![]() |
|
Log-Analyse und Auswertung: Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome) Hallo, ums gleich vorweg zu sagen, dies ist ein Privater PC am Arbeitsplatz (sieht man daran das ich zwar in der Domäne hänge aber auch z.B. Steam installiert habe). Ich bin (alleine) EDV-Abteilung oder so ähnlich.. Bitte helft mir. Ich bin es gewohnt Probleme allein zu lösen, daher bin ich auch mit REVO uninstaller und CCleaner über die Maschine gegangen bevor ich hier http://www.trojaner-board.de/142333-...entfernen.html gefolgt bin. Ich stelle leider fest das ich an diesem Punkt nicht wirklich beschwerdefrei bin. Folgende Symptome: Avira läßt sich nur direkt nach dem Booten ausschalten. Nach dem Booten geht sofort Chrome mit dem Profil meiner Frau auf mit searchgol als start/suchseite (quasi google ersatz). Natürlich kann ich den Rechner neu installieren.. quasi in bruteforce alle ausführbaren programme, scripte, dll's löschen und nur die "daten" retten.. aber was ist mit PDF o.ä. also dokumente die ausführbaren code und daten enthalten? Ah ja. beim defogger habe ich keine Logdatei defogger_disable bekommen, habe darauf wieder eingeschaltet und erneut disabled... Aber alles was ich gefunden habe ist eine defogger_enable.. Frst.txt: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-10-2013 Ran by henry (administrator) on FARAHLON764 on 14-10-2013 11:55:18 Running from C:\Users\henry\Desktop Windows 8 Pro with Media Center (X64) OS Language: German Standard Internet Explorer Version 10 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (Andrea Electronics Corporation) C:\WINDOWS\system32\AEADISRV.EXE (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe (Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkDMS.exe (cFos Software GmbH) C:\Program Files\cFosSpeed\spd.exe (REINER SCT) C:\Windows\SysWOW64\cjpcsc.exe () C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe (Microsoft Corporation) C:\WINDOWS\system32\dashost.exe () C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe (Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe (Soluto) C:\Program Files\Soluto\SolutoService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe (UltraVNC) C:\Program Files\UltraVNC\WinVNC.exe (Xobni Corporation) C:\Program Files (x86)\Xobni\XobniService.exe (Seiko Epson Corporation) C:\WINDOWS\system32\EscSvc64.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (Soluto) C:\Program Files\Soluto\soluto.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA) C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneCmd.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\EPU-6 Engine\SixEngine.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\tv_x64.exe (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (BioWare) C:\Program Files (x86)\Dragon Age\bin_ship\DAUpdaterSvc.Service.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (cFos Software GmbH) C:\Program Files\cFosSpeed\cfosspeed.exe (Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe (Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe (Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe (TrueCrypt Foundation) C:\Program Files\TrueCrypt\TrueCrypt.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Microsoft Corporation) C:\Users\henry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe () C:\Users\henry\moneyplex\mpxalarm.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe (Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler.exe (Raptr, Inc) C:\PROGRA~2\Raptr\raptr.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\GoogleCrashHandler64.exe (Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe (Microsoft Corporation) C:\WINDOWS\WinStore\WSHost.exe (Reasonable Software House Ltd.) C:\Program Files (x86)\Reasonable NoClone 2013\NoClone.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Logitech Inc.) C:\Program Files\Logitech\SetPoint II\SetPointII.exe (Dropbox, Inc.) C:\Users\henry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE (Raptr, Inc) C:\PROGRA~2\Raptr\raptr_im.exe (Analog Devices, Inc.) C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe (ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe (Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe (cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe () C:\Program Files (x86)\Tuso\Fiabee Sync\Fiabee.exe (Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\TurboV\TurboV.exe (Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe (CyberLink Corporation.) C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe (Futuredial Inc.) C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe (Raptr Inc.) C:\Program Files (x86)\Raptr\raptr_ep64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google) C:\Users\henry\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe () C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSService.exe (Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe (UltraVNC) C:\Program Files\UltraVNC\vncviewer.exe (FreeDownloadManager.ORG) C:\Program Files (x86)\Free Download Manager\fdm.exe (Samsung Electronics) C:\Program Files\Samsung\Samsung Link\utils\MetaExtractor.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.) HKLM\...\Run: [Fences] - C:\Program Files (x86)\Stardock\Fences\Fences.exe [3995824 2013-02-14] (Stardock Corporation) HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation) HKLM\...\Run: [IntelliPoint] - C:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation) HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7477016 2013-04-25] (Logitech Inc.) HKLM\...\Run: [SoundMAX] - C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [3866624 2009-05-18] (Analog Devices, Inc.) HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-08-27] (NVIDIA Corporation) HKLM\...\Run: [cFosSpeed] - C:\Program Files\cFosSpeed\cFosSpeed.exe [1587040 2013-04-19] (cFos Software GmbH) HKLM\...\Run: [Samsung Link] - C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-09-23] (Copyright 2013 SAMSUNG) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files\Soluto\soluto.exe /userinit HKCU\...\Run: [D4DD019F40E41690F6DF0D6C69DAE93C752087EE._service_run] - C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.) HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe [578560 2013-05-22] (Samsung Electronics) HKCU\...\Run: [KiesPDLR] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung) HKCU\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564016 2013-07-26] (Samsung) HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company) HKCU\...\Run: [Steam] - C:\Program Files (x86)\Steam\steam.exe [1813928 2013-10-05] (Valve Corporation) HKCU\...\Run: [TrueCrypt] - C:\Program Files\TrueCrypt\TrueCrypt.exe [1516496 2012-05-08] (TrueCrypt Foundation) HKCU\...\Run: [Messenger (Yahoo!)] - C:\PROGRA~2\Yahoo!\MESSEN~1\YAHOOM~1.EXE [6595928 2012-05-25] (Yahoo! Inc.) HKCU\...\Run: [Raptr] - C:\PROGRA~2\Raptr\raptrstub.exe [55360 2013-09-17] (Raptr, Inc) HKCU\...\Run: [SkyDrive] - C:\Users\henry\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [257136 2013-08-14] (Microsoft Corporation) HKCU\...\Run: [Google Update] - C:\Users\henry\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-11-09] (Google Inc.) HKCU\...\Run: [moneyplex Alarm] - C:\Users\henry\moneyplex\mpxalarm HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [19876968 2013-06-21] (Skype Technologies S.A.) HKCU\...\Run: [Reasonable NoClone] - C:\Program Files (x86)\Reasonable NoClone 2013\NoClone.exe [2298880 2013-04-12] (Reasonable Software House Ltd.) HKCU\...\Run: [GoogleChromeAutoLaunch_6409145A4A71BEA61BB52E08FDE70AA2] - C:\Users\henry\AppData\Local\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.) HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [844656 2013-07-26] (Samsung) HKCU\...\Run: [chromium] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [844752 2013-10-03] (Google Inc.) MountPoints2: {6ff9c302-c1e1-11e2-be92-000272a66d56} - "G:\AutoRun.exe" MountPoints2: {b16780b6-a7f3-11e2-be90-000272a66d56} - "E:\AutoRun.exe" MountPoints2: {dffb8163-ed60-11e2-be99-000272a66d56} - "G:\AutoRun.exe" HKLM-x32\...\Run: [SoundMAXPnP] - C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [1310720 2009-06-05] (Analog Devices, Inc.) HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Ai Nap] - C:\Program Files (x86)\ASUS\AI Suite\AiNap\AiNap.exe [1439360 2010-03-10] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.) HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.143.296\AsusWSPanel.exe [740736 2012-08-03] (ASUS Cloud Corporation) HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation) HKLM-x32\...\Run: [BDRegion] - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-18] (cyberlink) HKLM-x32\...\Run: [Cpu Level Up help] - C:\Program Files (x86)\ASUS\AI Suite\CpuLevelUpHelp.exe [887936 2009-12-28] () HKLM-x32\...\Run: [Fiabee] - C:\Program Files (x86)\Tuso\Fiabee Sync\Fiabee.exe [9934032 2012-08-23] () HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-07-26] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [Microsoft Default Manager] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation) HKLM-x32\...\Run: [QFan Help] - C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe [611968 2010-01-13] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.) HKLM-x32\...\Run: [RemoteControl9] - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2009-07-06] (CyberLink Corp.) HKLM-x32\...\Run: [TurboV] - C:\Program Files (x86)\ASUS\TurboV\TurboV.exe [5672576 2010-03-08] (ASUSTeK Computer Inc.) HKLM-x32\...\Run: [UpdatePSTShortCut] - C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2011-03-01] (CyberLink Corp.) HKLM-x32\...\Run: [InstantBurn] - C:\Program Files (x86)\CyberLink\InstantBurn\Win2K\IBurn.exe [697640 2010-02-10] (CyberLink Corporation.) HKLM-x32\...\Run: [DivXMediaServer] - C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2012-11-13] () HKLM-x32\...\Run: [ASUS Sync Loader] - C:\Program Files (x86)\ASUS\ASUS Sync\asusUPCTLoader.exe [638976 2013-03-01] (Futuredial Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192 2013-07-17] (Avira Operations GmbH & Co. KG) HKU\henry.***Domäne***\...\Run: [OfficeSyncProcess] - C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation) HKU\henry.***Domäne***\...\Run: [ROC_JAN2013_TB] - "C:\Program Files (x86)\AVG Secure Search\ROC_JAN2013_TB.exe" /PROMPT /CMPID=JAN2013_TB HKU\henry.***Domäne***\...\Run: [AVG-Secure-Search-Update_JUNE2013_TB] - "C:\Program Files (x86)\AVG Secure Search\AVG-Secure-Search-Update_JUNE2013_TB.exe" /PROMPT /CMPID=JUNE2013_TB HKU\henry.***Domäne***\...\RunOnce: [WindowsAnytimeUpgradeResults.exe] - C:\Windows\System32\WindowsAnytimeUpgradeResults.exe [92672 2012-07-26] (Microsoft Corporation) Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\henry\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) Startup: C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Fences.lnk ShortcutTarget: Fences.lnk -> C:\Program Files (x86)\Stardock\Fences\Fences.exe (Stardock Corporation) Startup: C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass) ==================== Internet (Whitelisted) ==================== ProxyServer: http=172.21.12.12:8123;https=172.21.12.12:8123;socks=127.0.0.1:1080 HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=ie9hp HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.msn.com/?ocid=ie9hp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x65EA2C7711B0CB01 SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} SearchScopes: HKCU - DefaultScope {10A47EA0-714E-499D-BEE0-E616F3123D0C} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de SearchScopes: HKCU - {10A47EA0-714E-499D-BEE0-E616F3123D0C} URL = hxxp://www.google.de/search?q={searchTerms}&rlz=1I7ADFA_de SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKCU - {D392FFEB-8F85-4903-A08D-E1A6E2344844} URL = hxxp://wow.freierbund.de/index.php?pID=16&s={searchTerms}&x=1 BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: af0.Adblock.BHO - {90EFF544-3981-4d46-85C9-C0361D0931D6} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) BHO-x32: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll () BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) BHO-x32: No Name - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - No File BHO-x32: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG) BHO-x32: ReasonableToolbar.ToolbarBHO - {d8961a1e-25db-33c9-a7c9-3d3e3266b5b8} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) BHO-x32: ChromeFrame BHO - {ECB3C477-1A0A-44BD-BB57-78F9EFE34FA7} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.69\npchrome_frame.dll (Google Inc.) Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll (LastPass) Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll () Toolbar: HKLM-x32 - TerraTec Home Cinema - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) Toolbar: HKLM-x32 - ReasonableToolbar - {c9a6357b-25cc-4bcf-96c1-78736985d413} - C:\Windows\\SysWOW64\mscoree.dll (Microsoft Corporation) Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKCU - No Name - {AD6E6555-FB2C-47D4-8339-3E2965509877} - No File Toolbar: HKCU - No Name - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No File DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.de/common/asusTek_sys_ctrl.cab DPF: HKLM-x32 {173D9E48-B527-4AA0-A929-30B446002AA8} hxxp://192.168.123.18/DVRemoteAx.cab DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Handler: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - No File Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: gcf - {9875BFAF-B04D-445E-8A69-BE36838CDE3E} - C:\Program Files (x86)\Google\Chrome Frame\Application\30.0.1599.69\npchrome_frame.dll (Google Inc.) Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\MSDAIPP.DLL (Microsoft Corporation) Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.123.3 FireFox: ======== FF ProfilePath: C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @java.com/DTPlugin,version=10.5.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=10.5.1 - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin: @videolan.org/vlc,version=2.0.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll No File FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.40.2 - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.40.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=1.1.11 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin-x32: samsung.com/SamsungLinkPCPlugin - C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung) FF Plugin HKCU: @Skype.com/Skype Web Plugin - C:\Users\henry\AppData\Local\Skype\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) FF Plugin HKCU: @talk.google.com/O3DPlugin - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\henry\AppData\Local\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\henry\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF SearchPlugin: C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\searchplugins\freier-bund-map--guide.xml FF SearchPlugin: C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\searchplugins\speedydragon.xml FF Extension: Deutsches Wörterbuch - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\de-DE@dictionaries.addons.mozilla.org FF Extension: Виявлення пристроїв Logitech - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\DeviceDetection@logitech.com FF Extension: United States English Spellchecker - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\en-US@dictionaries.addons.mozilla.org FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\fb_add_on@avm.de FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\foxmarks@kei.com FF Extension: LastPass - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\support@lastpass.com FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{3112ca9c-de6d-4884-a869-9855de68056c}-trash FF Extension: Flashblock - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} FF Extension: DownloadHelper - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} FF Extension: checkplaces - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\checkplaces@andyhalford.com.xpi FF Extension: fdm_ffext - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\fdm_ffext@freedownloadmanager.org FF Extension: finder - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\finder@meingutscheincode.de.xpi FF Extension: firefox - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\firefox@ghostery.com.xpi FF Extension: personas - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\personas@christopher.beard.xpi FF Extension: sipgateffx - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\sipgateffx@michael.rotmanov.xpi FF Extension: socialfixer - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\socialfixer@mattkruse.com.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{64161300-e22b-11db-8314-0800200c9a66}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{ba243cb0-b824-4a26-9418-73ee795d9b9d}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi FF Extension: No Name - C:\Users\henry\AppData\Roaming\Mozilla\Firefox\Profiles\9ix7sngy.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ Chrome: ======= CHR HomePage: hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=EEB200FFCD992AA0&affID=121565&tsp=5017 CHR RestoreOnStartup: "hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=EEB200FFCD992AA0&affID=121565&tsp=5017" CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR Plugin: (Shockwave Flash) - C:\Users\henry\AppData\Local\Google\Chrome\Application\29.0.1547.76\PepperFlash\pepflashplayer.dll () CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer CHR Plugin: (Native Client) - C:\Users\henry\AppData\Local\Google\Chrome\Application\29.0.1547.76\ppGoogleNaClPluginChrome.dll () CHR Plugin: (Chrome PDF Viewer) - C:\Users\henry\AppData\Local\Google\Chrome\Application\29.0.1547.76\pdf.dll () CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.) CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc) CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.) CHR Plugin: (QuickTime Plug-in 7.7.1) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.) CHR Plugin: (Free Download Manager Click Catcher Plug-In for Netscape, Opera, Mozilla) - C:\Users\henry\AppData\Local\Google\Chrome\Application\plugins\npfdm.dll (FreeDownloadManager.org) CHR Plugin: (Google Talk Plugin) - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) CHR Plugin: (Google Talk Plugin Video Accelerator) - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\henry\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (AVG SiteSafety plugin) - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\15.4.0\\npsitesafety.dll No File CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) CHR Plugin: (DivX Plus Web Player) - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) CHR Plugin: (Picasa) - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File CHR Plugin: (Java(TM) Platform SE 7 U25) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) CHR Plugin: (Skype Web Plugin) - C:\Users\henry\AppData\Local\Skype\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype) CHR Plugin: (Shockwave Flash) - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll No File CHR Plugin: (Java Deployment Toolkit 7.0.250.17) - C:\WINDOWS\SysWOW64\npDeployJava1.dll (Oracle Corporation) CHR Extension: (Skype Click to Call) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0 CHR Extension: (DivX Plus Web Player HTML5 \u003Cvideo\u003E) - C:\Users\henry\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0 CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx ==================== Services (Whitelisted) ================= R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY) R2 AEADIFilters; C:\Windows\system32\AEADISRV.EXE [111616 2009-06-05] (Andrea Electronics Corporation) R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.18\AllShareFrameworkManagerDMS.exe [404360 2013-09-10] (Samsung) R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024 2013-07-17] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088 2013-07-17] (Avira Operations GmbH & Co. KG) S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [815160 2013-08-09] (Avira Operations GmbH & Co. KG) R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] () R2 cFosSpeedS; C:\Program Files\cFosSpeed\spd.exe [480096 2013-04-19] (cFos Software GmbH) R2 cjpcsc; C:\Windows\SysWOW64\cjpcsc.exe [511920 2011-07-22] (REINER SCT) S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-18] (CyberLink) R2 DirMngr; C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe [221696 2012-05-02] () R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation) R2 GJService; C:\Program Files (x86)\SlySoft\Game Jackal v4\Server.exe [3031624 2010-12-05] () R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation) R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation) R2 MSMQ; C:\Windows\system32\mqsvc.exe [25088 2012-07-26] (Microsoft Corporation) R2 nTuneService; C:\Program Files (x86)\NVIDIA Corporation\nTune\nTuneService.exe [276584 2010-03-22] (NVIDIA) R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14997280 2013-08-27] (NVIDIA Corporation) R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-09-23] (Copyright 2013 SAMSUNG) R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [159800 2012-10-28] (Soluto) R2 UpdateCenterService; C:\Program Files (x86)\NVIDIA Corporation\System Update\UpdateCenterService.exe [282728 2009-11-06] (NVIDIA) R2 uvnc_service; C:\Program Files\UltraVNC\WinVNC.exe [1907656 2010-11-28] (UltraVNC) R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [471552 2012-07-26] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-07-02] (Microsoft Corporation) R2 XobniService; C:\Program Files (x86)\Xobni\XobniService.exe [62184 2012-01-20] (Xobni Corporation) S2 SplashtopRemoteService; "C:\Program Files (x86)\Splashtop\Splashtop Remote\SERVER\SRService.exe" [x] ==================== Drivers (Whitelisted) ==================== R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-04] () R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2009-12-05] () R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105344 2013-08-22] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132088 2013-07-15] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2013-02-26] (Avira Operations GmbH & Co. KG) S3 cjusb; C:\Windows\system32\DRIVERS\cjusb.sys [34672 2011-03-29] (REINER SCT) R1 CLBStor; C:\Windows\System32\Drivers\CLBStor.sys [24560 2009-10-07] (Cyberlink Co.,Ltd.) R2 CLBUDF; C:\Windows\System32\Drivers\CLBUDF.sys [376304 2009-10-07] (CyberLink Corporation.) R0 hotcore3; C:\Windows\System32\DRIVERS\hotcore3.sys [37392 2009-11-26] (Paragon Software Group) R3 LGSHidFilt; C:\Windows\system32\DRIVERS\LGSHidFilt.Sys [66800 2013-01-17] (Logitech Inc.) R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2009-12-05] () R3 Maplom; C:\Windows\System32\Drivers\Maplom.sys [33864 2010-12-05] (SlySoft Inc.) R3 MaplomL; C:\Windows\System32\Drivers\MaplomL.sys [58440 2010-12-05] (SlySoft Inc.) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation) R3 MQAC; C:\Windows\System32\drivers\mqac.sys [185856 2012-07-26] (Microsoft Corporation) R3 MTsensor; C:\Windows\system32\DRIVERS\ASACPI.sys [15416 2009-07-16] () R0 mv61xx; C:\Windows\System32\drivers\mv61xx.sys [178728 2009-05-12] (Marvell Semiconductor, Inc.) R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.) R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [39200 2013-08-20] (NVIDIA Corporation) S3 ogtap100; C:\Windows\system32\DRIVERS\ogtap100.sys [36736 2013-04-03] (The OpenVPN Project) S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [203672 2013-06-21] (DEVGURU Co., LTD.(www.devguru.co.kr)) R3 sthid; C:\Windows\System32\drivers\sthid.sys [21216 2013-04-01] (Splashtop Inc.) S3 usbrndis6; C:\Windows\system32\DRIVERS\usb80236.sys [20992 2013-02-12] (Microsoft Corporation) R0 vidsflt53; C:\Windows\System32\DRIVERS\vsflt53.sys [141920 2012-10-26] (Acronis) R0 vsock; C:\Windows\System32\drivers\vsock.sys [70296 2012-10-24] (VMware, Inc.) R3 yukonw8; C:\Windows\system32\DRIVERS\yk63x64.sys [295792 2012-10-02] (Marvell) R3 cpuz135; \??\C:\WINDOWS\TEMP\cpuz135\cpuz135_x64.sys [x] S3 hwdatacard; \SystemRoot\system32\DRIVERS\ewusbmdm.sys [x] U3 idsvc; U5 TMUSB; C:\Windows\System32\DRIVERS\TMUSB64.SYS [63096 2013-06-06] (Seiko Epson Corporation) ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-10-14 10:58 - 2013-10-14 10:58 - 00000000 _____ C:\Users\henry\defogger_reenable 2013-10-14 10:48 - 2013-10-14 10:48 - 01954124 _____ (Farbar) C:\Users\henry\Desktop\FRST64.exe 2013-10-14 10:45 - 2013-10-14 10:45 - 00050477 _____ C:\Users\henry\Desktop\Defogger.exe 2013-10-14 09:58 - 2013-10-14 09:58 - 100838232 _____ C:\WINDOWS\SysWOW64\跶擡炜ĩ 2013-10-14 09:57 - 2013-10-14 09:57 - 00000022 _____ C:\WINDOWS\S.dirmngr 2013-10-14 09:05 - 2013-08-10 07:21 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2013-10-14 09:05 - 2013-08-10 07:21 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll 2013-10-14 09:05 - 2013-08-10 05:58 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2013-10-14 09:05 - 2013-08-03 08:40 - 01374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdc.dll 2013-10-14 09:05 - 2013-08-03 08:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wvc.dll 2013-10-14 09:05 - 2013-08-03 08:40 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmon.ocx 2013-10-14 09:05 - 2013-08-03 07:14 - 00399360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sysmon.ocx 2013-10-14 09:05 - 2013-08-03 07:13 - 01245696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdc.dll 2013-10-14 09:05 - 2013-08-03 07:13 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wvc.dll 2013-10-14 09:05 - 2013-08-02 08:28 - 19758080 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2013-10-14 09:05 - 2013-08-02 08:28 - 10116608 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2013-10-14 09:05 - 2013-08-02 08:28 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll 2013-10-14 09:05 - 2013-08-02 08:26 - 02304512 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2013-10-14 09:05 - 2013-08-02 07:08 - 17561088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2013-10-14 09:05 - 2013-08-02 07:08 - 08858112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2013-10-14 09:05 - 2013-08-02 07:08 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll 2013-10-14 09:05 - 2013-08-02 07:06 - 02035712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2013-10-14 09:05 - 2013-08-01 12:41 - 02233688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2013-10-14 09:05 - 2013-07-31 01:30 - 00386923 _____ C:\WINDOWS\system32\ApnDatabase.xml 2013-10-14 09:05 - 2013-07-25 01:10 - 00158208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll 2013-10-14 09:05 - 2013-07-25 01:06 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll 2013-10-14 09:05 - 2013-07-13 08:15 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\appmgr.dll 2013-10-14 09:05 - 2013-07-13 06:23 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll 2013-10-14 09:05 - 2013-04-10 01:17 - 01125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2013-10-14 09:05 - 2013-04-10 00:29 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll 2013-10-11 19:05 - 2013-09-23 01:28 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-10-11 19:05 - 2013-09-23 01:28 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-10-11 19:05 - 2013-09-23 01:27 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-10-11 19:05 - 2013-09-23 01:27 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-10-11 19:05 - 2013-09-23 01:27 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-10-11 19:05 - 2013-09-23 01:27 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-10-11 19:05 - 2013-09-23 01:27 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-10-11 19:05 - 2013-09-23 01:27 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-10-11 19:05 - 2013-09-23 00:55 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-10-11 19:05 - 2013-09-23 00:55 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-10-11 19:05 - 2013-09-23 00:55 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-10-11 19:05 - 2013-09-23 00:54 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-10-11 19:05 - 2013-09-23 00:54 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-10-11 19:05 - 2013-09-23 00:54 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-10-11 19:05 - 2013-09-23 00:54 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-10-11 19:05 - 2013-09-23 00:54 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-10-11 19:05 - 2013-09-23 00:54 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-10-11 19:05 - 2013-05-16 00:37 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll 2013-10-11 19:05 - 2013-05-16 00:35 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll 2013-10-11 19:05 - 2013-05-14 15:14 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb 2013-10-11 19:05 - 2013-05-14 11:23 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb 2013-10-11 19:05 - 2013-04-29 00:28 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll 2013-10-11 19:05 - 2013-02-21 12:29 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll 2013-10-11 19:05 - 2013-02-21 12:29 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2013-10-11 19:05 - 2013-02-21 12:29 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2013-10-11 19:05 - 2013-02-21 12:29 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2013-10-11 19:05 - 2013-02-21 12:14 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll 2013-10-11 19:05 - 2013-02-21 12:14 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2013-10-11 19:05 - 2013-02-19 11:53 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll 2013-10-11 19:05 - 2012-11-08 06:20 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2013-10-11 19:05 - 2012-11-08 06:20 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2013-10-11 19:04 - 2013-07-06 02:15 - 00652288 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll 2013-10-11 19:04 - 2013-07-04 04:13 - 00541696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comctl32.dll 2013-10-11 18:57 - 2013-08-23 07:11 - 04040192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2013-10-11 18:57 - 2013-07-20 00:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 18:57 - 2013-07-20 00:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2013-10-11 18:57 - 2013-07-06 00:02 - 00121984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBAUDIO.sys 2013-10-11 18:57 - 2013-07-06 00:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys 2013-10-11 18:57 - 2013-07-02 03:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2013-10-11 18:57 - 2013-07-02 03:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2013-10-11 18:57 - 2013-07-02 03:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS 2013-10-11 18:57 - 2013-07-02 00:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys 2013-10-11 18:57 - 2013-07-01 03:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys 2013-10-11 18:57 - 2013-07-01 03:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys 2013-10-11 18:57 - 2013-07-01 03:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys 2013-10-11 18:57 - 2013-07-01 03:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys 2013-10-11 18:57 - 2013-06-29 05:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys 2013-10-11 18:57 - 2013-06-29 05:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2013-10-11 18:57 - 2013-06-29 05:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys 2013-10-11 18:57 - 2013-06-29 05:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys 2013-10-11 18:57 - 2013-06-22 07:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys 2013-10-11 18:57 - 2013-06-22 07:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys 2013-10-11 18:57 - 2013-05-27 01:17 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2013-10-11 18:57 - 2013-05-27 00:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2013-10-11 18:57 - 2013-05-25 05:15 - 00362496 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2013-10-11 18:57 - 2013-05-25 04:32 - 00300032 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2013-10-08 19:30 - 2013-10-08 19:31 - 00001300 _____ C:\WINDOWS\system32\TeamViewer8_Hooks.log 2013-10-08 18:58 - 2013-10-08 18:58 - 00000000 ____D C:\Users\henry\AppData\Roaming\Avira 2013-10-08 18:54 - 2013-10-08 18:54 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2013-10-08 18:52 - 2013-10-08 18:52 - 00002038 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\ProgramData\Avira 2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\Program Files (x86)\Avira 2013-10-08 18:52 - 2013-08-22 17:51 - 00105344 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2013-10-08 18:52 - 2013-07-15 16:08 - 00132088 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2013-10-08 18:52 - 2013-02-26 16:56 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys 2013-10-02 11:05 - 2013-10-02 11:05 - 00067181 _____ C:\Users\henry\Desktop\JRT.txt 2013-10-02 11:01 - 2013-10-02 11:01 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-01 19:04 - 2013-10-01 19:07 - 00000000 ____D C:\AdwCleaner 2013-10-01 19:04 - 2013-10-01 19:04 - 01045226 _____ C:\Users\henry\Downloads\adwcleaner.exe 2013-10-01 18:39 - 2013-10-01 18:39 - 00081335 _____ C:\Users\henry\Downloads\FRST.txt 2013-10-01 18:38 - 2013-10-01 18:39 - 00064453 _____ C:\Users\henry\Downloads\Addition.txt 2013-10-01 18:36 - 2013-10-01 18:36 - 01953880 _____ (Farbar) C:\Users\henry\Downloads\FRST64.exe 2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\FRST 2013-10-01 12:52 - 2013-10-01 12:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-01 12:51 - 2013-10-01 12:51 - 00002105 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2013-10-01 12:47 - 2013-09-12 10:58 - 22102304 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 11274528 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys 2013-10-01 12:47 - 2013-09-12 10:58 - 09281032 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 07720576 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 07648000 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 06329552 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 02970400 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 02789152 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 02367264 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvenc.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 02007328 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvenc.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 01884448 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6432723.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 01511712 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6432723.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 00681760 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 00603424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 00586016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll 2013-10-01 12:47 - 2013-09-12 10:58 - 00515360 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll 2013-10-01 12:47 - 2013-08-20 15:33 - 00039200 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvvad64v.sys 2013-10-01 12:47 - 2013-08-20 15:32 - 00029984 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvaudcap64v.dll 2013-10-01 12:47 - 2013-08-20 15:32 - 00028448 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvaudcap32v.dll 2013-10-01 12:46 - 2013-09-12 10:58 - 25256224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcompiler.dll 2013-10-01 12:46 - 2013-09-12 10:58 - 17560352 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcompiler.dll 2013-10-01 12:42 - 2013-10-01 12:42 - 00000000 ____D C:\NVIDIA 2013-10-01 09:55 - 2013-10-01 09:55 - 00000000 ____D C:\Users\henry\Desktop\rkill 2013-10-01 09:54 - 2013-10-01 09:57 - 00002792 _____ C:\Users\henry\Desktop\Rkill.txt 2013-10-01 09:53 - 2013-10-01 09:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\henry\Downloads\rkill.com 2013-09-30 16:29 - 2013-09-30 16:29 - 00002410 _____ C:\Users\Public\Desktop\Bitvise SSH Client.lnk 2013-09-30 16:29 - 2013-09-30 16:29 - 00000000 ____D C:\Program Files (x86)\Bitvise SSH Client 2013-09-30 16:28 - 2013-09-30 16:29 - 07304920 _____ C:\Users\henry\Downloads\BvSshClient-Inst.exe 2013-09-27 17:51 - 2013-09-30 17:16 - 00010662 _____ C:\Users\henry\Documents\fingPersist.tmp 2013-09-27 17:51 - 2013-09-27 23:11 - 00009116 _____ C:\Users\henry\Documents\Fing.html 2013-09-27 16:47 - 2013-09-27 16:47 - 00000000 ____D C:\Users\henry\AppData\Roaming\Overlook 2013-09-27 16:46 - 2013-09-27 16:46 - 03165917 _____ C:\Users\henry\Downloads\overlook-fing-2.2.exe 2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\ProgramData\Overlook 2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\Program Files (x86)\Overlook Fing 2.2 2013-09-27 10:00 - 2013-10-14 09:58 - 00162649 _____ C:\WINDOWS\setupact.log 2013-09-27 10:00 - 2013-09-27 10:00 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-09-27 09:59 - 2013-10-14 09:55 - 00115614 _____ C:\WINDOWS\PFRO.log 2013-09-27 09:28 - 2013-09-27 09:28 - 00000000 ____D C:\Users\henry\AppData\Local\avgchrome 2013-09-27 08:44 - 2013-09-27 08:44 - 00031107 _____ C:\Users\henry\Downloads\crunchbang-11-20130506-i486.iso.torrent 2013-09-26 17:35 - 2013-09-26 17:35 - 00001081 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-26 17:35 - 2013-09-26 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-26 17:35 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2013-09-26 17:11 - 2013-09-26 17:11 - 00000000 ____D C:\Users\henry\Documents\Egosoft 2013-09-26 16:52 - 2013-09-26 16:53 - 00018473 _____ C:\WINDOWS\DirectX.log 2013-09-26 16:19 - 2013-09-26 16:20 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\henry\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-26 11:02 - 2013-09-26 11:45 - 832569344 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-i386.iso 2013-09-26 09:39 - 2013-09-26 10:21 - 823132160 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-amd64.iso 2013-09-25 14:53 - 2013-09-25 14:53 - 01111358 _____ C:\Users\henry\Downloads\DualBootUtilities-1.0.1.zip 2013-09-25 14:52 - 2013-09-25 14:53 - 06687638 _____ C:\Users\henry\Downloads\DualBootPatcher-1.9.zip 2013-09-25 11:54 - 2013-09-25 11:54 - 00447201 _____ C:\Users\henry\Downloads\DualBootSwitcher-1.0.apk 2013-09-24 15:43 - 2013-09-24 15:47 - 91155016 _____ (Copyright 2013 SAMSUNG) C:\Users\henry\Downloads\SamsungLink_Installer64.exe 2013-09-24 11:53 - 2013-09-24 11:53 - 00176719 _____ C:\Users\henry\Downloads\CCEnhancer-3.8-multilanguage.zip 2013-09-24 11:43 - 2013-09-24 11:43 - 00000000 ____D C:\ProgramData\Oracle 2013-09-24 11:41 - 2013-09-24 11:41 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-24 11:00 - 2013-09-24 11:00 - 00776040 _____ C:\Users\henry\Documents\cc_20130924_110035.reg 2013-09-23 08:51 - 2013-09-23 08:52 - 00000000 ____D C:\Users\henry\Downloads\Odin3-v3.09 2013-09-23 08:51 - 2013-09-23 08:51 - 00820100 _____ C:\Users\henry\Downloads\Odin3-v3.09.rar 2013-09-20 07:30 - 2013-09-20 07:30 - 00000222 _____ C:\Users\henry\Desktop\X3 Albion Prelude.url 2013-09-20 07:30 - 2013-09-20 07:30 - 00000220 _____ C:\Users\henry\Desktop\X3 Terran Conflict.url 2013-09-20 07:30 - 2013-09-20 07:30 - 00000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Roaming\MusicBrainz 2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Local\cache 2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Program Files (x86)\MusicBrainz Picard ==================== One Month Modified Files and Folders ======= 2013-10-14 11:51 - 2010-01-23 13:07 - 00000000 ____D C:\Users\henry\AppData\Roaming\Free Download Manager 2013-10-14 11:50 - 2012-10-30 14:23 - 01257676 _____ C:\WINDOWS\WindowsUpdate.log 2013-10-14 11:50 - 2010-03-06 17:44 - 00000000 ____D C:\Users\henry\AppData\Roaming\Skype 2013-10-14 11:43 - 2009-11-22 01:02 - 00003942 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{10275E3E-1283-4D8C-AB6E-ACF96EB5F677} 2013-10-14 11:30 - 2012-05-11 09:50 - 00000000 ____D C:\Users\henry\AppData\Roaming\Dropbox 2013-10-14 11:30 - 2012-04-10 09:22 - 00000884 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2013-10-14 11:24 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\rescache 2013-10-14 11:06 - 2009-11-22 02:08 - 00001108 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2013-10-14 11:00 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\sru 2013-10-14 10:58 - 2013-10-14 10:58 - 00000000 _____ C:\Users\henry\defogger_reenable 2013-10-14 10:58 - 2012-11-09 12:28 - 00001144 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001UA.job 2013-10-14 10:58 - 2012-10-30 13:54 - 00000000 ____D C:\Users\henry 2013-10-14 10:58 - 2010-01-23 13:07 - 00000000 ____D C:\Program Files (x86)\Free Download Manager 2013-10-14 10:48 - 2013-10-14 10:48 - 01954124 _____ (Farbar) C:\Users\henry\Desktop\FRST64.exe 2013-10-14 10:45 - 2013-10-14 10:45 - 00050477 _____ C:\Users\henry\Desktop\Defogger.exe 2013-10-14 10:45 - 2010-01-24 12:29 - 00000000 ____D C:\Users\henry\Documents\Outlook-Dateien 2013-10-14 10:41 - 2012-02-28 15:28 - 00000000 ____D C:\Users\henry\AppData\Roaming\Fiabee 2013-10-14 10:06 - 2012-10-15 19:18 - 00001914 _____ C:\Users\henry\Desktop\MySyncFolder.lnk 2013-10-14 10:06 - 2012-10-15 11:16 - 00000000 ____D C:\Users\henry\AppData\Roaming\ASUS WebStorage 2013-10-14 10:05 - 2012-08-10 13:55 - 00000000 ____D C:\Users\henry\AppData\Roaming\Raptr 2013-10-14 10:05 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\AUInstallAgent 2013-10-14 10:04 - 2012-05-11 09:53 - 00000000 ___RD C:\Users\henry\Dropbox 2013-10-14 10:03 - 2012-10-31 09:39 - 00000000 ___RD C:\Users\henry\SkyDrive 2013-10-14 10:03 - 2012-08-20 10:21 - 00000000 ____D C:\Program Files (x86)\Steam 2013-10-14 10:01 - 2009-11-21 09:26 - 00000000 ___RD C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2013-10-14 10:01 - 2009-11-21 09:26 - 00000000 ___RD C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools 2013-10-14 10:00 - 2013-06-03 17:24 - 00000388 _____ C:\WINDOWS\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job 2013-10-14 10:00 - 2013-01-24 11:12 - 00000392 _____ C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job 2013-10-14 10:00 - 2009-11-22 02:08 - 00001104 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2013-10-14 09:59 - 2011-09-20 21:35 - 00000000 ____D C:\ProgramData\VMware 2013-10-14 09:58 - 2013-10-14 09:58 - 100838232 _____ C:\WINDOWS\SysWOW64\跶擡炜ĩ 2013-10-14 09:58 - 2013-09-27 10:00 - 00162649 _____ C:\WINDOWS\setupact.log 2013-10-14 09:58 - 2009-11-24 00:18 - 00000175 ___SH C:\ProgramData\.zreglib 2013-10-14 09:57 - 2013-10-14 09:57 - 00000022 _____ C:\WINDOWS\S.dirmngr 2013-10-14 09:57 - 2012-07-26 09:22 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2013-10-14 09:57 - 2012-01-24 19:34 - 00000152 _____ C:\WINDOWS\system32\config\netlogon.ftl 2013-10-14 09:57 - 2009-11-22 01:12 - 00000000 ____D C:\ProgramData\NVIDIA 2013-10-14 09:55 - 2013-09-27 09:59 - 00115614 _____ C:\WINDOWS\PFRO.log 2013-10-14 09:55 - 2012-01-30 11:51 - 00000000 ____D C:\Program Files\Microsoft Silverlight 2013-10-14 09:55 - 2009-11-22 08:33 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight 2013-10-14 09:53 - 2012-07-26 07:26 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2013-10-14 09:52 - 2012-07-26 10:12 - 00000000 ___RD C:\WINDOWS\ToastData 2013-10-14 08:53 - 2012-05-11 09:52 - 00000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2013-10-11 19:19 - 2009-11-22 10:15 - 00000000 ____D C:\ProgramData\Microsoft Help 2013-10-11 19:18 - 2013-08-15 03:14 - 00000000 ____D C:\WINDOWS\system32\MRT 2013-10-11 19:10 - 2009-11-22 02:16 - 80541720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2013-10-08 22:02 - 2009-11-22 02:08 - 00004080 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2013-10-08 22:00 - 2009-11-22 02:08 - 00003844 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2013-10-08 20:31 - 2012-04-10 09:22 - 00003796 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater 2013-10-08 19:31 - 2013-10-08 19:30 - 00001300 _____ C:\WINDOWS\system32\TeamViewer8_Hooks.log 2013-10-08 19:30 - 2013-01-29 12:04 - 00001058 _____ C:\Users\Public\Desktop\TeamViewer 8.lnk 2013-10-08 18:58 - 2013-10-08 18:58 - 00000000 ____D C:\Users\henry\AppData\Roaming\Avira 2013-10-08 18:54 - 2013-10-08 18:54 - 00082136 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys 2013-10-08 18:52 - 2013-10-08 18:52 - 00002038 _____ C:\Users\Public\Desktop\Avira Control Center.lnk 2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\ProgramData\Avira 2013-10-08 18:52 - 2013-10-08 18:52 - 00000000 ____D C:\Program Files (x86)\Avira 2013-10-08 16:58 - 2012-11-09 12:28 - 00001092 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001Core.job 2013-10-08 16:53 - 2012-11-09 12:28 - 00004094 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001UA 2013-10-08 16:53 - 2012-11-09 12:28 - 00003714 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-2924421799-2045358301-2701136695-1001Core 2013-10-07 17:59 - 2009-11-24 00:18 - 00000000 ____D C:\ProgramData\SlySoft 2013-10-07 16:05 - 2012-07-26 10:12 - 00000000 ____D C:\WINDOWS\system32\NDF 2013-10-07 09:15 - 2012-08-13 14:24 - 00000000 ____D C:\Users\henry\AppData\Roaming\TeamViewer 2013-10-04 17:44 - 2012-11-09 12:30 - 00002379 _____ C:\Users\henry\Desktop\Google Chrome.lnk 2013-10-02 11:05 - 2013-10-02 11:05 - 00067181 _____ C:\Users\henry\Desktop\JRT.txt 2013-10-02 11:01 - 2013-10-02 11:01 - 00000000 ____D C:\WINDOWS\ERUNT 2013-10-02 03:38 - 2013-05-21 08:43 - 00694232 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2013-10-02 03:38 - 2013-05-21 08:43 - 00078296 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2013-10-01 19:07 - 2013-10-01 19:04 - 00000000 ____D C:\AdwCleaner 2013-10-01 19:04 - 2013-10-01 19:04 - 01045226 _____ C:\Users\henry\Downloads\adwcleaner.exe 2013-10-01 18:39 - 2013-10-01 18:39 - 00081335 _____ C:\Users\henry\Downloads\FRST.txt 2013-10-01 18:39 - 2013-10-01 18:38 - 00064453 _____ C:\Users\henry\Downloads\Addition.txt 2013-10-01 18:36 - 2013-10-01 18:36 - 01953880 _____ (Farbar) C:\Users\henry\Downloads\FRST64.exe 2013-10-01 18:36 - 2013-10-01 18:36 - 00000000 ____D C:\FRST 2013-10-01 18:36 - 2012-07-26 07:37 - 00000000 __RHD C:\Users\Default 2013-10-01 18:19 - 2012-04-19 16:59 - 00000000 ____D C:\Users\henry\AppData\Roaming\gnupg 2013-10-01 15:22 - 2012-07-26 10:12 - 00000000 __RHD C:\Users\Public\Libraries 2013-10-01 12:53 - 2012-10-30 13:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation 2013-10-01 12:53 - 2009-11-22 01:12 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation 2013-10-01 12:52 - 2013-10-01 12:52 - 00000000 ____D C:\Program Files (x86)\AGEIA Technologies 2013-10-01 12:52 - 2012-10-30 13:11 - 00000000 ____D C:\Program Files\NVIDIA Corporation 2013-10-01 12:51 - 2013-10-01 12:51 - 00002105 _____ C:\Users\Public\Desktop\3D Vision Photo Viewer.lnk 2013-10-01 12:42 - 2013-10-01 12:42 - 00000000 ____D C:\NVIDIA 2013-10-01 09:57 - 2013-10-01 09:54 - 00002792 _____ C:\Users\henry\Desktop\Rkill.txt 2013-10-01 09:55 - 2013-10-01 09:55 - 00000000 ____D C:\Users\henry\Desktop\rkill 2013-10-01 09:53 - 2013-10-01 09:53 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\henry\Downloads\rkill.com 2013-09-30 17:16 - 2013-09-27 17:51 - 00010662 _____ C:\Users\henry\Documents\fingPersist.tmp 2013-09-30 16:36 - 2009-08-25 12:00 - 00000000 ___RD C:\Users\henry\Downloads\Software 2013-09-30 16:29 - 2013-09-30 16:29 - 00002410 _____ C:\Users\Public\Desktop\Bitvise SSH Client.lnk 2013-09-30 16:29 - 2013-09-30 16:29 - 00000000 ____D C:\Program Files (x86)\Bitvise SSH Client 2013-09-30 16:29 - 2013-09-30 16:28 - 07304920 _____ C:\Users\henry\Downloads\BvSshClient-Inst.exe 2013-09-30 08:54 - 2009-11-21 11:20 - 00000000 ____D C:\Users\henry\AppData\Roaming\Mozilla 2013-09-27 23:11 - 2013-09-27 17:51 - 00009116 _____ C:\Users\henry\Documents\Fing.html 2013-09-27 18:34 - 2012-10-30 14:48 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2924421799-2045358301-2701136695-1001 2013-09-27 17:46 - 2012-05-21 12:12 - 00000000 ____D C:\Users\henry\AppData\Roaming\Notepad++ 2013-09-27 16:47 - 2013-09-27 16:47 - 00000000 ____D C:\Users\henry\AppData\Roaming\Overlook 2013-09-27 16:46 - 2013-09-27 16:46 - 03165917 _____ C:\Users\henry\Downloads\overlook-fing-2.2.exe 2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\ProgramData\Overlook 2013-09-27 16:46 - 2013-09-27 16:46 - 00000000 ____D C:\Program Files (x86)\Overlook Fing 2.2 2013-09-27 10:36 - 2012-08-10 13:55 - 00000000 ____D C:\Program Files (x86)\Raptr 2013-09-27 10:29 - 2012-10-30 14:39 - 00000000 ____D C:\Users\henry\AppData\Local\Packages 2013-09-27 10:00 - 2013-09-27 10:00 - 00000000 _____ C:\WINDOWS\setuperr.log 2013-09-27 09:28 - 2013-09-27 09:28 - 00000000 ____D C:\Users\henry\AppData\Local\avgchrome 2013-09-27 08:44 - 2013-09-27 08:44 - 00031107 _____ C:\Users\henry\Downloads\crunchbang-11-20130506-i486.iso.torrent 2013-09-26 17:37 - 2013-01-11 12:53 - 00001085 _____ C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk 2013-09-26 17:35 - 2013-09-26 17:35 - 00001081 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2013-09-26 17:35 - 2013-09-26 17:35 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-09-26 17:11 - 2013-09-26 17:11 - 00000000 ____D C:\Users\henry\Documents\Egosoft 2013-09-26 16:53 - 2013-09-26 16:52 - 00018473 _____ C:\WINDOWS\DirectX.log 2013-09-26 16:50 - 2012-05-24 18:43 - 00000000 ____D C:\Users\henry\Documents\MailStore Home 2013-09-26 16:50 - 2012-05-24 18:43 - 00000000 ____D C:\ProgramData\firebird 2013-09-26 16:20 - 2013-09-26 16:19 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\henry\Downloads\mbam-setup-1.75.0.1300.exe 2013-09-26 16:02 - 2009-11-22 02:17 - 00001837 _____ C:\Users\Public\Desktop\ImgBurn.lnk 2013-09-26 11:45 - 2013-09-26 11:02 - 832569344 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-i386.iso 2013-09-26 10:21 - 2013-09-26 09:39 - 823132160 _____ C:\Users\henry\Downloads\ubuntu-13.04-desktop-amd64.iso 2013-09-25 14:53 - 2013-09-25 14:53 - 01111358 _____ C:\Users\henry\Downloads\DualBootUtilities-1.0.1.zip 2013-09-25 14:53 - 2013-09-25 14:52 - 06687638 _____ C:\Users\henry\Downloads\DualBootPatcher-1.9.zip 2013-09-25 11:54 - 2013-09-25 11:54 - 00447201 _____ C:\Users\henry\Downloads\DualBootSwitcher-1.0.apk 2013-09-24 15:47 - 2013-09-24 15:43 - 91155016 _____ (Copyright 2013 SAMSUNG) C:\Users\henry\Downloads\SamsungLink_Installer64.exe 2013-09-24 11:53 - 2013-09-24 11:53 - 00176719 _____ C:\Users\henry\Downloads\CCEnhancer-3.8-multilanguage.zip 2013-09-24 11:43 - 2013-09-24 11:43 - 00000000 ____D C:\ProgramData\Oracle 2013-09-24 11:41 - 2013-09-24 11:41 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe 2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe 2013-09-24 11:41 - 2013-09-24 11:41 - 00175016 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe 2013-09-24 11:41 - 2013-07-08 15:10 - 00096168 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2013-09-24 11:41 - 2012-07-08 13:46 - 00868264 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npdeployJava1.dll 2013-09-24 11:41 - 2010-04-24 16:47 - 00790440 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll 2013-09-24 11:36 - 2013-09-05 09:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird 2013-09-24 11:36 - 2013-08-15 15:07 - 00000000 ____D C:\Program Files (x86)\K-Lite Codec Pack 2013-09-24 11:36 - 2013-03-06 10:31 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2013-09-24 11:36 - 2012-11-21 04:24 - 00000000 ____D C:\WINDOWS\Minidump 2013-09-24 11:36 - 2012-10-29 20:05 - 00000000 ____D C:\WINDOWS\Panther 2013-09-24 11:36 - 2011-09-23 08:02 - 00000000 ____D C:\Users\henry\AppData\Local\VMware 2013-09-24 11:36 - 2011-07-20 21:37 - 00000000 ____D C:\Users\henry\AppData\Local\Downloaded Installations 2013-09-24 11:36 - 2010-04-16 22:07 - 00000000 ____D C:\Users\henry\AppData\Roaming\inkscape 2013-09-24 11:36 - 2010-04-10 03:34 - 00000000 ____D C:\Users\henry\AppData\Local\Paint.NET 2013-09-24 11:36 - 2009-11-22 02:09 - 00000000 ____D C:\ProgramData\Skype 2013-09-24 11:36 - 2009-06-19 23:01 - 00000000 ____D C:\Users\henry\Tracing 2013-09-24 11:09 - 2009-11-24 10:17 - 00000000 ____D C:\Program Files (x86)\CCleaner 2013-09-24 11:00 - 2013-09-24 11:00 - 00776040 _____ C:\Users\henry\Documents\cc_20130924_110035.reg 2013-09-24 10:09 - 2011-01-30 20:39 - 00001732 _____ C:\Users\Public\Desktop\Defraggler.lnk 2013-09-24 10:09 - 2010-01-18 07:51 - 00000000 ____D C:\Program Files\Defraggler 2013-09-24 09:26 - 2011-01-28 09:20 - 00000989 _____ C:\Users\Public\Desktop\CCleaner.lnk 2013-09-23 08:52 - 2013-09-23 08:51 - 00000000 ____D C:\Users\henry\Downloads\Odin3-v3.09 2013-09-23 08:51 - 2013-09-23 08:51 - 00820100 _____ C:\Users\henry\Downloads\Odin3-v3.09.rar 2013-09-23 01:28 - 2013-10-11 19:05 - 01767936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2013-09-23 01:28 - 2013-10-11 19:05 - 01141248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2013-09-23 01:27 - 2013-10-11 19:05 - 14335488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2013-09-23 01:27 - 2013-10-11 19:05 - 13761024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2013-09-23 01:27 - 2013-10-11 19:05 - 02876928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2013-09-23 01:27 - 2013-10-11 19:05 - 02048512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2013-09-23 01:27 - 2013-10-11 19:05 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2013-09-23 01:27 - 2013-10-11 19:05 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2013-09-23 00:55 - 2013-10-11 19:05 - 02241024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2013-09-23 00:55 - 2013-10-11 19:05 - 01365504 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2013-09-23 00:55 - 2013-10-11 19:05 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2013-09-23 00:54 - 2013-10-11 19:05 - 19252224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2013-09-23 00:54 - 2013-10-11 19:05 - 15404544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2013-09-23 00:54 - 2013-10-11 19:05 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2013-09-23 00:54 - 2013-10-11 19:05 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2013-09-23 00:54 - 2013-10-11 19:05 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2013-09-23 00:54 - 2013-10-11 19:05 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2013-09-20 07:30 - 2013-09-20 07:30 - 00000222 _____ C:\Users\henry\Desktop\X3 Albion Prelude.url 2013-09-20 07:30 - 2013-09-20 07:30 - 00000220 _____ C:\Users\henry\Desktop\X3 Terran Conflict.url 2013-09-20 07:30 - 2013-09-20 07:30 - 00000000 ____D C:\Users\henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam 2013-09-19 23:12 - 2013-02-25 20:02 - 00000000 ____D C:\Program Files\Kyocera 2013-09-18 15:38 - 2013-03-18 11:36 - 00000953 _____ C:\Users\Public\Desktop\Last.fm Scrobbler.lnk 2013-09-18 15:38 - 2011-10-01 14:20 - 00000000 ____D C:\Program Files (x86)\Last.fm 2013-09-18 15:36 - 2013-03-18 12:05 - 00000000 ____D C:\Users\henry\AppData\Roaming\foobar2000 2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Roaming\MusicBrainz 2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Users\henry\AppData\Local\cache 2013-09-18 10:16 - 2013-09-18 10:16 - 00000000 ____D C:\Program Files (x86)\MusicBrainz Picard 2013-09-18 09:51 - 2012-06-06 11:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service Some content of TEMP: ==================== C:\Users\henry\AppData\Local\Temp\i4jdel0.exe C:\Users\henry\AppData\Local\Temp\jre-7u40-windows-i586-iftw.exe C:\Users\henry\AppData\Local\Temp\nvSCPAPI.dll C:\Users\henry\AppData\Local\Temp\nvSCPAPI64.dll C:\Users\henry\AppData\Local\Temp\nvSCPAPISvr.exe C:\Users\henry\AppData\Local\Temp\nvStInst.exe C:\Users\henry\AppData\Local\Temp\Quarantine.exe C:\Users\henry\AppData\Local\Temp\SamsungAPInstaller_1380029602058.exe C:\Users\henry\AppData\Local\Temp\uninst1.exe C:\Users\henry\AppData\Local\Temp\VSUSetup.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2013-10-11 19:02 ==================== End Of Log ============================ --- --- --- GMER.LOG Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-10-14 18:28:34 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.1AA0 931,51GB Running: zyy5l85y.exe; Driver: C:\Users\henry\AppData\Local\Temp\uxlorfoc.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable fffff960000d4a00 7 bytes [40, CA, 81, 01, 00, 4C, F2] .text C:\WINDOWS\System32\win32k.sys!W32pServiceTable + 8 fffff960000d4a08 7 bytes [01, EA, BF, FF, 00, C7, DA] ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -1722754004 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a66d56 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272a66d56@6c8336e41cf3 0xC2 0x4B 0xC8 0x1C ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Upgrade\LocalRadioSettings Reg HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@09ee2a995e006444eb60aa8ebed7f942\r\n 0xD1 0x48 0xC0 0x77 ... Reg HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@2ab3624df121c9fc822a113c5bb8cea3\r\n 0xD1 0x48 0xC0 0xF7 ... Reg HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@60d84cc295ead2635c9155d248a66319\r\n 0x0A 0xE2 0x64 0x52 ... Reg HKCU\Software\Microsoft\Windows Live\Companion\******@hotmail.com@9f1922cfebcf9613d19795c1488396d2\r\n 0xC2 0x0B 0xAB 0xDF ... ---- EOF - GMER 2.1 ---- Geändert von Gwellion (14.10.2013 um 17:36 Uhr) |
Themen zu Probleme mit searchgol nach deltatoolbar nach installation von imgburn (Win8-x64-chrome) |
administrator, bluescreen, chromium, computer, delta chrome toolbar, farbar, farbar recovery scan tool, flash player, free download, homepage, install.exe, plug-in, pup.optional.babylon.a, pup.optional.browserdefender.a, pup.optional.datamngr.a, pup.optional.delta, pup.optional.delta.a, pup.optional.opencandy, pup.optional.performersoft.a, pup.pswtool.productkey, revo uninstaller, searchgol, secure search, services.exe, system, windowsapps, winlogon.exe |