 00001914 _____ C:\Users\henry\Desktop\MySyncFolder.lnk
2013-10-14 10:06 - 2012-10-15 11:16 - 00000000 ____D C:\Users\henry\AppData\Roaming\ASUS WebStorage
2013-10-14 10:05 - 2012-08-10 13:55 - 00000000 ____D C:\Users\henry\AppData\Roaming\Raptr
2013-10-14 10:05 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent
2013-10-14 10:04 - 2012-05-11 09:53 - 00000000 ___RD C:\Users\henry\Dropbox
2013-10-14 10:03 - 2012-10-31 09:39 - 00000000 ___RD C:\Users\henry\SkyDrive
2013-10-14 10:03 - 2012-08-20 10:21 - 00000000 ____D C:\Program Files (x86)\Steam
2013-10-14 10:01 - 2009-11-21 09:26 - 00000000 ___RD C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-14 10:01 - 2009-11-21 09:26 - 00000000 ___RD C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-14 10:00 - 2013-06-03 17:24 - 00000388 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-10-14 10:00 - 2013-01-24 11:12 - 00000392 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
2013-10-14 10:00 - 2009-11-22 02:08 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-14 09:59 - 2011-09-20 21:35 - 00000000 ____D C:\ProgramData\VMware
2013-10-14 09:58 - 2013-10-14 09:58 - 100838232 _____ C:\WINDOWS\SysWOW64\跶擡炜ĩ
2013-10-14 09:58 - 2013-09-27 10:00 - 00162649 _____ C:\WINDOWS\setupact.log
2013-10-14 09:58 - 2009-11-24 00:18 - 00000175 ___SH C:\ProgramData\.zreglib
2013-10-14 09:57 - 2013-10-14 09:57 - 00000022 _____ C:\WINDOWS\S.dirmngr
2013-10-14 09:57 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2013-10-14 09:57 - 2012-01-24 19:34 - 00000152 _____ C:\WINDOWS\system32\config\netlogon.ftl
2013-10-14 09:57 - 2009-11-22 01:12 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-14 09:55 - 2013-09-27 09:59 - 00115614 _____ C:\WINDOWS\PFRO.log
2013-10-14 09:55 - 2012-01-30 11:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-14 09:55 - 2009-11-22 08:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-14 09:53 - 2012-07-26 07:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2013-10-14 09:52 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData
2013-10-14 08:53 - 2012-05-11 09:52 - 00000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2013-10-11 19:19 - 2009-11-22 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-11 19:18 - 2013-08-15 03:14 - 00000000 ____D C:\WINDOWS\system32\MRT
2013-10-11 19:10 - 2009-11-22 02:16 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2013-10-08 22:02 - 2009-11-22 02:08 - 00004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-08 22:00 - 2009-11-22 02:08 - 00003844 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-08 20:31 - 2012-04-10 09:22 - 00003796 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2013-10-08 19:31 - 2013-10-08 19:30 - 00001300 _____ C:\WINDOWS\system32\TeamViewer8_Hooks.log
2013-10-08 19:30 - 2013-01-29 12:04 - 00001058 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk
2013-10-08 18:58 - 2013-10-08 18:58 - 00000000 ____D C:\Users\henry\AppData\Roaming\Avira
2013-10-08 18:54 - 2013-10-08 18:54 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
2013-10-08 18:52 - 2013-10-08 18:52 - 00002038 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\ProgramData\Avira
2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\Program Files (x86)\Avira
2013-10-08 16:58 - 2012-11-09 12:28 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001Core.job
2013-10-08 16:53 - 2012-11-09 12:28 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001UA
2013-10-08 16:53 - 2012-11-09 12:28 - 00003714 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001Core
2013-10-07 17:59 - 2009-11-24 00:18 - 00000000 ____D C:\ProgramData\SlySoft
2013-10-07 16:05 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF
2013-10-07 09:15 - 2012-08-13 14:24 - 00000000 ____D C:\Users\henry\AppData\Roaming\TeamViewer
2013-10-04 17:44 - 2012-11-09 12:30 - 00002379 _____ C:\Users\henry\Desktop\Google Chrome.lnk
2013-10-02 11:05 - 2013-10-02 11:05 - 00067181 _____ C:\Users\henry\Desktop\JRT.txt
2013-10-02 11:01 - 2013-10-02 11:01 - 00000000 ____D C:\WINDOWS\ERUNT
2013-10-02 03:38 - 2013-05-21 08:43 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2013-10-02 03:38 - 2013-05-21 08:43 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-01 19:07 - 2013-10-01 19:04 - 00000000 ____D C:\AdwCleaner
2013-10-01 19:04 - 2013-10-01 19:04 - 01045226 _____ C:\Users\henry\Downloads\adwcleaner.exe
2013-10-01 18:39 - 2013-10-01 18:39 - 00081335 _____ C:\Users\henry\Downloads\FRST.txt
2013-10-01 18:39 - 2013-10-01 18:38 - 00064453 _____ C:\Users\henry\Downloads\Addition.txt
2013-10-01 18:36 - 2013-10-01 18:36 - 01953880 _____ (Farbar) C:\Users\henry\Downloads\FRST64.exe
2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\FRST
2013-10-01 18:36 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default
2013-10-01 18:19 - 2012-04-19 16:59 - 00000000 ____D C:\Users\henry\AppData\Roaming\gnupg
2013-10-01 15:22 - 2012-07-26 10:12 - 00000000 __RHD C:\Users\Public\Libraries
2013-10-01 12:53 - 2012-10-30 13:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2013-10-01 12:53 - 2009-11-22 01:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2013-10-01 12:52 - 2013-10-01 12:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies
2013-10-01 12:52 - 2012-10-30 13:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-10-01 12:51 - 2013-10-01 12:51 - 00002105 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk
2013-10-01 12:42 - 2013-10-01 12:42 - 00000000 ____D C:\NVIDIA
2013-10-01 09:57 - 2013-10-01 09:54 - 00002792 _____ C:\Users\henry\Desktop\Rkill.txt
2013-10-01 09:55 - 2013-10-01 09:55 - 00000000 ____D C:\Users\henry\Desktop\rkill
2013-10-01 09:53 - 2013-10-01 09:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\henry\Downloads\rkill.com
2013-09-30 17:16 - 2013-09-27 17:51 - 00010662 _____ C:\Users\henry\Documents\fingPersist.tmp
2013-09-30 16:36 - 2009-08-25 12:00 - 00000000 ___RD C:\Users\henry\Downloads\Software
2013-09-30 16:29 - 2013-09-30 16:29 - 00002410 _____ C:\Users\Public\Desktop\Bitvise SSH Client.lnk
2013-09-30 16:29 - 2013-09-30 16:29 - 00000000 ____D C:\Program Files (x86)\Bitvise SSH Client
2013-09-30 16:29 - 2013-09-30 16:28 - 07304920 _____ C:\Users\henry\Downloads\BvSshClient-Inst.exe
2013-09-30 08:54 - 2009-11-21 11:20 - 00000000 ____D C:\Users\henry\AppData\Roaming\Mozilla
2013-09-27 23:11 - 2013-09-27 17:51 - 00009116 _____ C:\Users\henry\Documents\Fing.html
2013-09-27 18:34 - 2012-10-30 14:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2924421799-2045358301-2701136695-1001
2013-09-27 17:46 - 2012-05-21 12:12 - 00000000 ____D C:\Users\henry\AppData\Roaming\Notepad++
2013-09-27 16:47 - 2013-09-27 16:47 - 00000000 ____D C:\Users\henry\AppData\Roaming\Overlook
2013-09-27 16:46 - 2013-09-27 16:46 - 03165917 _____ C:\Users\henry\Downloads\overlook-fing-2.2.exe
2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\ProgramData\Overlook
2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\Program Files (x86)\Overlook Fing 2.2
2013-09-27 10:36 - 2012-08-10 13:55 - 00000000 ____D C:\Program Files (x86)\Raptr
2013-09-27 10:29 - 2012-10-30 14:39 - 00000000 ____D C:\Users\henry\AppData\Local\Packages
2013-09-27 10:00 - 2013-09-27 10:00 - 00000000 _____ C:\WINDOWS\setuperr.log
2013-09-27 09:28 - 2013-09-27 09:28 - 00000000 ____D C:\Users\henry\AppData\Local\avgchrome
2013-09-27 08:44 - 2013-09-27 08:44 - 00031107 _____ C:\Users\henry\Downloads\crunchbang-11-20130506-i486.iso.torrent
2013-09-26 17:37 - 2013-01-11 12:53 - 00001085 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk
2013-09-26 17:35 - 2013-09-26 17:35 - 00001081 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-09-26 17:35 - 2013-09-26 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-09-26 17:11 - 2013-09-26 17:11 - 00000000 ____D C:\Users\henry\Documents\Egosoft
2013-09-26 16:53 - 2013-09-26 16:52 - 00018473 _____ C:\WINDOWS\DirectX.log
2013-09-26 16:50 - 2012-05-24 18:43 - 00000000 ____D C:\Users\henry\Documents\MailStore Home
2013-09-26 16:50 - 2012-05-24 18:43 - 00000000 ____D C:\ProgramData\firebird
2013-09-26 16:20 - 2013-09-26 16:19 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\henry\Downloads\mbam-setup-1.75.0.1300.exe
2013-09-26 16:02 - 2009-11-22 02:17 - 00001837 _____ C:\Users\Public\Desktop\ImgBurn.lnk
2013-09-26 11:45 - 2013-09-26 11:02 - 832569344 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-i386.iso
2013-09-26 10:21 - 2013-09-26 09:39 - 823132160 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-amd64.iso
2013-09-25 14:53 - 2013-09-25 14:53 - 01111358 _____ C:\Users\henry\Downloads\DualBootUtilities-1.0.1.zip
2013-09-25 14:53 - 2013-09-25 14:52 - 06687638 _____ C:\Users\henry\Downloads\DualBootPatcher-1.9.zip
2013-09-25 11:54 - 2013-09-25 11:54 - 00447201 _____ C:\Users\henry\Downloads\DualBootSwitcher-1.0.apk
2013-09-24 15:47 - 2013-09-24 15:43 - 91155016 _____ (Copyright 2013 SAMSUNG) C:\Users\henry\Downloads\SamsungLink_Installer64.exe
2013-09-24 11:53 - 2013-09-24 11:53 - 00176719 _____ C:\Users\henry\Downloads\CCEnhancer-3.8-multilanguage.zip
2013-09-24 11:43 - 2013-09-24 11:43 - 00000000 ____D C:\ProgramData\Oracle
2013-09-24 11:41 - 2013-09-24 11:41 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2013-09-24 11:41 - 2013-07-08 15:10 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2013-09-24 11:41 - 2012-07-08 13:46 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npdeployJava1.dll
2013-09-24 11:41 - 2010-04-24 16:47 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2013-09-24 11:36 - 2013-09-05 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-09-24 11:36 - 2013-08-15 15:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack
2013-09-24 11:36 - 2013-03-06 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-09-24 11:36 - 2012-11-21 04:24 - 00000000 ____D C:\WINDOWS\Minidump
2013-09-24 11:36 - 2012-10-29 20:05 - 00000000 ____D C:\WINDOWS\Panther
2013-09-24 11:36 - 2011-09-23 08:02 - 00000000 ____D C:\Users\henry\AppData\Local\VMware
2013-09-24 11:36 - 2011-07-20 21:37 - 00000000 ____D C:\Users\henry\AppData\Local\Downloaded Installations
2013-09-24 11:36 - 2010-04-16 22:07 - 00000000 ____D C:\Users\henry\AppData\Roaming\inkscape
2013-09-24 11:36 - 2010-04-10 03:34 - 00000000 ____D C:\Users\henry\AppData\Local\Paint.NET
2013-09-24 11:36 - 2009-11-22 02:09 - 00000000 ____D C:\ProgramData\Skype
2013-09-24 11:36 - 2009-06-19 23:01 - 00000000 ____D C:\Users\henry\Tracing
2013-09-24 11:09 - 2009-11-24 10:17 - 00000000 ____D C:\Program Files (x86)\CCleaner
2013-09-24 11:00 - 2013-09-24 11:00 - 00776040 _____ C:\Users\henry\Documents\cc_20130924_110035.reg
2013-09-24 10:09 - 2011-01-30 20:39 - 00001732 _____ C:\Users\Public\Desktop\Defraggler.lnk
2013-09-24 10:09 - 2010-01-18 07:51 - 00000000 ____D C:\Program Files\Defraggler
2013-09-24 09:26 - 2011-01-28 09:20 - 00000989 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-09-23 08:52 - 2013-09-23 08:51 - 00000000 ____D C:\Users\henry\Downloads\Odin3-v3.09
2013-09-23 08:51 - 2013-09-23 08:51 - 00820100 _____ C:\Users\henry\Downloads\Odin3-v3.09.rar
2013-09-23 01:28 - 2013-10-11 19:05 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2013-09-23 01:28 - 2013-10-11 19:05 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2013-09-23 01:27 - 2013-10-11 19:05 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2013-09-23 01:27 - 2013-10-11 19:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2013-09-23 01:27 - 2013-10-11 19:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2013-09-23 01:27 - 2013-10-11 19:05 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2013-09-23 01:27 - 2013-10-11 19:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2013-09-23 01:27 - 2013-10-11 19:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2013-09-23 00:55 - 2013-10-11 19:05 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2013-09-23 00:55 - 2013-10-11 19:05 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2013-09-23 00:55 - 2013-10-11 19:05 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2013-09-23 00:54 - 2013-10-11 19:05 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2013-09-23 00:54 - 2013-10-11 19:05 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2013-09-23 00:54 - 2013-10-11 19:05 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2013-09-23 00:54 - 2013-10-11 19:05 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2013-09-23 00:54 - 2013-10-11 19:05 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2013-09-23 00:54 - 2013-10-11 19:05 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2013-09-20 07:30 - 2013-09-20 07:30 - 00000222 _____ C:\Users\henry\Desktop\X3 Albion Prelude.url
2013-09-20 07:30 - 2013-09-20 07:30 - 00000220 _____ C:\Users\henry\Desktop\X3 Terran Conflict.url
2013-09-20 07:30 - 2013-09-20 07:30 - 00000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-09-19 23:12 - 2013-02-25 20:02 - 00000000 ____D C:\Program Files\Kyocera
2013-09-18 15:38 - 2013-03-18 11:36 - 00000953 _____ C:\Users\Public\Desktop\Last.fm Scrobbler.lnk
2013-09-18 15:38 - 2011-10-01 14:20 - 00000000 ____D C:\Program Files (x86)\Last.fm
2013-09-18 15:36 - 2013-03-18 12:05 - 00000000 ____D C:\Users\henry\AppData\Roaming\foobar2000
2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Roaming\MusicBrainz
2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Local\cache
2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Program Files (x86)\MusicBrainz Picard
2013-09-18 09:51 - 2012-06-06 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

Some content of TEMP:
====================
C:\Users\henry\AppData\Local\Temp\i4jdel0.exe
C:\Users\henry\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe
C:\Users\henry\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\henry\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\henry\AppData\Local\Temp\nvSCPAPISvr.exe
C:\Users\henry\AppData\Local\Temp\nvStInst.exe
C:\Users\henry\AppData\Local\Temp\Quarantine.exe
C:\Users\henry\AppData\Local\Temp\SamsungAPInstaller_1380029602058.exe
C:\Users\henry\AppData\Local\Temp\uninst1.exe
C:\Users\henry\AppData\Local\Temp\VSUSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-11 19:02

==================== End Of Log ============================
         
--- --- ---

--- --- ---


GMER.LOG
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-14 18:28:34
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0 931,51GB
Running: zyy5l85y.exe; Driver: C:\Users\henry\AppData\Local\Temp\uxlorfoc.sys


---- Kernel code sections - GMER 2.1 ----

.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable                                                           fffff960000d4a00 7 bytes [40, CA, 81, 01, 00, 4C, F2]
.text  C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8                                                       fffff960000d4a08 7 bytes [01, EA, BF, FF, 00, C7, DA]

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed                         -1722754004
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a66d56                               
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a66d56@6c8336e41cf3                  0xC2 0x4B 0xC8 0x1C ...
Reg    HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings                                 
Reg    HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@09ee2a995e006444eb60aa8ebed7f942\r\n  0xD1 0x48 0xC0 0x77 ...
Reg    HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@2ab3624df121c9fc822a113c5bb8cea3\r\n  0xD1 0x48 0xC0 0xF7 ...
Reg    HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@60d84cc295ead2635c9155d248a66319\r\n  0x0A 0xE2 0x64 0x52 ...
Reg    HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@9f1922cfebcf9613d19795c1488396d2\r\n  0xC2 0x0B 0xAB 0xDF ...

---- EOF - GMER 2.1 ----
         
Ich hätte noch ältere FRST und Addition; Rkill.txt vom 1.10. und JRT vom 2.10. zu bieten.

Geändert von Gwellion (14.10.2013 um 17:36 Uhr)

 

Themen zu Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)
administrator, bluescreen, chromium, computer, delta chrome toolbar, farbar, farbar recovery scan tool, flash player, free download, homepage, install.exe, plug-in, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.opencandy, pup.optional.performersoft.a, pup.pswtool.productkey, revo uninstaller, searchgol, secure search, services.exe, system, windowsapps, winlogon.exe




Ähnliche Themen: Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)


  1. Win 7 - nach Spieldownload und Schein-Installation Probleme und Chaos
    Log-Analyse und Auswertung - 31.03.2015 (27)
  2. Win8/ Firefox voller Werbung nach Avira installation/ evtl. mehr?
    Plagegeister aller Art und deren Bekämpfung - 06.12.2014 (14)
  3. nach Installation von adobe reader Probleme mit öffnen andere Programme
    Log-Analyse und Auswertung - 22.10.2014 (3)
  4. Nach ImgBurn Installation Malware gefunden
    Plagegeister aller Art und deren Bekämpfung - 24.09.2014 (15)
  5. Nach der Installation von Windows 7 öffnen sich immer öfters popups erst in chrome nun auch in firefox
    Plagegeister aller Art und deren Bekämpfung - 04.06.2014 (19)
  6. Win 8.1: Nach Skype Installation viele Probleme
    Log-Analyse und Auswertung - 04.06.2014 (4)
  7. Probleme nach Installation von NewPlayer
    Log-Analyse und Auswertung - 12.05.2014 (11)
  8. Nach iTunes Installation Probleme u. a. mit Lollipop
    Log-Analyse und Auswertung - 02.02.2014 (9)
  9. Windows 7: Firefox/Chrome starten nicht mehr nach Installation von ilivid (Prozess bricht ab)
    Log-Analyse und Auswertung - 06.11.2013 (17)
  10. Probleme beim booten von Vista nach der Installation von VistaGlazz!
    Alles rund um Windows - 13.10.2013 (4)
  11. Windows 7: Komische Werbung bei Chrome und selbst öffnende Fenster nach Tune-Up Utilities Installation
    Plagegeister aller Art und deren Bekämpfung - 10.09.2013 (11)
  12. Nach SP3 Installation starke probleme
    Alles rund um Windows - 11.10.2012 (0)
  13. Arge Probleme nach Installation von ConvertxToDVD - Trojaner?!
    Log-Analyse und Auswertung - 03.03.2009 (10)
  14. einige probleme nach windows installation
    Alles rund um Windows - 29.07.2008 (10)
  15. Nach installation von F-Secure Internet Security 2007 Probleme
    Log-Analyse und Auswertung - 05.09.2007 (5)
  16. Probleme nach Installation von AntiVireKit 2006 von GDATA
    Antiviren-, Firewall- und andere Schutzprogramme - 23.03.2006 (12)
  17. Nach XP SP2-Installation Massenhaft Probleme
    Alles rund um Windows - 04.01.2006 (7)

Zum Thema Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome) - Hallo, ums gleich vorweg zu sagen, dies ist ein Privater PC am Arbeitsplatz (sieht man daran das ich zwar in der Domäne hänge aber auch z.B. Steam installiert habe). Ich - Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)...
Archiv
Du betrachtest: Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.