| |
| |||||||
Log-Analyse und Auswertung: Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.10.2013, 14:47
| #1 | |
 |  Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Hallo, schon seit langem beobachte ich das Trojaner Board und werde nun ebenfalls versuchen, mir hier helfen zu lassen. Mein Ursprungsproblem: Wahllose Wörter auf beliebigen Websites durch Werbung verlinkt. Darauf Avira gestartet was mehrere Meldungen brachte. Mich an Trojaner Board erinnert, die Schritte abgearbeitet und nun mit der Bitte um Hilfe registriert. Meine Log Dateien: Frst: [QUOTE=FRST] FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-10-2013
Ran by James Dean (administrator) on JAMESDEAN-PC on 20-10-2013 14:53:17
Running from C:\Users\James Dean\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
() c:\programdata\summersoft\optimizerpro\OptimizerPro.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Spotify Ltd) C:\Users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Microsoft Corporation) C:\Windows\system32\msiexec.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [POEngine5] - [x]
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-16] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\James Dean\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-16] (Spotify Ltd)
HKCU\...\Run: [LiveSupport] - "C:\Program Files (x86)\LiveSupport\LiveSupport.exe" /noshow /log
HKCU\...\Run: [WMPNSCFG] - C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKCU\...\Policies\Explorer: [NoLogoff] 0
MountPoints2: {adaeb1f9-ca74-11df-ba86-002186dad317} - G:\autorun.exe
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SearchSettings] - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [534880 2011-08-17] (Spigot, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\dean\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\elephant\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Jimmy Dean\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Jimmy Dean\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\postgres\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
AppInit_DLLs: [1555968 2009-04-11] ()
AppInit_DLLs-x32: c:\progra~2\ssd8e3~1.hel\psupport.dll c:\progra~2\websea~1\sprote~1.dll [1044480 2013-01-24] ()
Startup: C:\Users\James Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Mail.lnk
ShortcutTarget: Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
URLSearchHook: (No Name) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - No File
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {67155C91-2696-4DBB-BC56-0EDA1AA38304} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM-x32 - DefaultScope {DDF02204-49F2-4F36-869F-00E875485BD5} URL =
SearchScopes: HKLM-x32 - {3902400C-5C9F-4272-B9E3-A270032A7C98} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM-x32 - {67155C91-2696-4DBB-BC56-0EDA1AA38304} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM-x32 - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
SearchScopes: HKCU - DefaultScope {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
SearchScopes: HKCU - {3902400C-5C9F-4272-B9E3-A270032A7C98} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - {67155C91-2696-4DBB-BC56-0EDA1AA38304} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {BB74DE59-BC4C-4172-9AC4-73315F71CFFE} URL = hxxp://websearch.wisesearch.info/?l=1&q={searchTerms}&pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
SearchScopes: HKCU - {C3B765C8-8C46-4FD6-ABC0-6027CDE0C98A} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=EBE459A9-8924-408A-A4DA-EAB6116A4F06&apn_sauid=1B01EBCD-4556-4E7B-A16D-811CB3F152A8
SearchScopes: HKCU - {DC3C3673-8F41-4FEA-A069-90FFCE283DBD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
SearchScopes: HKCU - {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://startsear.ch/?aff=1&q={searchTerms}
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
BHO-x32: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM-x32 - Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Toolbar: HKCU - Winamp Toolbar - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - No File
Toolbar: HKCU - No Name - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No File
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - No File
Handler-x32: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [49152 2008-12-22] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default
FF user.js: detected! => C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: WebSearch
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.user_pref("browser.search.order.1,S", "WebSearch");: user_pref("browser.search.order.1,S", "WebSearch");
FF SelectedSearchEngine: WebSearch
FF Homepage: dbdt.at
FF Keyword.URL: hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39&l=1&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @fluxdvd.com/NPAPIX - C:\Program Files (x86)\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF Plugin-x32: @fluxdvd.com/NPFluxBrowserHelper - C:\Program Files (x86)\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ()
FF Plugin-x32: @protectdisc.com/NPWMDRMWrapper - C:\Program Files (x86)\Common Files\mpDRM\NPWMDRMWrapper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\James Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\aol-web-search.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\startsear.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\WebSearch.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: NoScript - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(131)
FF Extension: NoScript - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(84)
FF Extension: DownloadHelper - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: CSHelper - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
FF Extension: personas - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\personas@christopher.beard.xpi
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF Extension: pdfforge - C:\Program Files (x86)\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
FF Extension: wtxpcom - C:\Program Files (x86)\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
FF HKLM-x32\...\Firefox\Extensions: [{400F0BDB-6C49-43A4-BE1F-76D7327A604D}] - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla
FF Extension: fluxDVD Download Manager - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
CHR Extension: (Ask Toolbar) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.15.37265_0
CHR Extension: (YouTube) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Deownload keepeur) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeciojpmlodeaaeflcempkfdejlglmfc\1.6
CHR Extension: (vshare plugin) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj\1.3_0
CHR Extension: (SearchNewTab) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\oodogenenckilpdhlbedpnlhboolghhi\1.0
CHR Extension: (Gmail) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 gupdate1ca2ffa2a389080; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-09-07] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2008-06-25] ()
R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2008-06-25] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-09-27] (Mobile Connector)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867824 2010-03-14] (Duplex Secure Ltd.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 StarOpen; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-20 14:52 - 2013-10-20 14:52 - 01954548 _____ (Farbar) C:\Users\James Dean\Downloads\FRST64.exe
2013-10-20 14:52 - 2013-10-20 14:52 - 00000000 ____D C:\FRST
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 14:45 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-20 14:44 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-20 14:44 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-20 14:44 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-20 14:41 - 2013-10-20 14:44 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000592 _____ C:\Users\James Dean\Downloads\defogger_disable.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000020 _____ C:\Users\James Dean\defogger_reenable
2013-10-20 14:27 - 2013-10-20 14:27 - 00050477 _____ C:\Users\James Dean\Downloads\Defogger.exe
2013-10-20 14:17 - 2013-10-20 14:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-18 19:55 - 2013-10-18 21:22 - 264241152 _____ C:\Users\James Dean\Downloads\losslessalbum.net__VA-Bravo_Hits_82-2013.part1.rar
2013-10-18 19:23 - 2013-10-18 19:23 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-10-18 19:23 - 2013-10-18 19:23 - 00000000 ____D C:\Program Files (x86)\WebSearch
2013-10-18 19:22 - 2013-10-20 14:31 - 00000474 ____H C:\Windows\Tasks\OptimizerPro-S-480333868.job
2013-10-18 19:22 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-18 19:22 - 2013-10-18 19:22 - 00002720 _____ C:\Windows\System32\Tasks\OptimizerPro-S-480333868
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\ProgramData\Deownload keepeur
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-10-18 19:20 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 14:27 - 2013-10-18 14:27 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\OpenCandy
2013-10-18 14:18 - 2013-10-18 14:20 - 27469464 _____ (DVDVideoSoft Ltd. ) C:\Users\James Dean\Downloads\FreeVideoToMP3Converter.exe
2013-10-18 14:06 - 2013-10-18 15:45 - 304508559 _____ C:\Users\James Dean\Downloads\Bravo_Hits_Vol.802013.rar
2013-10-17 23:18 - 2013-10-17 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-09 14:47 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 14:47 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 14:47 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 14:47 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 14:47 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 14:47 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 14:47 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 14:47 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 14:47 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 14:47 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 14:47 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-09 14:47 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 14:47 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 14:47 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 14:47 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 14:47 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 14:47 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 14:47 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 14:47 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 14:47 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 14:47 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 14:47 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 14:47 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 14:47 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 14:47 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 14:47 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 14:47 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-09 14:47 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 14:47 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 14:47 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 14:47 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 14:47 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 14:41 - 2013-08-29 09:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 14:41 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-09 14:41 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 14:41 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 14:41 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 14:41 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 14:41 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 14:41 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-09 14:41 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-09 14:41 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-09 14:41 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-09 14:41 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 14:41 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 14:41 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:41 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:41 - 2013-07-12 11:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 14:41 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 14:41 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 14:41 - 2013-07-03 04:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 14:41 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 14:41 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 14:41 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 14:41 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 14:41 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 14:41 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 14:39 - 2013-06-29 04:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 14:39 - 2011-05-05 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 14:39 - 2011-05-05 16:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 14:03 - 2013-10-09 14:24 - 149290982 _____ C:\Users\James Dean\Documents\Startseite - ZDF Mediathek.flv
==================== One Month Modified Files and Folders =======
2013-10-20 14:52 - 2013-10-20 14:52 - 01954548 _____ (Farbar) C:\Users\James Dean\Downloads\FRST64.exe
2013-10-20 14:52 - 2013-10-20 14:52 - 00000000 ____D C:\FRST
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 14:47 - 2009-09-07 22:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-20 14:45 - 2013-05-29 00:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-20 14:45 - 2008-12-05 08:47 - 01931042 _____ C:\Windows\WindowsUpdate.log
2013-10-20 14:44 - 2013-10-20 14:41 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 14:44 - 2008-07-31 10:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-20 14:36 - 2012-07-31 23:00 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Spotify
2013-10-20 14:32 - 2009-09-07 22:46 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-20 14:32 - 2008-12-22 14:44 - 00073674 _____ C:\ProgramData\nvModes.001
2013-10-20 14:31 - 2013-10-18 19:22 - 00000474 ____H C:\Windows\Tasks\OptimizerPro-S-480333868.job
2013-10-20 14:31 - 2008-12-22 14:42 - 00073674 _____ C:\ProgramData\nvModes.dat
2013-10-20 14:31 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-20 14:31 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-20 14:31 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-20 14:30 - 2008-07-31 08:37 - 00004268 _____ C:\Windows\bthservsdp.dat
2013-10-20 14:30 - 2006-11-02 17:42 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-20 14:29 - 2013-10-20 14:29 - 00000592 _____ C:\Users\James Dean\Downloads\defogger_disable.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000020 _____ C:\Users\James Dean\defogger_reenable
2013-10-20 14:29 - 2008-12-22 14:41 - 00000000 ____D C:\Users\James Dean
2013-10-20 14:27 - 2013-10-20 14:27 - 00050477 _____ C:\Users\James Dean\Downloads\Defogger.exe
2013-10-20 14:18 - 2013-10-20 14:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-20 02:37 - 2008-12-22 18:19 - 00000000 ____D C:\Users\James Dean\AppData\Local\PokerStars.EU
2013-10-19 17:43 - 2008-07-31 18:17 - 00671674 _____ C:\Windows\system32\perfh007.dat
2013-10-19 17:43 - 2008-07-31 18:17 - 00144810 _____ C:\Windows\system32\perfc007.dat
2013-10-19 17:43 - 2006-11-02 14:46 - 01560144 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 00:23 - 2009-02-01 20:48 - 00000000 ____D C:\Users\James Dean\Documents\DVDVideoSoft
2013-10-18 21:22 - 2013-10-18 19:55 - 264241152 _____ C:\Users\James Dean\Downloads\losslessalbum.net__VA-Bravo_Hits_82-2013.part1.rar
2013-10-18 20:21 - 2008-12-22 18:19 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-10-18 19:51 - 2012-10-24 17:17 - 00000000 ____D C:\Program Files (x86)\Optimizer Pro
2013-10-18 19:26 - 2008-01-21 05:26 - 00237618 _____ C:\Windows\PFRO.log
2013-10-18 19:24 - 2013-10-18 19:22 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-18 19:24 - 2013-10-18 19:20 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 19:23 - 2013-10-18 19:23 - 00000000 ____D C:\ProgramData\SearchNewTab
2013-10-18 19:23 - 2013-10-18 19:23 - 00000000 ____D C:\Program Files (x86)\WebSearch
2013-10-18 19:22 - 2013-10-18 19:22 - 00002720 _____ C:\Windows\System32\Tasks\OptimizerPro-S-480333868
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\ProgramData\Deownload keepeur
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-10-18 15:45 - 2013-10-18 14:06 - 304508559 _____ C:\Users\James Dean\Downloads\Bravo_Hits_Vol.802013.rar
2013-10-18 14:27 - 2013-10-18 14:27 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\OpenCandy
2013-10-18 14:27 - 2010-11-08 00:13 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\DVDVideoSoft
2013-10-18 14:27 - 2009-02-01 20:47 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-18 14:20 - 2013-10-18 14:18 - 27469464 _____ (DVDVideoSoft Ltd. ) C:\Users\James Dean\Downloads\FreeVideoToMP3Converter.exe
2013-10-18 10:45 - 2009-02-15 21:31 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-18 10:40 - 2011-03-24 23:34 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\HpUpdate
2013-10-17 23:18 - 2013-10-17 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 09:28 - 2012-07-31 23:01 - 00000000 ____D C:\Users\James Dean\AppData\Local\Spotify
2013-10-17 09:25 - 2008-12-27 21:11 - 00000021 _____ C:\ProgramData\hpqp.txt
2013-10-16 09:24 - 2013-03-10 15:04 - 00004014 _____ C:\Windows\setupact.log
2013-10-16 09:24 - 2008-12-22 15:01 - 00174592 _____ C:\Users\James Dean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-12 14:55 - 2013-07-08 19:01 - 00002621 _____ C:\Users\James Dean\Desktop\Microsoft Office Word 2003.lnk
2013-10-12 12:07 - 2011-08-30 10:01 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Skype
2013-10-12 01:42 - 2009-09-07 22:46 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 01:42 - 2009-09-07 22:46 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 18:25 - 2011-08-30 10:01 - 00000000 ____D C:\ProgramData\Skype
2013-10-10 14:47 - 2013-05-29 00:32 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 14:47 - 2013-04-05 17:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 14:47 - 2013-04-05 17:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 15:46 - 2006-11-02 17:21 - 00299464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 15:45 - 2009-05-29 08:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 15:13 - 2006-11-02 14:34 - 00000305 _____ C:\Windows\win.ini
2013-10-09 15:02 - 2011-03-31 00:39 - 01540150 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 14:52 - 2013-07-19 16:21 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 14:48 - 2006-11-02 14:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 14:24 - 2013-10-09 14:03 - 149290982 _____ C:\Users\James Dean\Documents\Startseite - ZDF Mediathek.flv
2013-10-08 12:45 - 2013-03-02 18:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-08 07:51 - 2012-06-17 20:44 - 00873384 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-10-08 07:51 - 2010-04-19 00:11 - 00796072 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-08 07:50 - 2013-10-20 14:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-20 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-20 14:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-20 14:44 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-07 12:04 - 2013-07-30 01:35 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:04 - 2013-07-30 01:35 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:04 - 2013-07-30 01:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-05 23:48 - 2013-08-26 01:20 - 00002649 _____ C:\Users\James Dean\Desktop\Microsoft Office Excel 2003.lnk
2013-09-23 12:46 - 2012-04-27 00:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-22 17:43 - 2013-10-09 14:47 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-09 14:47 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-09 14:47 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-09 14:47 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-09 14:47 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-09 14:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-09 14:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-09 14:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-09 14:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-09 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-09 14:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-09 14:47 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-09 14:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-09 14:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-09 14:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-09 14:47 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-09 14:47 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-09 14:47 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-09 14:47 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-09 14:47 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-09 14:47 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-09 14:47 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-09 14:47 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-09 14:47 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-09 14:47 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-09 14:47 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-09 14:47 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-09 14:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-09 14:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-09 14:47 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-09 14:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-09 14:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
Files to move or delete:
====================
C:\Users\James Dean\AppData\Roaming\CamLayout.ini
C:\Users\James Dean\AppData\Roaming\CamShapes.ini
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
Some content of TEMP:
====================
C:\Users\James Dean\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\James Dean\AppData\Local\Temp\ApnStub.exe
C:\Users\James Dean\AppData\Local\Temp\avgnt.exe
C:\Users\James Dean\AppData\Local\Temp\Extract.exe
C:\Users\James Dean\AppData\Local\Temp\jre-7u13-windows-i586-iftw.exe
C:\Users\James Dean\AppData\Local\Temp\jre-7u17-windows-i586-iftw.exe
C:\Users\James Dean\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\James Dean\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\James Dean\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\James Dean\AppData\Local\Temp\LiveSupport_setup.exe
C:\Users\James Dean\AppData\Local\Temp\ptu455F_tmp.exe
C:\Users\James Dean\AppData\Local\Temp\ptu979F_tmp.exe
C:\Users\James Dean\AppData\Local\Temp\SkypeSetup.exe
C:\Users\James Dean\AppData\Local\Temp\SP41645.exe
C:\Users\James Dean\AppData\Local\Temp\xuninst.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-20 14:52
==================== End Of Log ============================
FRST Addition: Zitat:
[QUOTE=Gmer]GMER Logfile: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-20 15:42:10
Windows 6.0.6002 Service Pack 2 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9250827AS rev.3.AHC 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\JAMESD~1\AppData\Local\Temp\fwdyauoc.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff9600011f800 3 bytes [C0, 82, 02]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 4 fffff9600011f804 3 bytes [41, BC, FA]
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
INITKDBG C:\Windows\system32\ntoskrnl.exe suspicious modification
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\svchost.exe [1200:2808] 000007fef7559358
Thread C:\Windows\system32\svchost.exe [1200:2824] 000007fef7563820
Thread C:\Windows\system32\svchost.exe [1200:3708] 000007fef425af94
Thread C:\Windows\system32\svchost.exe [1200:3712] 000007fef425af94
Thread C:\Windows\system32\svchost.exe [1200:3716] 000007fef425af94
Thread C:\Windows\system32\svchost.exe [1200:3720] 000007fef425af94
Thread C:\Windows\system32\svchost.exe [1200:1208] 000007fef75660bc
Thread C:\Windows\System32\spoolsv.exe [1708:1964] 000007fef9f913dc
Thread C:\Windows\System32\spoolsv.exe [1708:1968] 000007fef9f912ac
Thread C:\Windows\System32\spoolsv.exe [1708:1976] 000007fef9f31c00
Thread C:\Windows\System32\spoolsv.exe [1708:1984] 000007fef9ee38a0
Thread C:\Windows\System32\spoolsv.exe [1708:1988] 000007fef9e0bd78
Thread C:\Windows\System32\spoolsv.exe [1708:1992] 000007fef9e0c4f8
Thread C:\Windows\System32\spoolsv.exe [1708:1996] 000007fef9e16844
Thread C:\Windows\System32\spoolsv.exe [1708:2004] 000007fef9fea704
Thread C:\Windows\System32\spoolsv.exe [1708:1104] 000007fefa02dbe8
Thread C:\Windows\system32\svchost.exe [2624:2708] 000007fef9e0bd78
Thread C:\Windows\system32\svchost.exe [2624:2764] 000007fef9e0c4f8
Thread C:\Windows\system32\svchost.exe [2624:2768] 000007fef9e16844
Thread C:\Windows\System32\svchost.exe [2692:2776] 000007fef7fa6cbc
Thread C:\Windows\System32\WUDFHost.exe [2984:1236] 0000000071842eb0
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186661bc0
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186dad317
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186dad317@0023d62f9978 0x1E 0x95 0xD6 0x85 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186dad317@0022a9f0cf53 0x5E 0xC7 0xAC 0x93 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186dad317@2021a5664ca4 0xC1 0x81 0xD1 0x39 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\002186dad317@b8ff61a7c72f 0xA4 0x2B 0x61 0xD3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186661bc0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186dad317 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186dad317@0023d62f9978 0x1E 0x95 0xD6 0x85 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186dad317@0022a9f0cf53 0x5E 0xC7 0xAC 0x93 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186dad317@2021a5664ca4 0xC1 0x81 0xD1 0x39 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\002186dad317@b8ff61a7c72f 0xA4 0x2B 0x61 0xD3 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Wie man vielleicht sieht bin ich nicht mehr ganz Up to Date, bitte Entschuldigt. Auf jeden Fall bringe ich Geduld mit. Darüber hinaus werde ich erst einmal nichts auf eigene Faust unternehmen sondern warte auf weitere Instruktionen aus diesem Board. Sofern, aus welchem Grund auch immer, davon abgesehen wird hier Hilfe zu leisten, teilt dies bitte mit, sodass ich andere Schritte unternehmen kann. Vielen Dank im Vorraus PS: Muss dann los zur Arbeit und werde erst Morgen Vormittag/Mittag erneut posten können. |
|
20.10.2013, 17:28
| #2 | |
| /// the machine /// TB-Ausbilder    | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet hi,
__________________Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!Downloade dir bitte Combofix vom folgenden Downloadspiegel Link 1 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ |
|
20.10.2013, 23:25
| #3 |
| | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Combofix Download erfolgreich
__________________Gespeichert Suchlauf gestartet Log File: Combofix Logfile: Code:
ATTFilter ComboFix 13-10-19.02 - James Dean 21.10.2013 0:45.2.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4092.1935 [GMT 2:00]
ausgeführt von:: c:\users\James Dean\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-09-20 bis 2013-10-20 ))))))))))))))))))))))))))))))
.
.
2013-10-20 22:53 . 2013-10-20 22:53 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-10-20 22:53 . 2013-10-20 22:53 -------- d-----w- c:\users\Jimmy Dean\AppData\Local\temp
2013-10-20 22:53 . 2013-10-20 22:53 -------- d-----w- c:\users\elephant\AppData\Local\temp
2013-10-20 22:53 . 2013-10-20 22:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-10-20 22:53 . 2013-10-20 22:53 -------- d-----w- c:\users\dean\AppData\Local\temp
2013-10-20 12:52 . 2013-10-20 12:52 -------- d-----w- C:\FRST
2013-10-20 12:50 . 2013-10-20 12:50 -------- d-----w- c:\programdata\Oracle
2013-10-20 12:44 . 2013-10-08 05:50 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-18 17:23 . 2013-10-18 17:23 -------- d-----w- c:\program files (x86)\WebSearch
2013-10-18 17:22 . 2013-10-18 17:24 -------- d-----w- c:\programdata\SummerSoft
2013-10-18 17:22 . 2013-10-18 17:22 -------- d-----w- c:\program files (x86)\Ss.Helper
2013-10-18 17:22 . 2013-10-20 22:10 -------- d-----w- c:\programdata\Deownload keepeur
2013-10-18 17:20 . 2013-10-18 17:24 -------- d-----w- c:\programdata\InstallMate
2013-10-18 12:27 . 2013-10-18 12:27 -------- d-----w- c:\users\James Dean\AppData\Roaming\OpenCandy
2013-10-17 21:18 . 2013-10-17 21:18 -------- d-----w- c:\program files\McAfee Security Scan
2013-10-09 12:41 . 2013-07-20 10:45 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 12:39 . 2013-06-29 02:25 274944 ----a-w- c:\windows\system32\drivers\usbhub.sys
2013-10-09 12:39 . 2013-06-29 02:25 95744 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2013-10-09 12:39 . 2013-06-29 02:25 259584 ----a-w- c:\windows\system32\drivers\usbport.sys
2013-10-09 12:39 . 2013-06-29 02:25 7552 ----a-w- c:\windows\system32\drivers\usbd.sys
2013-10-09 12:39 . 2011-05-05 14:17 49664 ----a-w- c:\windows\system32\drivers\usbehci.sys
2013-10-09 12:39 . 2011-05-05 14:17 29184 ----a-w- c:\windows\system32\drivers\usbuhci.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 12:47 . 2013-04-05 15:40 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 12:47 . 2013-04-05 15:40 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-09 12:48 . 2006-11-02 12:35 80541720 ----a-w- c:\windows\system32\mrt.exe
2013-10-08 05:51 . 2012-06-17 18:44 873384 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-10-08 05:51 . 2010-04-18 22:11 796072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-10-07 10:04 . 2013-07-29 23:35 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-10-07 10:04 . 2013-07-29 23:35 132600 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-10-07 10:04 . 2013-07-29 23:35 105856 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-08-02 14:06 . 2013-08-31 22:13 1706496 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-02 04:09 . 2013-08-31 22:13 1548288 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2011-08-17 11:15 734048 ----a-w- c:\program files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\4.6\pdfforgeToolbarIE.dll" [2011-08-17 734048]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1555968]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 2736128]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"HPADVISOR"="c:\program files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2010-06-29 1689144]
"Spotify Web Helper"="c:\users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2013-10-16 1140736]
"Spotify"="c:\users\James Dean\AppData\Roaming\Spotify\Spotify.exe" [2013-10-16 4752384]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UCam_Menu"="c:\program files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2007-12-24 222504]
"QPService"="c:\program files (x86)\HP\QuickPlay\QPService.exe" [2008-06-25 468264]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-29 937920]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2011-08-17 534880]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-02-15 417792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-10-07 681032]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\James Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Windows Mail.lnk - c:\program files\Windows Mail\WinMail.exe [2008-1-21 400896]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.130\SSScheduler.exe [2013-9-6 324320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - FWDYAUOC
*Deregistered* - fwdyauoc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-10-17 21:19 1185744 ----a-w- c:\program files (x86)\Google\Chrome\Application\30.0.1599.101\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-05 12:47]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-07 20:31]
.
2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-07 20:31]
.
2013-10-20 c:\windows\Tasks\OptimizerPro-S-480333868.job
- c:\programdata\summersoft\optimizerpro\OptimizerPro.exe [2012-10-18 17:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"OnScreenDisplay"="c:\program files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe" [2008-01-23 685568]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 225792]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 16395880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2009-07-21 450048]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Free YouTube Download - c:\users\James Dean\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to Mp3 Converter - c:\users\James Dean\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39&l=1&q=
FF - prefs.js: browser.search.selectedEngine - WebSearch
FF - prefs.js: browser.startup.homepage - dbdt.at
FF - prefs.js: keyword.URL - hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39&l=1&q=
FF - ExtSQL: !HIDDEN! 2009-07-02 00:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: yahoo.homepage.dontask - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{C1A27135-69EB-8D44-7358-34727DD7B820} - c:\programdata\Deownload keepeur\JVqL.exe
AddRemove-{C670DCAE-E392-AA32-6F42-143C7FC4BDFD} - c:\programdata\SearchNewTab\bDv6iRH.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}]
@Denied: (A 2) (Everyone)
@SACL=
@="IFlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{2E4BB6BE-A75F-4DC0-9500-68203655A2C4}\ProxyStubClsid]
@Denied: (A 2) (Everyone)
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€ÈA*]
"7040311900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Zeit der Fertigstellung: 2013-10-21 00:55:23
ComboFix-quarantined-files.txt 2013-10-20 22:55
ComboFix2.txt 2013-10-20 22:18
.
Vor Suchlauf: 18 Verzeichnis(se), 79.023.177.728 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 78.956.392.448 Bytes frei
.
- - End Of File - - 90CF96D5161A89D03F49D523A7A5E4BC
Editiert weil ich zuerst ComboFix nicht auf dem Desktop hatte Danke soweit  Geändert von ThDean (21.10.2013 um 00:01 Uhr) |
|
21.10.2013, 12:54
| #4 |
| /// the machine /// TB-Ausbilder | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
21.10.2013, 23:13
| #5 |
| | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Der Reihe nach. Der MBAM Log: Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.10.21.09 Windows Vista Service Pack 2 x64 NTFS Internet Explorer 9.0.8112.16421 James Dean :: JAMESDEAN-PC [Administrator] 21.10.2013 22:52:30 mbam-log-2013-10-21 (22-52-30).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 312698 Laufzeit: 6 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 7 HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C} (PUP.Optional.OptimzerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_4e24eecb (PUP.OPtional.Websearch.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\AppDataLow\SProtector (PUP.Optional.SProtector.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {AAB7ED7A-1C82-11DE-A384-002186DAD317} -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Daten: {AAB7ED7A-1C82-11DE-A384-002186DAD317} -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 9 C:\Users\James Dean\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSearch (PUP.OPtional.Websearch.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\OpenCandy\B74C0CF0BD094DDFB499351D13000F57 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SweetIM\Toolbars (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\conf (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\resources (PUP.Optional.SweetIM.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 22 C:\ProgramData\InstallMate\{ACAE7280-B42C-4BB0-A95B-FC0E774D5076}\Setup.exe (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\InstallMate\{ACAE7280-B42C-4BB0-A95B-FC0E774D5076}\TsuDll.dll (PUP.Optional.Tarma.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\FreeVideoToMP3Converter.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\SoftonicDownloader_fuer_myspace-music-downloader.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\winamp5581_full_emusic-7plus_en-us.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\winamp561_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\winamp5621_full_emusic-7plus_all.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\winamp5621_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\Downloads\winamp565_full_emusic-7plus_de-de.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\James Dean\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSearch\sprotector.dll (PUP.OPtional.Websearch.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\WebSearch\uninstall.exe (PUP.OPtional.Websearch.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Es folgt der adwCleaner Log:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v3.010 - Bericht erstellt am 21/10/2013 um 23:42:11
# Updated 20/10/2013 von Xplode
# Betriebssystem : Windows (TM) Vista Home Premium Service Pack 2 (64 bits)
# Benutzername : James Dean - JAMESDEAN-PC
# Gestartet von : C:\Users\James Dean\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[!] Ordner Gelöscht : C:\ProgramData\Ask
[!] Ordner Gelöscht : C:\ProgramData\Winamp Toolbar
[!] Ordner Gelöscht : C:\ProgramData\Deownload keepeur
[!] Ordner Gelöscht : C:\Program Files (x86)\Application Updater
[!] Ordner Gelöscht : C:\Program Files (x86)\optimizer pro
[!] Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\SweetIM
[!] Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
[!] Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
[!] Ordner Gelöscht : C:\Program Files (x86)\Common Files\spigot
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\Local\Winamp Toolbar
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\LocalLow\pdfforge
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\Roaming\dvdvideosoftiehelpers
[!] Ordner Gelöscht : C:\Users\Jimmy Dean\AppData\LocalLow\AskToolbar
[!] Ordner Gelöscht : C:\Users\Jimmy Dean\AppData\LocalLow\pdfforge
[!] Ordner Gelöscht : C:\Users\Jimmy Dean\AppData\LocalLow\Search Settings
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\SweetIMToolbarData
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
[!] Ordner Gelöscht : C:\Users\James Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
[!] Ordner Gelöscht : C:\Users\Jimmy Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\kpionmjnkbpcdpcflammlgllecmejgjj
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\Extensions\wtxpcom@mybrowserbar.com
Datei Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\aol-web-search.xml
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\Askcom.xml
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\Startsear.xml
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\WebSearch.xml
Datei Gelöscht : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SP_19703871
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F97BFF8-488B-4107-BCEE-B161AB4E4183}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A1B48071-416D-474E-A13B-BE5456E7FC31}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A8C2644D-BF72-4A89-A88C-D85F565F2F46}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Schlüssel Gelöscht : HKCU\Software\Grand Virtual
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\StartSearch
Schlüssel Gelöscht : HKCU\Software\vShare.tv
Schlüssel Gelöscht : HKCU\Software\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\OptimizerPro
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Schlüssel Gelöscht : HKLM\Software\Winamp Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{638482BC-3092-42DC-AEA1-735264911A77}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A0B139A7-E8D5-49E8-A7BF-12421E652208}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{C670DCAE-E392-AA32-6F42-143C7FC4BDFD}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
***** [ Browser ] *****
-\\ Internet Explorer v9.0.8112.16514
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v24.0 (de)
[ Datei : C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\prefs.js ]
Zeile gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Zeile gelöscht : user_pref("aol_toolbar.default.search.check", false);
Zeile gelöscht : user_pref("aol_toolbar.surf.date", "335");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastDate", "2");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastMonth", "6");
Zeile gelöscht : user_pref("aol_toolbar.surf.lastYear", "2012");
Zeile gelöscht : user_pref("aol_toolbar.surf.month", "1706");
Zeile gelöscht : user_pref("aol_toolbar.surf.prevMonth", "22987");
Zeile gelöscht : user_pref("aol_toolbar.surf.total", "130779");
Zeile gelöscht : user_pref("aol_toolbar.surf.week", "1706");
Zeile gelöscht : user_pref("aol_toolbar.surf.year", "36662");
Zeile gelöscht : user_pref("browser.search.defaultenginename", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaultenginename,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.defaulturl", "hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39&l=1&q=");
Zeile gelöscht : user_pref("browser.search.order.1", "WebSearch");
Zeile gelöscht : user_pref("browser.search.order.1,S", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "WebSearch");
Zeile gelöscht : user_pref("browser.search.selectedEngine,S", "WebSearch");
Zeile gelöscht : user_pref("extensions.AArm_fJK.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self.location.hostname.indexOf('mail.')==-1)\r\n{try{for(i=0;i<5;i++)[...]
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Zeile gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Zeile gelöscht : user_pref("extensions.Dng_O.scode", "(function(){if(window.self.location.hostname.indexOf(\"acebook.co\")>-1){return};if(window.self==window.top){var script=document.createElement(\"script\");script.t[...]
Zeile gelöscht : user_pref("extensions.enabledItems", "{0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5,{9AA46F4F-4DC7-4c06-97AF-5035170634FE}:4.01,{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11,{CAFEEFAC-0016-0000-0013-AB[...]
Zeile gelöscht : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Zeile gelöscht : user_pref("keyword.URL", "hxxp://websearch.wisesearch.info/?pid=924&r=2013/10/18&hid=6609659935121896662&lg=EN&cc=DE&unqvl=39&l=1&q=");
Zeile gelöscht : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Zeile gelöscht : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Zeile gelöscht : user_pref("sweetim.toolbar.mode.debug", "false");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "www.google.de");
Zeile gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "chrome://browser-region/locale/region.properties");
Zeile gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Zeile gelöscht : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Zeile gelöscht : user_pref("sweetim.toolbar.search.history.capacity", "10");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Zeile gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");
Zeile gelöscht : user_pref("sweetim.toolbar.simapp_id", "{AAB7ED7A-1C82-11DE-A384-002186DAD317}");
Zeile gelöscht : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Zeile gelöscht : user_pref("sweetim.toolbar.version", "1.0.0.8");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303935512156_1311941128895.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303935540827_1311940660392.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303936162215_1311941118486.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303936200262_1311941119618.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303936270237_1311941101092.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303936313991_1311940640690.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.button.1303936353284_1311941112215.view", "0");
Zeile gelöscht : user_pref("winamp_toolbar.buttons.defaultview", 0);
Zeile gelöscht : user_pref("winamp_toolbar.buttons.layout", "1303935512156_1311941128895;1303936200262_1311941119618;1303936162215_1311941118486;1303936353284_1311941112215;1303936270237_1311941101092;1303935540827_13[...]
Zeile gelöscht : user_pref("winamp_toolbar.firsttime.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.guid", "{C334F6EC-538D-6A91-833D-D8224ED7AA19}");
Zeile gelöscht : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.19.1");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampdate", "2");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampmonth", "6");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.activestampyear", "2012");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalDate", "15");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalHours", "6");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMinutes", "52");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalMonth", "4");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalSeconds", "45");
Zeile gelöscht : user_pref("winamp_toolbar.metrics.originalYear", "2011");
Zeile gelöscht : user_pref("winamp_toolbar.remote.publish.xml", "1341166270649");
Zeile gelöscht : user_pref("winamp_toolbar.search.cid", "15-05-2012");
Zeile gelöscht : user_pref("winamp_toolbar.search.instd", "20110415063741574");
Zeile gelöscht : user_pref("winamp_toolbar.search.oid", "15-04-2011");
Zeile gelöscht : user_pref("winamp_toolbar.search.populateoncomplete", false);
Zeile gelöscht : user_pref("winamp_toolbar.search.searchtype", "web");
Zeile gelöscht : user_pref("winamp_toolbar.search.source", "tb50-ff-winamp");
Zeile gelöscht : user_pref("winamp_toolbar.skin.custom", true);
Zeile gelöscht : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Zeile gelöscht : user_pref("winamp_toolbar.upgrade.showwindow", false);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.appversion", "20578");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.artist", "");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.focus", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.forward", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.open", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.pause", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.play", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.rewind", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.stop", false);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.button.volume", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.ticker.show", true);
Zeile gelöscht : user_pref("winamp_toolbar.winamp.title", "-999999");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.tracklength", "226");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.tracktime", "-1");
Zeile gelöscht : user_pref("winamp_toolbar.winamp.volume", "192");
[ Datei : C:\Users\Jimmy Dean\AppData\Roaming\Mozilla\Firefox\Profiles\nrlt6ho3.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
*************************
AdwCleaner[R0].txt - [23074 octets] - [21/10/2013 23:35:24]
AdwCleaner[S0].txt - [20929 octets] - [21/10/2013 23:42:11]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [20990 octets] ##########
Der Junkware Removal Tool Log: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.0.7 (10.15.2013:3) OS: Windows (TM) Vista Home Premium x64 Ran by James Dean on 21.10.2013 at 23:52:52,57 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3291874817-3239672627-655550871-1000\Software\SweetIM Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3902400C-5C9F-4272-B9E3-A270032A7C98} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{C3B765C8-8C46-4FD6-ABC0-6027CDE0C98A} Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{DDF02204-49F2-4F36-869F-00E875485BD5} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{3902400C-5C9F-4272-B9E3-A270032A7C98} Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{67155C91-2696-4DBB-BC56-0EDA1AA38304} ~~~ Files ~~~ Folders ~~~ FireFox Successfully deleted the following from C:\Users\James Dean\AppData\Roaming\mozilla\firefox\profiles\dhbms57z.default\prefs.js user_pref("extensions.toolbar@ask.com.install-event-fired", true); Emptied folder: C:\Users\James Dean\AppData\Roaming\mozilla\firefox\profiles\dhbms57z.default\minidumps [118 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 21.10.2013 at 23:59:51,92 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Last but not least aktuell FRST: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 21-10-2013 01
Ran by James Dean (administrator) on JAMESDEAN-PC on 22-10-2013 00:04:53
Running from C:\Users\James Dean\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Spotify Ltd) C:\Users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-16] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\James Dean\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-16] (Spotify Ltd)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\dean\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\elephant\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Jimmy Dean\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Jimmy Dean\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\postgres\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\James Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Mail.lnk
ShortcutTarget: Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {67155C91-2696-4DBB-BC56-0EDA1AA38304} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - DefaultScope {DDF02204-49F2-4F36-869F-00E875485BD5} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DC3C3673-8F41-4FEA-A069-90FFCE283DBD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - No File
Handler-x32: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [49152 2008-12-22] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: dbdt.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @fluxdvd.com/NPAPIX - C:\Program Files (x86)\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF Plugin-x32: @fluxdvd.com/NPFluxBrowserHelper - C:\Program Files (x86)\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ()
FF Plugin-x32: @protectdisc.com/NPWMDRMWrapper - C:\Program Files (x86)\Common Files\mpDRM\NPWMDRMWrapper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\James Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: NoScript - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(131)
FF Extension: NoScript - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(84)
FF Extension: DownloadHelper - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: CSHelper - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
FF Extension: personas - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\personas@christopher.beard.xpi
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{400F0BDB-6C49-43A4-BE1F-76D7327A604D}] - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla
FF Extension: fluxDVD Download Manager - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2006-11-02] (Microsoft Corporation)
S2 gupdate1ca2ffa2a389080; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-09-07] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2009-04-11] (Microsoft Corporation)
R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2008-06-25] ()
R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2008-06-25] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-09-27] (Mobile Connector)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867824 2010-03-14] (Duplex Secure Ltd.)
S3 StarOpen; No ImagePath
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-22 00:04 - 2013-10-22 00:04 - 01954698 _____ (Farbar) C:\Users\James Dean\Downloads\FRST64.exe
2013-10-22 00:00 - 2013-10-22 00:00 - 00002170 _____ C:\Users\James Dean\Desktop\JRT20131022.txt
2013-10-21 23:59 - 2013-10-21 23:59 - 00002170 _____ C:\Users\James Dean\Desktop\JRT.txt
2013-10-21 23:52 - 2013-10-21 23:52 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 23:51 - 2013-10-21 23:51 - 01033335 _____ (Thisisu) C:\Users\James Dean\Desktop\JRT.exe
2013-10-21 23:46 - 2013-10-21 23:46 - 00021075 _____ C:\Users\James Dean\Desktop\AdwCleaner[S0].txt
2013-10-21 23:35 - 2013-10-21 23:42 - 00000000 ____D C:\AdwCleaner
2013-10-21 23:33 - 2013-10-21 23:33 - 01060070 _____ C:\Users\James Dean\Downloads\adwcleaner.exe
2013-10-21 22:46 - 2013-10-21 22:46 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 22:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-21 22:37 - 2013-10-21 22:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-21 00:57 - 2013-10-21 00:57 - 00019215 _____ C:\Users\James Dean\Desktop\ComboFix II.txt
2013-10-21 00:55 - 2013-10-21 00:55 - 00019215 _____ C:\ComboFix.txt
2013-10-21 00:20 - 2013-10-21 00:20 - 00024195 _____ C:\Users\James Dean\Desktop\Combofix.txt
2013-10-21 00:01 - 2013-10-21 00:01 - 00029876 _____ C:\Users\James Dean\Desktop\Addition.txt
2013-10-21 00:01 - 2013-10-21 00:01 - 00005662 _____ C:\Users\James Dean\Desktop\GMER.txt
2013-10-21 00:00 - 2013-10-21 00:00 - 00052020 _____ C:\Users\James Dean\Desktop\FRST.txt
2013-10-20 23:58 - 2013-10-21 00:55 - 00000000 ____D C:\Qoobox
2013-10-20 23:58 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 23:58 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 23:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 23:57 - 2013-10-21 00:17 - 00000000 ____D C:\Windows\erdnt
2013-10-20 23:56 - 2013-10-20 23:56 - 05135479 ____R (Swearware) C:\Users\James Dean\Desktop\ComboFix.exe
2013-10-20 14:59 - 2013-10-20 14:59 - 00377856 _____ C:\Users\James Dean\Downloads\gmer_2.1.19163.exe
2013-10-20 14:54 - 2013-10-20 14:56 - 00029876 _____ C:\Users\James Dean\Downloads\Addition.txt
2013-10-20 14:52 - 2013-10-20 14:52 - 00000000 ____D C:\FRST
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 14:45 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-20 14:44 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-20 14:44 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-20 14:44 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-20 14:41 - 2013-10-20 14:44 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000592 _____ C:\Users\James Dean\Downloads\defogger_disable.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000020 _____ C:\Users\James Dean\defogger_reenable
2013-10-20 14:27 - 2013-10-20 14:27 - 00050477 _____ C:\Users\James Dean\Downloads\Defogger.exe
2013-10-20 14:17 - 2013-10-20 14:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-18 19:55 - 2013-10-18 21:22 - 264241152 _____ C:\Users\James Dean\Downloads\losslessalbum.net__VA-Bravo_Hits_82-2013.part1.rar
2013-10-18 19:22 - 2013-10-21 23:55 - 00000474 ____H C:\Windows\Tasks\OptimizerPro-S-480333868.job
2013-10-18 19:22 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-18 19:22 - 2013-10-18 19:22 - 00002720 _____ C:\Windows\System32\Tasks\OptimizerPro-S-480333868
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-10-18 19:20 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 14:06 - 2013-10-18 15:45 - 304508559 _____ C:\Users\James Dean\Downloads\Bravo_Hits_Vol.802013.rar
2013-10-17 23:18 - 2013-10-17 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-09 14:47 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 14:47 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 14:47 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 14:47 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 14:47 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 14:47 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 14:47 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 14:47 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 14:47 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 14:47 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 14:47 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-09 14:47 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 14:47 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 14:47 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 14:47 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 14:47 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 14:47 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 14:47 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 14:47 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 14:47 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 14:47 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 14:47 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 14:47 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 14:47 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 14:47 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 14:47 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 14:47 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-09 14:47 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 14:47 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 14:47 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 14:47 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 14:47 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 14:41 - 2013-08-29 09:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 14:41 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-09 14:41 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 14:41 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 14:41 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 14:41 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 14:41 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 14:41 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-09 14:41 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-09 14:41 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-09 14:41 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-09 14:41 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 14:41 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 14:41 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:41 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:41 - 2013-07-12 11:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 14:41 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 14:41 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 14:41 - 2013-07-03 04:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 14:41 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 14:41 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 14:41 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 14:41 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 14:41 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 14:41 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 14:39 - 2013-06-29 04:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 14:39 - 2011-05-05 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 14:39 - 2011-05-05 16:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 14:03 - 2013-10-09 14:24 - 149290982 _____ C:\Users\James Dean\Documents\Startseite - ZDF Mediathek.flv
==================== One Month Modified Files and Folders =======
2013-10-22 00:04 - 2013-10-22 00:04 - 01954698 _____ (Farbar) C:\Users\James Dean\Downloads\FRST64.exe
2013-10-22 00:00 - 2013-10-22 00:00 - 00002170 _____ C:\Users\James Dean\Desktop\JRT20131022.txt
2013-10-21 23:59 - 2013-10-21 23:59 - 00002170 _____ C:\Users\James Dean\Desktop\JRT.txt
2013-10-21 23:55 - 2013-10-18 19:22 - 00000474 ____H C:\Windows\Tasks\OptimizerPro-S-480333868.job
2013-10-21 23:52 - 2013-10-21 23:52 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 23:51 - 2013-10-21 23:51 - 01033335 _____ (Thisisu) C:\Users\James Dean\Desktop\JRT.exe
2013-10-21 23:51 - 2008-12-05 08:47 - 01953248 _____ C:\Windows\WindowsUpdate.log
2013-10-21 23:47 - 2012-07-31 23:00 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Spotify
2013-10-21 23:47 - 2009-09-07 22:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-21 23:46 - 2013-10-21 23:46 - 00021075 _____ C:\Users\James Dean\Desktop\AdwCleaner[S0].txt
2013-10-21 23:45 - 2013-05-29 00:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-21 23:45 - 2009-09-07 22:46 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-21 23:45 - 2008-12-22 14:44 - 00073674 _____ C:\ProgramData\nvModes.001
2013-10-21 23:45 - 2008-12-22 14:42 - 00073674 _____ C:\ProgramData\nvModes.dat
2013-10-21 23:44 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 23:44 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-21 23:44 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-21 23:43 - 2008-07-31 08:37 - 00004268 _____ C:\Windows\bthservsdp.dat
2013-10-21 23:43 - 2006-11-02 17:42 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-21 23:42 - 2013-10-21 23:35 - 00000000 ____D C:\AdwCleaner
2013-10-21 23:33 - 2013-10-21 23:33 - 01060070 _____ C:\Users\James Dean\Downloads\adwcleaner.exe
2013-10-21 23:31 - 2012-07-31 23:01 - 00000000 ____D C:\Users\James Dean\AppData\Local\Spotify
2013-10-21 23:26 - 2008-01-21 05:26 - 00247204 _____ C:\Windows\PFRO.log
2013-10-21 22:46 - 2013-10-21 22:46 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 22:37 - 2013-10-21 22:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-21 00:57 - 2013-10-21 00:57 - 00019215 _____ C:\Users\James Dean\Desktop\ComboFix II.txt
2013-10-21 00:55 - 2013-10-21 00:55 - 00019215 _____ C:\ComboFix.txt
2013-10-21 00:55 - 2013-10-20 23:58 - 00000000 ____D C:\Qoobox
2013-10-21 00:53 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-10-21 00:20 - 2013-10-21 00:20 - 00024195 _____ C:\Users\James Dean\Desktop\Combofix.txt
2013-10-21 00:18 - 2012-10-24 17:18 - 00000000 ____D C:\Users\James_Dean
2013-10-21 00:18 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-10-21 00:17 - 2013-10-20 23:57 - 00000000 ____D C:\Windows\erdnt
2013-10-21 00:01 - 2013-10-21 00:01 - 00029876 _____ C:\Users\James Dean\Desktop\Addition.txt
2013-10-21 00:01 - 2013-10-21 00:01 - 00005662 _____ C:\Users\James Dean\Desktop\GMER.txt
2013-10-21 00:00 - 2013-10-21 00:00 - 00052020 _____ C:\Users\James Dean\Desktop\FRST.txt
2013-10-20 23:56 - 2013-10-20 23:56 - 05135479 ____R (Swearware) C:\Users\James Dean\Desktop\ComboFix.exe
2013-10-20 14:59 - 2013-10-20 14:59 - 00377856 _____ C:\Users\James Dean\Downloads\gmer_2.1.19163.exe
2013-10-20 14:56 - 2013-10-20 14:54 - 00029876 _____ C:\Users\James Dean\Downloads\Addition.txt
2013-10-20 14:52 - 2013-10-20 14:52 - 00000000 ____D C:\FRST
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 14:44 - 2013-10-20 14:41 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 14:44 - 2008-07-31 10:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-20 14:29 - 2013-10-20 14:29 - 00000592 _____ C:\Users\James Dean\Downloads\defogger_disable.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000020 _____ C:\Users\James Dean\defogger_reenable
2013-10-20 14:29 - 2008-12-22 14:41 - 00000000 ____D C:\Users\James Dean
2013-10-20 14:27 - 2013-10-20 14:27 - 00050477 _____ C:\Users\James Dean\Downloads\Defogger.exe
2013-10-20 14:18 - 2013-10-20 14:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-20 02:37 - 2008-12-22 18:19 - 00000000 ____D C:\Users\James Dean\AppData\Local\PokerStars.EU
2013-10-19 17:43 - 2008-07-31 18:17 - 00671674 _____ C:\Windows\system32\perfh007.dat
2013-10-19 17:43 - 2008-07-31 18:17 - 00144810 _____ C:\Windows\system32\perfc007.dat
2013-10-19 17:43 - 2006-11-02 14:46 - 01560144 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 00:23 - 2009-02-01 20:48 - 00000000 ____D C:\Users\James Dean\Documents\DVDVideoSoft
2013-10-18 21:22 - 2013-10-18 19:55 - 264241152 _____ C:\Users\James Dean\Downloads\losslessalbum.net__VA-Bravo_Hits_82-2013.part1.rar
2013-10-18 20:21 - 2008-12-22 18:19 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-10-18 19:24 - 2013-10-18 19:22 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-18 19:24 - 2013-10-18 19:20 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 19:22 - 2013-10-18 19:22 - 00002720 _____ C:\Windows\System32\Tasks\OptimizerPro-S-480333868
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-10-18 15:45 - 2013-10-18 14:06 - 304508559 _____ C:\Users\James Dean\Downloads\Bravo_Hits_Vol.802013.rar
2013-10-18 14:27 - 2010-11-08 00:13 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\DVDVideoSoft
2013-10-18 14:27 - 2009-02-01 20:47 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-10-18 10:45 - 2009-02-15 21:31 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-18 10:40 - 2011-03-24 23:34 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\HpUpdate
2013-10-17 23:18 - 2013-10-17 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 09:25 - 2008-12-27 21:11 - 00000021 _____ C:\ProgramData\hpqp.txt
2013-10-16 09:24 - 2013-03-10 15:04 - 00004014 _____ C:\Windows\setupact.log
2013-10-16 09:24 - 2008-12-22 15:01 - 00174592 _____ C:\Users\James Dean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-12 14:55 - 2013-07-08 19:01 - 00002621 _____ C:\Users\James Dean\Desktop\Microsoft Office Word 2003.lnk
2013-10-12 12:07 - 2011-08-30 10:01 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Skype
2013-10-12 01:42 - 2009-09-07 22:46 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 01:42 - 2009-09-07 22:46 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 18:25 - 2011-08-30 10:01 - 00000000 ____D C:\ProgramData\Skype
2013-10-10 14:47 - 2013-05-29 00:32 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 14:47 - 2013-04-05 17:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 14:47 - 2013-04-05 17:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 15:46 - 2006-11-02 17:21 - 00299464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 15:45 - 2009-05-29 08:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 15:13 - 2006-11-02 14:34 - 00000305 _____ C:\Windows\win.ini
2013-10-09 15:02 - 2011-03-31 00:39 - 01540150 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 14:52 - 2013-07-19 16:21 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 14:48 - 2006-11-02 14:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 14:24 - 2013-10-09 14:03 - 149290982 _____ C:\Users\James Dean\Documents\Startseite - ZDF Mediathek.flv
2013-10-08 12:45 - 2013-03-02 18:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-08 07:51 - 2012-06-17 20:44 - 00873384 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-10-08 07:51 - 2010-04-19 00:11 - 00796072 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-08 07:50 - 2013-10-20 14:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-20 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-20 14:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-20 14:44 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-07 12:04 - 2013-07-30 01:35 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:04 - 2013-07-30 01:35 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:04 - 2013-07-30 01:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-05 23:48 - 2013-08-26 01:20 - 00002649 _____ C:\Users\James Dean\Desktop\Microsoft Office Excel 2003.lnk
2013-09-23 12:46 - 2012-04-27 00:53 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-09-22 17:43 - 2013-10-09 14:47 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-09-22 17:01 - 2013-10-09 14:47 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-09-22 16:42 - 2013-10-09 14:47 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-09-22 16:36 - 2013-10-09 14:47 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-09-22 16:33 - 2013-10-09 14:47 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-09-22 16:33 - 2013-10-09 14:47 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-09-22 16:30 - 2013-10-09 14:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-09-22 16:27 - 2013-10-09 14:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-09-22 16:23 - 2013-10-09 14:47 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-09-22 16:22 - 2013-10-09 14:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-09-22 16:21 - 2013-10-09 14:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-09-22 16:19 - 2013-10-09 14:47 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-09-22 16:19 - 2013-10-09 14:47 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-09-22 16:16 - 2013-10-09 14:47 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-09-22 16:15 - 2013-10-09 14:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-09-22 16:07 - 2013-10-09 14:47 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-09-22 12:29 - 2013-10-09 14:47 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-09-22 12:22 - 2013-10-09 14:47 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-09-22 12:22 - 2013-10-09 14:47 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-09-22 12:14 - 2013-10-09 14:47 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-09-22 12:13 - 2013-10-09 14:47 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-09-22 12:13 - 2013-10-09 14:47 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-09-22 12:12 - 2013-10-09 14:47 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-09-22 12:09 - 2013-10-09 14:47 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-09-22 12:08 - 2013-10-09 14:47 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-09-22 12:07 - 2013-10-09 14:47 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-09-22 12:06 - 2013-10-09 14:47 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-09-22 12:05 - 2013-10-09 14:47 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-09-22 12:03 - 2013-10-09 14:47 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-09-22 12:03 - 2013-10-09 14:47 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-09-22 12:03 - 2013-10-09 14:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-09-22 11:59 - 2013-10-09 14:47 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
Files to move or delete:
====================
C:\Users\James Dean\AppData\Roaming\CamLayout.ini
C:\Users\James Dean\AppData\Roaming\CamShapes.ini
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
Some content of TEMP:
====================
C:\Users\James Dean\AppData\Local\Temp\avgnt.exe
C:\Users\James Dean\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-21 23:52
==================== End Of Log ============================
--- --- --- Bis zum Abschluß des gesamten Prozederes bleibt mir nur ein Herzliches Dankeschön  |
|
22.10.2013, 13:41
| #6 |
| /// the machine /// TB-Ausbilder | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet |
|
24.10.2013, 06:54
| #7 | ||
| | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet ESET berichtet: Zitat:
 Zitat:
[QUOTE=FRST Log] FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by James Dean (administrator) on JAMESDEAN-PC on 24-10-2013 07:46:20
Running from C:\Users\James Dean\Downloads
Windows Vista (TM) Home Premium Service Pack 2 (X64) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe
(Microsoft Corporation) C:\Windows\system32\SLsvc.exe
(Hewlett-Packard Company) C:\Windows\system32\Hpservice.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
(Spotify Ltd) C:\Users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(CyberLink Corp.) C:\Program Files (x86)\HP\QuickPlay\QPService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe
() C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe
() C:\Windows\SMINST\BLService.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
() C:\Program Files (x86)\Hewlett-Packard\Shared\hpqToaster.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
(Microsoft Corporation) C:\Windows\SysWOW64\conime.exe
(Microsoft Corporation) C:\Windows\system32\sdclt.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_117.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Windows Mail\WinMail.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [OnScreenDisplay] - C:\Program Files\Hewlett-Packard\HP QuickTouch\HPKBDAPP.exe [685568 2008-01-23] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [Windows Mobile-based device management] - C:\Windows\WindowsMobile\wmdSync.exe [225792 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] - RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [450048 2009-07-21] (IDT, Inc.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKCU\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-21] (Microsoft Corporation)
HKCU\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKCU\...\Run: [Spotify Web Helper] - C:\Users\James Dean\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1140736 2013-10-16] (Spotify Ltd)
HKCU\...\Run: [Spotify] - C:\Users\James Dean\AppData\Roaming\Spotify\Spotify.exe [4752384 2013-10-16] (Spotify Ltd)
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
HKLM-x32\...\Run: [UCam_Menu] - C:\Program Files (x86)\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [222504 2007-12-24] (CyberLink Corp.)
HKLM-x32\...\Run: [QPService] - C:\Program Files (x86)\HP\QuickPlay\QPService.exe [468264 2008-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [QlbCtrl.exe] - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [323640 2009-11-24] ( Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [WirelessAssistant] - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [498744 2009-07-23] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-01-12] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\Reader_sl.exe [40368 2011-08-31] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [937920 2011-03-29] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2010-02-15] (Apple Inc.)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [681032 2013-10-07] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\dean\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [HPADVISOR] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1689144 2010-06-30] (Hewlett-Packard)
HKU\elephant\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Jimmy Dean\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Jimmy Dean\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2011-03-04] (Hewlett-Packard Company)
HKU\postgres\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
Startup: C:\Users\James Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Windows Mail.lnk
ShortcutTarget: Windows Mail.lnk -> C:\Program Files\Windows Mail\WinMail.exe (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=de_de&c=83&bd=Pavilion&pf=cnnb
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKLM - {67155C91-2696-4DBB-BC56-0EDA1AA38304} URL = hxxp://de.kelkoopartners.net/ctl/do/search?siteSearchQuery={searchTerms}&fromform=true&x=true&y=true&partner=hp&partnerId=96913933
SearchScopes: HKLM - {DDF02204-49F2-4F36-869F-00E875485BD5} URL = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=1145&query={searchTerms}&invocationType=tb50hpcnnbie7-de-de
SearchScopes: HKCU - DefaultScope {DDF02204-49F2-4F36-869F-00E875485BD5} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {DC3C3673-8F41-4FEA-A069-90FFCE283DBD} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=302398&p={searchTerms}
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Download Manager Browser Helper Object - {19C8E43B-07B3-49CB-BFFC-6777B593E6F8} - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\XEBDLHelper.dll (Protect Software GmbH)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - No File
Handler-x32: fluxhttp\0x00000007 - {8E2D00A0-82C6-4821-90BC-07F290841BB6} - C:\Program Files (x86)\Common Files\fluxDVD\Lib\XEB\xebnavigation.ax ()
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - No File
ShellExecuteHooks-x32: EasyBits ShellExecute Hook - {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWow64\EZUPBH~1.DLL [49152 2008-12-22] (EasyBits Software Corp.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF DefaultSearchEngine: LEO Eng-Deu
FF Homepage: dbdt.at
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin-x32: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin-x32: @fluxdvd.com/NPAPIX - C:\Program Files (x86)\Common Files\fluxDVD\APIX\NPAPIX.dll ()
FF Plugin-x32: @fluxdvd.com/NPFluxBrowserHelper - C:\Program Files (x86)\Common Files\fluxDVD\BrowserIntegration\NPFluxBrowserHelper.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @nullsoft.com/winampDetector;version=1 - C:\Program Files (x86)\Winamp Detect\npwachk.dll (Nullsoft, Inc.)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.1851.5542\npCIDetect14.dll (Google)
FF Plugin-x32: @protectdisc.com/NPMPDRM - C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ()
FF Plugin-x32: @protectdisc.com/NPWMDRMWrapper - C:\Program Files (x86)\Common Files\mpDRM\NPWMDRMWrapper.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\James Dean\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe}
FF Extension: Microsoft .NET Framework Assistant - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: NoScript - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(131)
FF Extension: NoScript - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}(84)
FF Extension: DownloadHelper - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF Extension: CSHelper - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{d91a2be6-3b56-4dfb-97f5-5e48fe3ed473}
FF Extension: personas - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\personas@christopher.beard.xpi
FF Extension: No Name - C:\Users\James Dean\AppData\Roaming\Mozilla\Firefox\Profiles\dhbms57z.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
FF HKLM-x32\...\Firefox\Extensions: [{400F0BDB-6C49-43A4-BE1F-76D7327A604D}] - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla
FF Extension: fluxDVD Download Manager - C:\Program Files (x86)\Common Files\fluxDVD\Download Manager\Mozilla
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
Chrome:
=======
Error reading preferences. Please check "preferences" file for possible corruption. <======= ATTENTION
CHR Extension: (YouTube) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Gmail) - C:\Users\JAMESD~1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\AESTSr64.exe [89600 2009-03-02] (Andrea Electronics Corporation)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440392 2013-10-07] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [1164360 2013-10-07] (Avira Operations GmbH & Co. KG)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2006-11-02] (Microsoft Corporation)
S2 gupdate1ca2ffa2a389080; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-09-07] (Google Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2009-04-11] (Microsoft Corporation)
R2 QPCapSvc; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPCapSvc.exe [292216 2008-06-25] ()
R2 QPSched; C:\Program Files (x86)\HP\QuickPlay\Kernel\TV\QPSched.exe [116080 2008-06-25] ()
R2 Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [361808 2008-04-26] ()
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_58be29c0\STacSV64.exe [240128 2009-07-21] (IDT, Inc.)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [441344 2009-04-11] (Microsoft Corporation)
S2 ezSharedSvc; C:\Windows\System32\ezsvc7.dll [x]
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [105856 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-10-07] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-10-07] (Avira Operations GmbH & Co. KG)
S1 Beep; No ImagePath
S3 cmnsusbser; C:\Windows\System32\DRIVERS\cmnsusbser.sys [117888 2010-09-27] (Mobile Connector)
S3 NVENETFD; C:\Windows\System32\DRIVERS\nvm60x64.sys [742696 2006-10-10] (NVIDIA Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [867824 2010-03-14] (Duplex Secure Ltd.)
S3 StarOpen; No ImagePath
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
U4 eabfiltr;
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-10-24 07:45 - 2013-10-24 07:45 - 01955412 _____ (Farbar) C:\Users\James Dean\Downloads\FRST64.exe
2013-10-24 07:41 - 2013-10-24 07:41 - 00891167 _____ C:\Users\James Dean\Desktop\SecurityCheck.exe
2013-10-23 10:09 - 2013-10-23 10:10 - 00058189 _____ C:\Users\James
2013-10-23 09:23 - 2013-10-23 09:24 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\FreeVideoCatcher
2013-10-23 09:17 - 2013-10-23 09:17 - 00400744 _____ (Softonic ) C:\Users\James Dean\Downloads\SoftonicDownloader_fuer_free-media-catcher.exe
2013-10-23 07:46 - 2013-10-23 07:46 - 02347384 _____ (ESET) C:\Users\James Dean\Downloads\esetsmartinstaller_enu.exe
2013-10-22 00:06 - 2013-10-22 00:06 - 00049191 _____ C:\Users\James Dean\Desktop\FRST20131022.txt
2013-10-22 00:00 - 2013-10-22 00:00 - 00002170 _____ C:\Users\James Dean\Desktop\JRT20131022.txt
2013-10-21 23:59 - 2013-10-21 23:59 - 00002170 _____ C:\Users\James Dean\Desktop\JRT.txt
2013-10-21 23:52 - 2013-10-21 23:52 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 23:51 - 2013-10-21 23:51 - 01033335 _____ (Thisisu) C:\Users\James Dean\Desktop\JRT.exe
2013-10-21 23:46 - 2013-10-21 23:46 - 00021075 _____ C:\Users\James Dean\Desktop\AdwCleaner[S0].txt
2013-10-21 23:35 - 2013-10-21 23:42 - 00000000 ____D C:\AdwCleaner
2013-10-21 23:33 - 2013-10-21 23:33 - 01060070 _____ C:\Users\James Dean\Downloads\adwcleaner.exe
2013-10-21 22:46 - 2013-10-21 22:46 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 22:45 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-10-21 22:37 - 2013-10-21 22:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-21 00:57 - 2013-10-21 00:57 - 00019215 _____ C:\Users\James Dean\Desktop\ComboFix II.txt
2013-10-21 00:55 - 2013-10-21 00:55 - 00019215 _____ C:\ComboFix.txt
2013-10-21 00:20 - 2013-10-21 00:20 - 00024195 _____ C:\Users\James Dean\Desktop\Combofix.txt
2013-10-21 00:01 - 2013-10-21 00:01 - 00029876 _____ C:\Users\James Dean\Desktop\Addition.txt
2013-10-21 00:01 - 2013-10-21 00:01 - 00005662 _____ C:\Users\James Dean\Desktop\GMER.txt
2013-10-21 00:00 - 2013-10-21 00:00 - 00052020 _____ C:\Users\James Dean\Desktop\FRST.txt
2013-10-20 23:58 - 2013-10-21 00:55 - 00000000 ____D C:\Qoobox
2013-10-20 23:58 - 2011-06-26 08:45 - 00256000 _____ C:\Windows\PEV.exe
2013-10-20 23:58 - 2010-11-07 19:20 - 00208896 _____ C:\Windows\MBR.exe
2013-10-20 23:58 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00098816 _____ C:\Windows\sed.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00080412 _____ C:\Windows\grep.exe
2013-10-20 23:58 - 2000-08-31 02:00 - 00068096 _____ C:\Windows\zip.exe
2013-10-20 23:57 - 2013-10-21 00:17 - 00000000 ____D C:\Windows\erdnt
2013-10-20 23:56 - 2013-10-20 23:56 - 05135479 ____R (Swearware) C:\Users\James Dean\Desktop\ComboFix.exe
2013-10-20 14:59 - 2013-10-20 14:59 - 00377856 _____ C:\Users\James Dean\Downloads\gmer_2.1.19163.exe
2013-10-20 14:54 - 2013-10-20 14:56 - 00029876 _____ C:\Users\James Dean\Downloads\Addition.txt
2013-10-20 14:52 - 2013-10-20 14:52 - 00000000 ____D C:\FRST
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 14:45 - 2013-10-08 07:46 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-20 14:44 - 2013-10-08 07:50 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-20 14:44 - 2013-10-08 07:46 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-20 14:44 - 2013-10-08 07:46 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-20 14:41 - 2013-10-20 14:44 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000592 _____ C:\Users\James Dean\Downloads\defogger_disable.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000020 _____ C:\Users\James Dean\defogger_reenable
2013-10-20 14:27 - 2013-10-20 14:27 - 00050477 _____ C:\Users\James Dean\Downloads\Defogger.exe
2013-10-20 14:17 - 2013-10-20 14:18 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-18 19:55 - 2013-10-18 21:22 - 264241152 _____ C:\Users\James Dean\Downloads\losslessalbum.net__VA-Bravo_Hits_82-2013.part1.rar
2013-10-18 19:22 - 2013-10-21 23:55 - 00000474 ____H C:\Windows\Tasks\OptimizerPro-S-480333868.job
2013-10-18 19:22 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-18 19:22 - 2013-10-18 19:22 - 00002720 _____ C:\Windows\System32\Tasks\OptimizerPro-S-480333868
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-10-18 19:20 - 2013-10-18 19:24 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 14:06 - 2013-10-18 15:45 - 304508559 _____ C:\Users\James Dean\Downloads\Bravo_Hits_Vol.802013.rar
2013-10-17 23:18 - 2013-10-17 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-09 14:47 - 2013-09-22 17:43 - 17833984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-09 14:47 - 2013-09-22 17:01 - 10926080 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-09 14:47 - 2013-09-22 16:42 - 02312704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-09 14:47 - 2013-09-22 16:36 - 01346560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-09 14:47 - 2013-09-22 16:33 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-10-09 14:47 - 2013-09-22 16:33 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-09 14:47 - 2013-09-22 16:30 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-10-09 14:47 - 2013-09-22 16:27 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-09 14:47 - 2013-09-22 16:23 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-10-09 14:47 - 2013-09-22 16:22 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-09 14:47 - 2013-09-22 16:21 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-10-09 14:47 - 2013-09-22 16:19 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-09 14:47 - 2013-09-22 16:19 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-09 14:47 - 2013-09-22 16:16 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-10-09 14:47 - 2013-09-22 16:15 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-09 14:47 - 2013-09-22 16:07 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-09 14:47 - 2013-09-22 12:29 - 12336128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-09 14:47 - 2013-09-22 12:22 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-09 14:47 - 2013-09-22 12:22 - 01800704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-09 14:47 - 2013-09-22 12:14 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-10-09 14:47 - 2013-09-22 12:13 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-09 14:47 - 2013-09-22 12:13 - 01104896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-09 14:47 - 2013-09-22 12:12 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-10-09 14:47 - 2013-09-22 12:09 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-09 14:47 - 2013-09-22 12:08 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-10-09 14:47 - 2013-09-22 12:07 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-09 14:47 - 2013-09-22 12:06 - 00420864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-10-09 14:47 - 2013-09-22 12:05 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-09 14:47 - 2013-09-22 12:03 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-09 14:47 - 2013-09-22 12:03 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-09 14:47 - 2013-09-22 12:03 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-10-09 14:47 - 2013-09-22 11:59 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-09 14:41 - 2013-08-29 09:48 - 02775552 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 14:41 - 2013-08-27 05:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-10-09 14:41 - 2013-08-27 05:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-10-09 14:41 - 2013-08-27 04:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-10-09 14:41 - 2013-08-27 04:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-10-09 14:41 - 2013-08-27 04:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-10-09 14:41 - 2013-08-27 04:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-10-09 14:41 - 2013-08-27 04:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-10-09 14:41 - 2013-08-27 04:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-10-09 14:41 - 2013-08-27 03:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-10-09 14:41 - 2013-08-27 03:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-10-09 14:41 - 2013-08-27 03:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-10-09 14:41 - 2013-08-27 03:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-10-09 14:41 - 2013-08-01 06:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 14:41 - 2013-08-01 05:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-10-09 14:41 - 2013-07-20 12:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:41 - 2013-07-20 12:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 14:41 - 2013-07-12 11:19 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 14:41 - 2013-07-04 06:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 14:41 - 2013-07-04 06:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 14:41 - 2013-07-03 04:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 14:41 - 2013-07-03 04:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 14:41 - 2013-06-27 01:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 14:41 - 2013-06-04 06:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 14:41 - 2013-06-04 06:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 14:41 - 2013-06-04 04:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 14:41 - 2013-06-04 03:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 14:39 - 2013-06-29 04:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-10-09 14:39 - 2013-06-29 04:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-10-09 14:39 - 2011-05-05 16:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-10-09 14:39 - 2011-05-05 16:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-10-09 14:03 - 2013-10-09 14:24 - 149290982 _____ C:\Users\James Dean\Documents\Startseite - ZDF Mediathek.flv
==================== One Month Modified Files and Folders =======
2013-10-24 07:45 - 2013-10-24 07:45 - 01955412 _____ (Farbar) C:\Users\James Dean\Downloads\FRST64.exe
2013-10-24 07:45 - 2013-05-29 00:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-10-24 07:44 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-24 07:44 - 2006-11-02 17:22 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-24 07:41 - 2013-10-24 07:41 - 00891167 _____ C:\Users\James Dean\Desktop\SecurityCheck.exe
2013-10-24 06:47 - 2009-09-07 22:46 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-10-24 01:47 - 2009-09-07 22:46 - 00001106 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-10-23 23:32 - 2008-12-05 08:47 - 01978608 _____ C:\Windows\WindowsUpdate.log
2013-10-23 10:10 - 2013-10-23 10:09 - 00058189 _____ C:\Users\James
2013-10-23 10:10 - 2010-11-08 00:13 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\DVDVideoSoft
2013-10-23 09:24 - 2013-10-23 09:23 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\FreeVideoCatcher
2013-10-23 09:17 - 2013-10-23 09:17 - 00400744 _____ (Softonic ) C:\Users\James Dean\Downloads\SoftonicDownloader_fuer_free-media-catcher.exe
2013-10-23 08:38 - 2009-06-26 12:40 - 00000000 ____D C:\Users\James Dean\Babe
2013-10-23 07:46 - 2013-10-23 07:46 - 02347384 _____ (ESET) C:\Users\James Dean\Downloads\esetsmartinstaller_enu.exe
2013-10-22 22:41 - 2008-12-22 18:19 - 00000000 ____D C:\Users\James Dean\AppData\Local\PokerStars.EU
2013-10-22 12:04 - 2013-07-08 19:01 - 00002621 _____ C:\Users\James Dean\Desktop\Microsoft Office Word 2003.lnk
2013-10-22 00:06 - 2013-10-22 00:06 - 00049191 _____ C:\Users\James Dean\Desktop\FRST20131022.txt
2013-10-22 00:00 - 2013-10-22 00:00 - 00002170 _____ C:\Users\James Dean\Desktop\JRT20131022.txt
2013-10-21 23:59 - 2013-10-21 23:59 - 00002170 _____ C:\Users\James Dean\Desktop\JRT.txt
2013-10-21 23:55 - 2013-10-18 19:22 - 00000474 ____H C:\Windows\Tasks\OptimizerPro-S-480333868.job
2013-10-21 23:52 - 2013-10-21 23:52 - 00000000 ____D C:\Windows\ERUNT
2013-10-21 23:51 - 2013-10-21 23:51 - 01033335 _____ (Thisisu) C:\Users\James Dean\Desktop\JRT.exe
2013-10-21 23:47 - 2012-07-31 23:00 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Spotify
2013-10-21 23:46 - 2013-10-21 23:46 - 00021075 _____ C:\Users\James Dean\Desktop\AdwCleaner[S0].txt
2013-10-21 23:45 - 2008-12-22 14:44 - 00073674 _____ C:\ProgramData\nvModes.001
2013-10-21 23:45 - 2008-12-22 14:42 - 00073674 _____ C:\ProgramData\nvModes.dat
2013-10-21 23:44 - 2006-11-02 17:42 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-10-21 23:43 - 2008-07-31 08:37 - 00004268 _____ C:\Windows\bthservsdp.dat
2013-10-21 23:43 - 2006-11-02 17:42 - 00032628 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-21 23:42 - 2013-10-21 23:35 - 00000000 ____D C:\AdwCleaner
2013-10-21 23:33 - 2013-10-21 23:33 - 01060070 _____ C:\Users\James Dean\Downloads\adwcleaner.exe
2013-10-21 23:31 - 2012-07-31 23:01 - 00000000 ____D C:\Users\James Dean\AppData\Local\Spotify
2013-10-21 23:26 - 2008-01-21 05:26 - 00247204 _____ C:\Windows\PFRO.log
2013-10-21 22:46 - 2013-10-21 22:46 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000910 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-10-21 22:45 - 2013-10-21 22:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-10-21 22:37 - 2013-10-21 22:37 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300(1).exe
2013-10-21 00:57 - 2013-10-21 00:57 - 00019215 _____ C:\Users\James Dean\Desktop\ComboFix II.txt
2013-10-21 00:55 - 2013-10-21 00:55 - 00019215 _____ C:\ComboFix.txt
2013-10-21 00:55 - 2013-10-20 23:58 - 00000000 ____D C:\Qoobox
2013-10-21 00:53 - 2006-11-02 14:34 - 00000215 _____ C:\Windows\system.ini
2013-10-21 00:20 - 2013-10-21 00:20 - 00024195 _____ C:\Users\James Dean\Desktop\Combofix.txt
2013-10-21 00:18 - 2012-10-24 17:18 - 00000000 ____D C:\Users\James_Dean
2013-10-21 00:18 - 2006-11-02 15:33 - 00000000 __RHD C:\Users\Default
2013-10-21 00:17 - 2013-10-20 23:57 - 00000000 ____D C:\Windows\erdnt
2013-10-21 00:01 - 2013-10-21 00:01 - 00029876 _____ C:\Users\James Dean\Desktop\Addition.txt
2013-10-21 00:01 - 2013-10-21 00:01 - 00005662 _____ C:\Users\James Dean\Desktop\GMER.txt
2013-10-21 00:00 - 2013-10-21 00:00 - 00052020 _____ C:\Users\James Dean\Desktop\FRST.txt
2013-10-20 23:56 - 2013-10-20 23:56 - 05135479 ____R (Swearware) C:\Users\James Dean\Desktop\ComboFix.exe
2013-10-20 14:59 - 2013-10-20 14:59 - 00377856 _____ C:\Users\James Dean\Downloads\gmer_2.1.19163.exe
2013-10-20 14:56 - 2013-10-20 14:54 - 00029876 _____ C:\Users\James Dean\Downloads\Addition.txt
2013-10-20 14:52 - 2013-10-20 14:52 - 00000000 ____D C:\FRST
2013-10-20 14:50 - 2013-10-20 14:50 - 00000000 ____D C:\ProgramData\Oracle
2013-10-20 14:44 - 2013-10-20 14:41 - 00004886 _____ C:\Windows\SysWOW64\jupdate-1.7.0_45-b18.log
2013-10-20 14:44 - 2008-07-31 10:35 - 00000000 ____D C:\Program Files (x86)\Java
2013-10-20 14:29 - 2013-10-20 14:29 - 00000592 _____ C:\Users\James Dean\Downloads\defogger_disable.log
2013-10-20 14:29 - 2013-10-20 14:29 - 00000020 _____ C:\Users\James Dean\defogger_reenable
2013-10-20 14:29 - 2008-12-22 14:41 - 00000000 ____D C:\Users\James Dean
2013-10-20 14:27 - 2013-10-20 14:27 - 00050477 _____ C:\Users\James Dean\Downloads\Defogger.exe
2013-10-20 14:18 - 2013-10-20 14:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\James Dean\Downloads\mbam-setup-1.75.0.1300.exe
2013-10-19 17:43 - 2008-07-31 18:17 - 00671674 _____ C:\Windows\system32\perfh007.dat
2013-10-19 17:43 - 2008-07-31 18:17 - 00144810 _____ C:\Windows\system32\perfc007.dat
2013-10-19 17:43 - 2006-11-02 14:46 - 01560144 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-19 00:23 - 2009-02-01 20:48 - 00000000 ____D C:\Users\James Dean\Documents\DVDVideoSoft
2013-10-18 21:22 - 2013-10-18 19:55 - 264241152 _____ C:\Users\James Dean\Downloads\losslessalbum.net__VA-Bravo_Hits_82-2013.part1.rar
2013-10-18 20:21 - 2008-12-22 18:19 - 00000000 ____D C:\Program Files (x86)\PokerStars
2013-10-18 19:24 - 2013-10-18 19:22 - 00000000 ____D C:\ProgramData\SummerSoft
2013-10-18 19:24 - 2013-10-18 19:20 - 00000000 ____D C:\ProgramData\InstallMate
2013-10-18 19:22 - 2013-10-18 19:22 - 00002720 _____ C:\Windows\System32\Tasks\OptimizerPro-S-480333868
2013-10-18 19:22 - 2013-10-18 19:22 - 00000000 ____D C:\Program Files (x86)\Ss.Helper
2013-10-18 15:45 - 2013-10-18 14:06 - 304508559 _____ C:\Users\James Dean\Downloads\Bravo_Hits_Vol.802013.rar
2013-10-18 10:45 - 2009-02-15 21:31 - 00000052 _____ C:\Windows\SysWOW64\DOErrors.log
2013-10-18 10:40 - 2011-03-24 23:34 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\HpUpdate
2013-10-17 23:18 - 2013-10-17 23:18 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 09:25 - 2008-12-27 21:11 - 00000021 _____ C:\ProgramData\hpqp.txt
2013-10-16 09:24 - 2013-03-10 15:04 - 00004014 _____ C:\Windows\setupact.log
2013-10-16 09:24 - 2008-12-22 15:01 - 00174592 _____ C:\Users\James Dean\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2013-10-12 12:07 - 2011-08-30 10:01 - 00000000 ____D C:\Users\James Dean\AppData\Roaming\Skype
2013-10-12 01:42 - 2009-09-07 22:46 - 00004106 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-12 01:42 - 2009-09-07 22:46 - 00003854 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-10 18:25 - 2011-08-30 10:01 - 00000000 ____D C:\ProgramData\Skype
2013-10-10 14:47 - 2013-05-29 00:32 - 00003736 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-10-10 14:47 - 2013-04-05 17:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-10 14:47 - 2013-04-05 17:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-09 15:46 - 2006-11-02 17:21 - 00299464 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-09 15:45 - 2009-05-29 08:29 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-09 15:13 - 2006-11-02 14:34 - 00000305 _____ C:\Windows\win.ini
2013-10-09 15:02 - 2011-03-31 00:39 - 01540150 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-10-09 14:52 - 2013-07-19 16:21 - 00000000 ____D C:\Windows\system32\MRT
2013-10-09 14:48 - 2006-11-02 14:35 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2013-10-09 14:24 - 2013-10-09 14:03 - 149290982 _____ C:\Users\James Dean\Documents\Startseite - ZDF Mediathek.flv
2013-10-08 12:45 - 2013-03-02 18:10 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-10-08 07:51 - 2012-06-17 20:44 - 00873384 _____ (Oracle Corporation) C:\Windows\SysWOW64\npdeployJava1.dll
2013-10-08 07:51 - 2010-04-19 00:11 - 00796072 _____ (Oracle Corporation) C:\Windows\SysWOW64\deployJava1.dll
2013-10-08 07:50 - 2013-10-20 14:44 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-10-08 07:46 - 2013-10-20 14:45 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-10-08 07:46 - 2013-10-20 14:44 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-10-08 07:46 - 2013-10-20 14:44 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-10-07 12:04 - 2013-07-30 01:35 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-10-07 12:04 - 2013-07-30 01:35 - 00105856 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-10-07 12:04 - 2013-07-30 01:35 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-10-05 23:48 - 2013-08-26 01:20 - 00002649 _____ C:\Users\James Dean\Desktop\Microsoft Office Excel 2003.lnk
Files to move or delete:
====================
C:\Users\James Dean\AppData\Roaming\CamLayout.ini
C:\Users\James Dean\AppData\Roaming\CamShapes.ini
C:\ProgramData\DVD.exe
C:\ProgramData\Games.exe
C:\ProgramData\Karaoke.exe
C:\ProgramData\MobileTV.exe
C:\ProgramData\MPV.exe
Some content of TEMP:
====================
C:\Users\James Dean\AppData\Local\Temp\avgnt.exe
C:\Users\James Dean\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-10-24 00:31
==================== End Of Log ============================
--- --- --- Probleme keine mehr. Zudem ein gutes (und sichereres) Gefühl Dank Trojaner Board. Interessehalber. - War es denn schlimm was mein Laptop hatte? - Sind wir durch? - Welche AntiViren Software empfiehlt ihr?  |
|
24.10.2013, 11:36
| #8 |
| /// the machine /// TB-Ausbilder | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Adware und Kram. Ich empfehle immer Emsisoft. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\ProgramData\SummerSoft\OptimizerPro
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.10.2013, 13:41
| #9 |
| | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Hallo schrauber, mein System scheint wieder absolut rein zu sein. Deine Tipps und Empfehlungen werde ich mir gerne zu Herzen zu nehmen. SpywareBlaster und Malewarebytes werden von nun an stets auf meinem System zu finden sein. Ein großer Fehler war vermutlich, dass ich die automatischen Updates von Windows nicht erlaubte. Immer wieder war die Rede davon, dass manche Updates noch mehr Lücken reißen. Daher sah ich immer einige Zeit darüber hinweg. SpywareBlaster erstellt Gott-sei-Dank auch SnapShots von meinem System, denn das geschieht schon seit Ewigkeiten nicht mehr. Auch diese Fehlermeldung habe ich bisher bewusst ignoriert gehabt (in dem Sinne "funktioniert ja eh alles") Deine (Eure) Hilfe ist im Grunde unbezahlbar, Vielen Dank dafür. Die vergangenen Tage habe ich erst ein Bild davon bekommen, wie vielen hier geholfen wird, mehrere Hunderte Nutzer im "Log- Analyse und Auswertung Thread sind die Normalität. Und, jeder sollte geben was er kann. Den entsprechenden Link dazu habe ich bereits entdeckt. Ich wünsche euch dass dies sehr viele machen, auch wenn es nur eine Kleinigkeit ist. Der Fortbestand des Trojaner Boards und die kompetente Hilfe hätten noch lange Bestand. Vielen Dank nochmal, ein schönes Wochenende, beste Grüße aus Passau |
|
26.10.2013, 18:36
| #10 |
| /// the machine /// TB-Ausbilder | Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Avira meldet diverse Trojaner - Anleitung für Hifesuchende gelesen/beachtet |
| antivir, avira, browser, device driver, dvdvideosoft ltd., farbar, farbar recovery scan tool, fehler, flash player, html/hoax.agent.h.gen, iexplore.exe, launch, livesupport, newtab, object, optimizerpro, pdfforge toolbar, plug-in, pup.loadtubes, pup.optional.opencandy, pup.optional.optimzerpro.a, pup.optional.softonic.a, pup.optional.sprotector.a, pup.optional.sweetim.a, pup.optional.tarma.a, pup.optional.websearch.a, pup.vshareredir, richtlinie, spotify web helper, system, trojaner board, win32/adware.multiplug.h, win32/startpage.opm, windows xp |
Linear-Darstellung
