| |
| |||||||
Log-Analyse und Auswertung: Trojaner yelp helperbarWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
20.01.2014, 20:00
| #1 |
 |  Trojaner yelp helperbar Hi zusammen, der Titel trifft eigentlich schon das Kernthema: Mein PC ist extrem langsam und seit neuestem kommt auf der Startseite von Firefox diese komische Helperbar. Der Rechner braucht ungewöhnlich lange um zu booten und Firefox friert auch häufig ein. Hier die Logfiles zu meinem Rechner: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 18:55 on 20/01/2014 (FAME)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by FAME (administrator) on FAME-PC on 20-01-2014 19:02:59
Running from C:\Users\FAME\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
() C:\Program Files\Common Files\makeupdate\makeupdate.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(KARPOLAN) C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\FAME\AppData\Roaming\TorrentStream\engine\tsengine.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
() C:\Users\FAME\AppData\Roaming\TorrentStream\updater\tsupdate.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7862816 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13797992 2009-09-01] (NVIDIA Corporation)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk [1270 2011-03-23] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1618488 2013-10-24] (Bitdefender)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [TouchpadBlocker.exe] - C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe [968704 2010-09-09] (KARPOLAN)
HKCU\...\Run: [Google Update] - C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-08] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-12] (Google Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [TorrentStream] - C:\Users\FAME\AppData\Roaming\TorrentStream\engine\tsengine.exe [27904 2013-11-08] ()
MountPoints2: {03449298-4dc0-11e0-ba4c-00030dc316f7} - F:\LaunchU3.exe
MountPoints2: {0da85e8e-e7f4-11e1-8b45-00030dc316f7} - F:\Startme.exe
MountPoints2: {2023916e-57d4-11e0-b9f2-00030dc316f7} - F:\Startme.exe
MountPoints2: {54a8bc0b-01c7-11e2-8b77-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {add11a25-01e0-11e2-8b40-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {e427eee8-c392-11e2-83fa-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {f6fdca3c-b7bf-11e2-8323-00030dc316f7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
MountPoints2: {fb1553ec-f3b3-11e1-8b3f-00030dc316f7} - F:\Startme.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=hp&fr=linkury-tb&installDate=08/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4BE26D9A0188CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
SearchScopes: HKCU - DefaultScope {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503
FF NewTab: about:blank
FF DefaultSearchEngine: Web Search
FF SelectedSearchEngine: Web Search
FF Homepage: hxxp://www.google.de/
FF Keyword.URL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&fr=linkury-tb&installDate=08/01/2014&type=hp1000&p=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\FAME\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\FAME\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.7.1 - C:\Users\FAME\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-14]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-27]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-14]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-01-28]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-10-27]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=hp&fr=linkury-tb&installDate=08/01/2014&type=hp1000
CHR DefaultSearchKeyword: search.yahoo.com
CHR DefaultSearchProvider: Web
CHR DefaultSearchURL: hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (New Tab Page) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2014-01-08]
CHR Extension: (GrooveShark JukeBox) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmfagolojoigoigjcadgnpcbnlcofa [2013-11-11]
CHR Extension: (YouTube) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2013-03-26]
CHR Extension: (Adblock Plus) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-26]
CHR Extension: (Full Screen Weather) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-03-26]
CHR Extension: (Google Play Music) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-11-11]
CHR Extension: (Jok) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlggbomchamnjfdhemokemmgdfhpooo [2013-11-11]
CHR Extension: (Google Play) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-11-11]
CHR Extension: (Harley) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecibcfohcfpfodcfkookegngniglohk [2013-07-17]
CHR Extension: (Free Kick) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfnhkningpdichadhkccomfjgkbgkknm [2013-11-10]
CHR Extension: (Google Mail-Checker) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-03-26]
CHR Extension: (DVDVideoSoft) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (TS Magic Player) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg [2013-10-29]
CHR Extension: (TV Germany - TV Duitsland Fernsehen) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeikdijhnfihaklejncbiaciicpenhak [2013-11-11]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-08]
CHR HKCU\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx [2013-10-27]
CHR StartMenuInternet: Google Chrome - C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-10-24] (Bitdefender)
R2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 makeupdate; C:\Program Files\Common Files\makeupdate\makeupdate.exe [79360 2011-12-13] ()
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-10-24] (Bitdefender)
==================== Drivers (Whitelisted) ====================
S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-04-29] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-10-24] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-10-24] (BitDefender LLC)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-24] (BitDefender LLC)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2013-04-26] (Research in Motion Limited)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 StarOpen; No ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 19:02 - 2014-01-20 19:03 - 00026929 _____ C:\Users\FAME\Desktop\FRST.txt
2014-01-20 19:02 - 2014-01-20 19:02 - 01221120 _____ (Farbar) C:\Users\FAME\Desktop\FRST.exe
2014-01-20 19:02 - 2014-01-20 19:02 - 00000000 ____D C:\FRST
2014-01-20 18:55 - 2014-01-20 18:55 - 00000470 _____ C:\Users\FAME\Desktop\defogger_disable.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000000 _____ C:\Users\FAME\defogger_reenable
2014-01-20 18:53 - 2014-01-20 18:53 - 00050477 _____ C:\Users\FAME\Desktop\Defogger.exe
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-19 00:14 - 2014-01-19 00:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-19 00:11 - 2014-01-19 00:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-19 00:09 - 2014-01-19 00:09 - 00000000 __RHD C:\MSOCache
2014-01-18 23:54 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-18 23:54 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 23:54 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 23:54 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 23:53 - 2014-01-18 23:54 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 23:48 - 2014-01-18 23:51 - 1025493776 _____ (Microsoft Corporation) C:\Users\FAME\Downloads\X17-75062.exe
2014-01-16 17:45 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:45 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:45 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 21:22 - 2014-01-10 21:22 - 00000033 _____ C:\Users\FAME\Documents\bundesnetzagentur.txt
2014-01-10 18:14 - 2014-01-10 18:14 - 00001128 _____ C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-09 00:00 - 2014-01-09 00:00 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-08 23:56 - 2014-01-08 23:56 - 34008992 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-08 23:51 - 2014-01-08 23:52 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeDownload.exe
2014-01-03 00:48 - 2014-01-18 23:54 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 00:48 - 2014-01-03 00:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-03 00:45 - 2014-01-03 00:45 - 00915368 _____ (Oracle Corporation) C:\Users\FAME\Downloads\jxpiinstall.exe
2013-12-27 21:41 - 2013-12-27 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-20 19:03 - 2014-01-20 19:02 - 00026929 _____ C:\Users\FAME\Desktop\FRST.txt
2014-01-20 19:02 - 2014-01-20 19:02 - 01221120 _____ (Farbar) C:\Users\FAME\Desktop\FRST.exe
2014-01-20 19:02 - 2014-01-20 19:02 - 00000000 ____D C:\FRST
2014-01-20 18:59 - 2012-04-19 00:15 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 18:59 - 2011-05-04 01:31 - 01271082 _____ C:\Windows\WindowsUpdate.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000470 _____ C:\Users\FAME\Desktop\defogger_disable.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000000 _____ C:\Users\FAME\defogger_reenable
2014-01-20 18:55 - 2009-10-31 01:32 - 00000000 ____D C:\Users\FAME
2014-01-20 18:53 - 2014-01-20 18:53 - 00050477 _____ C:\Users\FAME\Desktop\Defogger.exe
2014-01-20 18:49 - 2009-11-24 02:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 18:35 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 18:35 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2014-01-20 18:31 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 18:31 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 18:28 - 2012-03-08 14:08 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001UA.job
2014-01-20 18:23 - 2013-05-17 17:05 - 00000000 ____D C:\Users\FAME\AppData\Local\FreePDF_XP
2014-01-20 18:22 - 2013-10-09 21:28 - 00016617 _____ C:\Windows\setupact.log
2014-01-20 18:22 - 2012-04-19 00:15 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 18:22 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 01:20 - 2012-04-02 19:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 00:19 - 2012-05-17 12:25 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Fotobücher
2014-01-20 00:19 - 2012-05-17 12:24 - 00000000 ____D C:\Users\FAME\AppData\Local\Albelli Fotobücher
2014-01-19 23:28 - 2009-10-31 18:28 - 00165280 _____ C:\Users\FAME\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 21:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-19 21:27 - 2012-03-08 14:08 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001Core.job
2014-01-19 21:05 - 2013-03-23 18:55 - 00034600 _____ C:\Windows\PFRO.log
2014-01-19 21:05 - 2009-07-14 05:33 - 00527544 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 00:14 - 2014-01-19 00:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-19 00:14 - 2009-11-24 02:34 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-19 00:14 - 2009-11-24 02:31 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-19 00:14 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2014-01-19 00:14 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-19 00:11 - 2014-01-19 00:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-19 00:09 - 2014-01-19 00:09 - 00000000 __RHD C:\MSOCache
2014-01-18 23:54 - 2014-01-18 23:53 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 23:54 - 2014-01-03 00:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 23:54 - 2009-11-08 01:52 - 00000000 ____D C:\Program Files\Java
2014-01-18 23:51 - 2014-01-18 23:48 - 1025493776 _____ (Microsoft Corporation) C:\Users\FAME\Downloads\X17-75062.exe
2014-01-18 22:24 - 2012-12-25 23:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\UseNeXT
2014-01-17 17:16 - 2013-08-15 18:34 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 17:06 - 2009-10-31 03:07 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 17:39 - 2011-07-30 22:59 - 00000000 ____D C:\Users\FAME\AppData\Roaming\vlc
2014-01-12 23:35 - 2013-05-09 21:06 - 00000000 ____D C:\Users\FAME\Documents\BLACKBERRY-08F1
2014-01-12 23:35 - 2010-01-16 04:30 - 00000000 ____D C:\Users\FAME\AppData\Local\CrashDumps
2014-01-10 21:22 - 2014-01-10 21:22 - 00000033 _____ C:\Users\FAME\Documents\bundesnetzagentur.txt
2014-01-10 21:18 - 2012-01-16 21:13 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2014-01-10 18:14 - 2014-01-10 18:14 - 00001128 _____ C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-09 22:43 - 2013-09-09 22:33 - 00000000 ____D C:\Users\FAME\Documents\Meral
2014-01-09 00:46 - 2009-10-31 01:34 - 01514382 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 00:01 - 2009-11-08 01:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\TuneUp Software
2014-01-09 00:00 - 2014-01-09 00:00 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-09 00:00 - 2009-11-08 01:54 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-08 23:57 - 2013-06-16 18:19 - 00000000 ____D C:\Program Files\DVDVideoSoft
2014-01-08 23:57 - 2013-06-16 18:19 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2014-01-08 23:57 - 2011-01-05 19:55 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DVDVideoSoft
2014-01-08 23:56 - 2014-01-08 23:56 - 34008992 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-08 23:53 - 2013-05-17 16:51 - 00000000 ____D C:\Users\FAME\AppData\Roaming\OpenCandy
2014-01-08 23:52 - 2014-01-08 23:51 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeDownload.exe
2014-01-06 01:32 - 2013-03-15 18:32 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-03 00:48 - 2014-01-03 00:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-03 00:45 - 2014-01-03 00:45 - 00915368 _____ (Oracle Corporation) C:\Users\FAME\Downloads\jxpiinstall.exe
2014-01-02 16:35 - 2010-06-15 21:42 - 00017408 _____ C:\Users\FAME\AppData\Local\WebpageIcons.db
2013-12-28 22:53 - 2012-04-23 23:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-27 21:41 - 2013-12-27 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 19:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
Files to move or delete:
====================
C:\Users\FAME\UseNeXT_Systemkategorien.dat
Some content of TEMP:
====================
C:\Users\FAME\AppData\Local\Temp\295.36275568578634_Update.exe
C:\Users\FAME\AppData\Local\Temp\3CC4590A-ECEC-455B-BEEF-5D97D950649B.exe
C:\Users\FAME\AppData\Local\Temp\649.4465923474506_Update.exe
C:\Users\FAME\AppData\Local\Temp\BackupSetup.exe
C:\Users\FAME\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\FAME\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\FAME\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\FAME\AppData\Local\Temp\SHSetup.exe
C:\Users\FAME\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-14 21:05
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x86) Version: 19-01-2014 04
Ran by FAME at 2014-01-20 19:03:50
Running from C:\Users\FAME\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Bitdefender Virenschutz (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Spyware-Schutz (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
FW: Bitdefender Firewall (Enabled) {A364D236-8096-DCCF-EF3F-4E4DBCD170CF}
==================== Installed Programs ======================
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Download Assistant (Version: 1.2 - Adobe Systems Incorporated)
Adobe Download Assistant (Version: 1.2 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin (Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (Version: 11.0.06 - Adobe Systems Incorporated)
AGEIA PhysX v7.11.13 (Version: 7.11.13 - AGEIA Technologies, Inc.)
Albelli Fotobücher (HKCU Version: - Albelli)
Apple Application Support (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (Version: 2.1.3.127 - Apple Inc.)
Ashampoo Burning Studio 2010 (Version: 9.21 - ashampoo GmbH & Co. KG)
AudibleManager (Version: 2001295984.48.56.29822186 - Audible, Inc.)
Bitdefender Internet Security 2013 (Version: 16.20.0.1483 - Bitdefender)
Bonjour (Version: 3.0.0.10 - Apple Inc.)
CCleaner (Version: 3.28 - Piriform)
Click to Call with Skype (Version: 5.6.8153 - Skype Technologies S.A.)
COMPUTERBILD App-Center (Version: 1.1.11 - J3S)
Das große Franzis Paket Office - Office Vorlagen Teil 1 (Version: - )
Das große Franzis Paket Office - Office Vorlagen Teil 2 (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (Version: - Microsoft)
DivX Converter (Version: 7.1.0 - DivX, Inc.)
DivX Plus DirectShow Filters (Version: - DivX, Inc.)
DivX-Setup (Version: 2.5.0.8 - DivX, LLC)
Driver Detective (Version: 7.0.0 - PC Drivers HeadQuarters)
Dropbox (HKCU Version: 2.0.22 - Dropbox, Inc.)
Free Audio Converter version 5.0.22.128 (Version: 5.0.22.128 - DVDVideoSoft Ltd.)
Free YouTube Download version 3.2.20.1230 (Version: 3.2.20.1230 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.12.20.1230 (Version: 3.12.20.1230 - DVDVideoSoft Ltd.)
FreePDF (Remove only) (Version: - )
Google Chrome (HKCU Version: 32.0.1700.76 - Google Inc.)
Google Update Helper (Version: 1.3.22.3 - Google Inc.) Hidden
Google+ RegHelper (Version: 1.4.0 - UNKNOWN)
Google+ RegHelper (Version: 1.4.0 - UNKNOWN) Hidden
GPL Ghostscript (Version: 9.07 - Artifex Software Inc.)
HSPA USB MODEM (Version: - Komsa_Germany)
iCloud (Version: 3.0.2.163 - Apple Inc.)
Intel AppUp(SM) center (Version: 19079 - Intel)
Internet-TV für Windows Media Center (Version: 4.2.2.0 - Microsoft Corporation)
IPTInstaller (Version: 4.0.8 - HTC)
iTunes (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 51 (Version: 7.0.510 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Junk Mail filter update (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Learn Music Notes (HKCU Version: - Alexander Yerenkow)
MakeUp Pilot Trial Setup 4.6.0 (Version: 4.6.0 - Copyright (c) 2005-2012 Two Pilots)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6012.5000 - Microsoft Corporation) Hidden
Microsoft Choice Guard (Version: 2.0.48.0 - Microsoft Corporation) Hidden
Microsoft Office 2010 Service Pack 1 (SP1) (Version: - Microsoft) Hidden
Microsoft Office Access MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (Version: 14.0.6029.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (Version: 14.0.6029.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU Version: 17.0.2006.0314 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
MobileMe Control Panel (Version: 3.1.8.0 - Apple Inc.)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (Version: 26.0 - Mozilla)
Mozilla Thunderbird 16.0.2 (x86 de) (Version: 16.0.2 - Mozilla)
MSVC80_x86_v2 (Version: 1.0.3.0 - Nokia) Hidden
MSVC90_x86 (Version: 1.0.1.2 - Nokia) Hidden
MSVCRT (Version: 14.0.1468.721 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0 - Microsoft Corporation)
Music Manager (HKCU Version: - Google, Inc.)
MyFreeCodec (HKCU Version: - )
NVIDIA Drivers (Version: 1.10 - NVIDIA Corporation)
OpenOffice.org 3.2 (Version: 3.2.9502 - OpenOffice.org)
PC Connectivity Solution (Version: 10.42.0.0 - Nokia)
PDF24 Creator 5.4.0 (Version: - PDF24.org)
pdfforge Toolbar v1.1.2 (Version: 1.1.2 - Spigot, Inc.) <==== ATTENTION
Picasa 3 (Version: 3.9 - Google, Inc.)
PixiePack Codec Pack (Version: 1.1.400.0 - None)
PlayStation(R)Network Downloader (Version: 2.07.00849 - Sony Computer Entertainment Inc.)
PlayStation(R)Store (Version: 4.9.4.14625 - Sony Computer Entertainment Inc.)
PokerStars.net (Version: - PokerStars.net)
PVSonyDll (Version: 1.00.0001 - NVIDIA Corporation) Hidden
QuickTime (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
RedMon - Redirection Port Monitor (Version: - )
Rotlicht Tycoon Gold-Edition (Version: - )
SAMSUNG USB Driver for Mobile Phones (Version: 1.4.103.0 - SAMSUNG Electronics Co., Ltd.)
Screen Recording Suite V2.5.0 (Version: 2.5.0 - Apowersoft)
Skype™ 5.10 (Version: 5.10.116 - Skype Technologies S.A.)
SopCast 3.3.2 (Version: 3.3.2 - www.sopcast.com)
Spotify (HKCU Version: 0.8.8.450.gd9413516 - Spotify AB)
Steganos Online-Banking 2011 (Version: 1.2.2 - Steganos Software GmbH)
Steganos Online-Banking 2012 (Version: 2.0.4 - Steganos Software GmbH)
Torrent Stream 2.0.7.1 (HKCU Version: 2.0.7.1 - Torrent Stream)
Touchpad Blocker (Version: 1.0 - KARPOLAN)
TVUPlayer 2.5.3.1 (Version: 2.5.3.1 - TVU networks)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553065) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2566458) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (Version: - Microsoft)
UseNeXT by Tangysoft (Version: - Tangysoft Ltd.)
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0 - DivX, Inc) Hidden
Violin Newbie 2011 Version 3.1 (Version: 3.1 - Simon Rettenbacher)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
VoiceOver Kit (Version: 1.42.128.0 - Apple Inc.)
Windows 7 USB/DVD Download Tool (Version: 1.0.30 - Microsoft Corporation)
Windows Live Anmelde-Assistent (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Call (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Communications Platform (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Essentials (Version: 14.0.8117.0416 - Microsoft Corporation)
Windows Live Essentials (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Fotogalerie (Version: 14.0.8117.416 - Microsoft Corporation) Hidden
Windows Live Mail (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Messenger (Version: 14.0.8117.0416 - Microsoft Corporation) Hidden
Windows Live Sync (Version: 14.0.8117.416 - Microsoft Corporation)
Windows Live-Uploadtool (Version: 14.0.8014.1029 - Microsoft Corporation)
Windows Media Center Add-in for Silverlight (Version: 4.7.3.0 - Microsoft Corporation)
Windows Media Player Firefox Plugin (Version: 1.0.0.8 - Microsoft Corp)
Windows Phone Intro Video (DEU) (Version: 04.07.0975.00 - Microsoft Corporation) Hidden
WinRAR (Version: - )
YouFreeTV Version 0.02 (Version: 0.02 - YouFreeTV)
Zattoo 3.3.4 Beta (Version: 3.3.4 Beta - Zattoo Inc.)
Zattoo4 4.0.5 (Version: 4.0.5 - Zattoo Inc.)
ZoneAlarm LTD Toolbar (Version: - Check Point Software Technologies)
==================== Restore Points =========================
10-01-2014 17:15:20 TuneUp Utilities 2014 wird entfernt
10-01-2014 17:16:25 TuneUp Utilities 2014 (de-DE) wird entfernt
17-01-2014 16:01:24 Windows Update
18-01-2014 22:52:30 Installed Java 7 Update 51
18-01-2014 23:09:14 Installed Microsoft Office Professional 2010-Testversion
20-01-2014 17:27:46 Windows Update
==================== Hosts content: ==========================
2013-03-02 15:43 - 2013-03-02 15:43 - 00000000 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {107A1F91-CF0C-457B-868D-DA11CF9799FC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1904FAC0-3034-4D7A-BE4A-1667848332F9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001UA => C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08] (Google Inc.)
Task: {39AF11FB-D03C-4574-9A0A-90CD3E2A5252} - System32\Tasks\Java Update Scheduler => C:\Program Files\Java\jre6\bin\jusched.exe
Task: {3A299ACD-F28C-498A-99D1-1114A1630FF9} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001Core => C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08] (Google Inc.)
Task: {467AE6EB-4788-4848-A830-A8F03136E12A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-19] (Google Inc.)
Task: {48ABC2A8-B007-4EA8-BA28-C37C59EA4062} - System32\Tasks\Launch HTC Sync Loader => C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
Task: {558F7002-24F6-432D-BE29-D52FF4544F87} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-02-25] (Piriform Ltd)
Task: {7CD4E9D6-0EA1-4F7B-A06F-1C6AB7B42A7F} - System32\Tasks\Secunia PSI Logon Task => C:\Program Files\Secunia\PSI\psi.exe
Task: {9FF6F9E0-36FD-49DE-B00E-8D4B9FAFF80E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B2F53E4C-6743-4097-9CDD-02A6ABC88FCE} - System32\Tasks\{AB9B3075-7A68-4E94-AC09-83B2A5C9AFAC} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {D2EA5906-772C-4CB2-A740-B415807691AC} - System32\Tasks\DigitalSite => C:\Users\FAME\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {D98C56F9-F452-45E8-A2CE-18B6939A25F7} - System32\Tasks\{4854EC88-5C42-45F9-BE11-F14DF4AEC52E} => C:\Program Files\Skype\Phone\Skype.exe [2012-07-13] (Skype Technologies S.A.)
Task: {F2966715-B1EF-49DA-B81F-79B9FD6F4C06} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-19] (Google Inc.)
Task: {F9CA1422-0CDA-497D-8D98-300D13727ECE} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-11] (Adobe Systems Incorporated)
Task: {FA603982-4556-4E14-AFF4-79B3BC5CC3C1} - System32\Tasks\Google Updater and Installer => C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DigitalSite.job => C:\Users\FAME\AppData\Roaming\DIGITA~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001Core.job => C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001UA.job => C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf
2011-03-23 21:39 - 2010-12-01 15:26 - 02452992 _____ () C:\Program Files\Intel\IntelAppStore\bin\QtCore4.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 00375808 _____ () C:\Program Files\Intel\IntelAppStore\bin\QtXml4.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 00322048 _____ () C:\Program Files\Intel\IntelAppStore\bin\log4cplus.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 00013312 _____ () C:\Program Files\Intel\IntelAppStore\bin\featureController.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 01008640 _____ () C:\Program Files\Intel\IntelAppStore\bin\QtNetwork4.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 00195584 _____ () C:\Program Files\Intel\IntelAppStore\bin\libgsoap.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 00062464 _____ () C:\Program Files\Intel\IntelAppStore\bin\zlib1.dll
2011-03-23 21:39 - 2010-12-01 15:26 - 00400384 _____ () C:\Program Files\Intel\IntelAppStore\bin\sqlite3.dll
2011-03-23 21:39 - 2011-01-27 18:00 - 03622128 _____ () C:\Program Files\Intel\IntelAppStore\bin\plugin\libbizlplugin.dll
2013-10-24 20:29 - 2013-10-24 20:29 - 00204280 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\txmlutil.dll
2013-03-29 21:58 - 2013-10-24 20:29 - 00093040 _____ () C:\Program Files\Bitdefender\Bitdefender 2013\bdmetrics.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2013-02-27 20:33 - 2013-02-27 20:33 - 10683392 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2013-02-27 20:32 - 2013-02-27 20:32 - 07741952 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2013-02-27 20:32 - 2013-02-27 20:32 - 02248192 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2013-02-27 20:33 - 2013-02-27 20:33 - 01681408 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2013-11-12 02:03 - 2013-11-12 02:03 - 00117248 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2013-11-12 02:04 - 2013-11-12 02:04 - 00231936 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2013-11-12 02:03 - 2013-11-12 02:03 - 00253440 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2013-11-12 02:05 - 2013-11-12 02:05 - 00344064 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2013-02-27 20:33 - 2013-02-27 20:33 - 00026624 _____ () C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2013-09-14 00:51 - 2013-09-14 00:51 - 00087952 _____ () C:\Program Files\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 00:50 - 2013-09-14 00:50 - 01242952 _____ () C:\Program Files\Common Files\Apple\Internet Services\libxml2.dll
2013-10-29 20:18 - 2013-11-08 09:44 - 00121344 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\acestreamengine.Core.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\_ssl.pyd
2013-10-29 20:18 - 2013-09-27 13:37 - 00018944 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\acestreamengine.pycompat.pyd
2013-10-29 20:18 - 2013-11-08 09:44 - 02488320 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\acestreamengine.CoreApp.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\_hashlib.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00106496 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\_ctypes.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00011776 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\select.pyd
2011-01-18 22:56 - 2011-01-18 22:56 - 00334336 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\M2Crypto.__m2crypto.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00152576 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\pyexpat.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00098816 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\win32api.pyd
2012-02-07 17:35 - 2012-02-07 17:35 - 00110080 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\pywintypes27.dll
2012-02-07 17:38 - 2012-02-07 17:38 - 00358912 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\pythoncom27.dll
2012-02-07 17:36 - 2012-02-07 17:36 - 00111616 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\win32file.pyd
2012-02-07 17:36 - 2012-02-07 17:36 - 00024064 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\win32pdh.pyd
2010-10-10 23:23 - 2010-10-10 23:23 - 00723968 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\apsw.pyd
2013-02-19 21:23 - 2013-02-16 00:51 - 00082944 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\cpyamf.util.pyd
2011-02-13 16:02 - 2011-02-13 16:02 - 00031232 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\Crypto.Cipher.AES.pyd
2011-07-15 20:37 - 2011-07-15 20:37 - 00981504 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\wx._core_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00746496 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\wx._gdi_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00670720 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\wx._windows_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00966144 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\wx._controls_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00674816 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\wx._misc_.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00688128 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\unicodedata.pyd
2013-02-19 21:23 - 2013-02-16 00:51 - 00066048 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\engine\lib\cpyamf.amf0.pyd
2014-01-15 00:33 - 2014-01-11 11:28 - 00715544 _____ () C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\libglesv2.dll
2014-01-15 00:33 - 2014-01-11 11:28 - 00100120 _____ () C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\libegl.dll
2014-01-15 00:33 - 2014-01-11 11:29 - 04055320 _____ () C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll
2014-01-15 00:33 - 2014-01-11 11:29 - 00399640 _____ () C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll
2014-01-15 00:33 - 2014-01-11 11:28 - 01634584 _____ () C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\ffmpegsumo.dll
2011-06-12 14:09 - 2011-06-12 14:09 - 00038400 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\_socket.pyd
2011-06-12 14:09 - 2011-06-12 14:09 - 00720896 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\_ssl.pyd
2011-07-15 20:37 - 2011-07-15 20:37 - 00981504 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\wx._core_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00746496 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\wx._gdi_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00670720 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\wx._windows_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00966144 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\wx._controls_.pyd
2011-07-15 20:38 - 2011-07-15 20:38 - 00674816 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\wx._misc_.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00287232 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\_hashlib.pyd
2011-01-18 22:56 - 2011-01-18 22:56 - 00334336 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\M2Crypto.__m2crypto.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00011776 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\select.pyd
2011-06-12 14:06 - 2011-06-12 14:06 - 00152576 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\pyexpat.pyd
2012-02-07 17:37 - 2012-02-07 17:37 - 00098816 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\win32api.pyd
2012-02-07 17:35 - 2012-02-07 17:35 - 00110080 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\pywintypes27.dll
2012-02-07 17:38 - 2012-02-07 17:38 - 00358912 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\pythoncom27.dll
2012-02-07 17:36 - 2012-02-07 17:36 - 00111616 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\win32file.pyd
2012-02-07 17:36 - 2012-02-07 17:36 - 00024064 _____ () C:\Users\FAME\AppData\Roaming\TorrentStream\updater\lib\win32pdh.pyd
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\FAME\Downloads\adwcleaner_2113.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\ccsetup328.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\CS2_RetNon_Ger_1.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\Franzis_Office_2010_Vorlagen1.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\Franzis_Office_2010_Vorlagen2.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\FreeAudioConverter.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\FreePDF4.08.EXE:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\gs907w32.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\HousecallLauncher.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\install_reader11_de_mssa_aaa_aih.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\MicrosoftFixit.HomeGroup.Run.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\musicmanagerinstaller.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\pdf24-creator-5.4.0.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\PDFCreator-1_7_0_setup.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\picasa39-setup(1).exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\picasa39-setup.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\RhapsodyAudiogalaxy.EXE:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\Setup (1).exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\SpotifySetup.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\SpybotSD2_2.0.12.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\SpyHunter-Installer.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\TorrentStream_2.0.7.1_by_Wiziwig_tv.exe:BDU
AlternateDataStreams: C:\Users\FAME\Downloads\uTorrent.exe:BDU
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/19/2014 00:34:35 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=42122f59-2850-485e-b0c0-1aaca1c88923
Error: (01/19/2014 00:34:35 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C032
Error: (01/19/2014 00:32:57 AM) (Source: MsiInstaller) (User: FAME-PC)
Description: Produkt: Microsoft Office Single Image 2010 -- Fehler 25004.Der eingegebene Product Key kann auf diesem Computer nicht verwendet werden. Die Ursache hierfür besteht höchstwahrscheinlich in zuvor installierten Office 2010-Testversionen. (Systemfehler: -1073422306)
Error: (01/19/2014 00:32:57 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E01E
Partial Pkey=9M9CM
ACID=42122f59-2850-485e-b0c0-1aaca1c88923
Detailed Error[?]
Error: (01/19/2014 00:32:48 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Installation of the Proof of Purchase failed. 0xC004E01E
Partial Pkey=9M9CM
ACID=42122f59-2850-485e-b0c0-1aaca1c88923
Detailed Error[?]
Error: (01/19/2014 00:29:39 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=42122f59-2850-485e-b0c0-1aaca1c88923
Error: (01/19/2014 00:29:39 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C032
Error: (01/19/2014 00:29:06 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=42122f59-2850-485e-b0c0-1aaca1c88923
Error: (01/19/2014 00:29:06 AM) (Source: Office Software Protection Platform Service) (User: )
Description: License acquisition failure details.
hr=0xC004C032
Error: (01/19/2014 00:26:21 AM) (Source: Office Software Protection Platform Service) (User: )
Description: Acquisition of End User License failed. hr=0xC004C032
Sku Id=42122f59-2850-485e-b0c0-1aaca1c88923
System errors:
=============
Error: (01/19/2014 01:05:09 AM) (Source: Service Control Manager) (User: )
Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/17/2014 08:48:07 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/16/2014 05:39:50 PM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}
Error: (01/16/2014 05:38:03 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/16/2014 05:38:03 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/16/2014 05:38:02 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Error: (01/16/2014 05:32:39 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Error: (01/16/2014 05:32:09 PM) (Source: Service Control Manager) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst nvsvc erreicht.
Error: (01/14/2014 09:33:33 PM) (Source: Service Control Manager) (User: )
Description: Dienst "Bitdefender Virus Shield" wurde unerwartet beendet. Dies ist bereits 2 Mal passiert.
Error: (01/14/2014 09:20:30 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (01/19/2014 00:34:35 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03242122f59-2850-485e-b0c0-1aaca1c88923
Error: (01/19/2014 00:34:35 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03200010001(0x00000000, 00:34:34:403 - hxxp://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 00:34:34:404)
00030001(0x00000000, 00:34:34:404 - hxxp://go.microsoft.com)
00030002(0x00000000, 00:34:34:404 - 1)
00020005(0x00000000, 00:34:34:404 - 0)
0002000C(0x00000000, 00:34:34:776 - 302)
0002000E(0x00000000, 00:34:34:776 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx?configextension=o14)
00020001(0x00000000, 00:34:34:776)
00030001(0x00000000, 00:34:34:776 - https://activation.sls.microsoft.com)
00030002(0x00000000, 00:34:34:776 - 1)
00020005(0x00000000, 00:34:34:776 - 0)
0002000C(0x00000000, 00:34:35:205 - 500)
00010002(0x8004FC01, 00:34:35:205 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C032</HRESULT><Messages><Message>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 00:34:35:207)
Error: (01/19/2014 00:32:57 AM) (Source: MsiInstaller)(User: FAME-PC)
Description: Produkt: Microsoft Office Single Image 2010 -- Fehler 25004.Der eingegebene Product Key kann auf diesem Computer nicht verwendet werden. Die Ursache hierfür besteht höchstwahrscheinlich in zuvor installierten Office 2010-Testversionen. (Systemfehler: -1073422306)(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/19/2014 00:32:57 AM) (Source: Office Software Protection Platform Service)(User: )
Description: 0xC004E01E9M9CM42122f59-2850-485e-b0c0-1aaca1c88923?
Error: (01/19/2014 00:32:48 AM) (Source: Office Software Protection Platform Service)(User: )
Description: 0xC004E01E9M9CM42122f59-2850-485e-b0c0-1aaca1c88923?
Error: (01/19/2014 00:29:39 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03242122f59-2850-485e-b0c0-1aaca1c88923
Error: (01/19/2014 00:29:39 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03200010001(0x00000000, 00:29:38:241 - hxxp://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 00:29:38:241)
00030001(0x00000000, 00:29:38:241 - hxxp://go.microsoft.com)
00030002(0x00000000, 00:29:38:241 - 1)
00020005(0x00000000, 00:29:38:241 - 0)
0002000C(0x00000000, 00:29:38:611 - 302)
0002000E(0x00000000, 00:29:38:611 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx?configextension=o14)
00020001(0x00000000, 00:29:38:611)
00030001(0x00000000, 00:29:38:611 - https://activation.sls.microsoft.com)
00030002(0x00000000, 00:29:38:611 - 1)
00020005(0x00000000, 00:29:38:611 - 0)
0002000C(0x00000000, 00:29:39:221 - 500)
00010002(0x8004FC01, 00:29:39:221 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C032</HRESULT><Messages><Message>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 00:29:39:231)
Error: (01/19/2014 00:29:06 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03242122f59-2850-485e-b0c0-1aaca1c88923
Error: (01/19/2014 00:29:06 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03200010001(0x00000000, 00:29:05:954 - hxxp://go.microsoft.com/fwlink/?LinkID=120752)
00020001(0x00000000, 00:29:05:954)
00030001(0x00000000, 00:29:05:954 - hxxp://go.microsoft.com)
00030002(0x00000000, 00:29:05:954 - 1)
00020005(0x00000000, 00:29:05:954 - 0)
0002000C(0x00000000, 00:29:06:325 - 302)
0002000E(0x00000000, 00:29:06:325 - https://activation.sls.microsoft.com/sllicensing/SLLicense.asmx?configextension=o14)
00020001(0x00000000, 00:29:06:325)
00030001(0x00000000, 00:29:06:325 - https://activation.sls.microsoft.com)
00030002(0x00000000, 00:29:06:325 - 1)
00020005(0x00000000, 00:29:06:325 - 0)
0002000C(0x00000000, 00:29:06:765 - 500)
00010002(0x8004FC01, 00:29:06:765 - <?xml version="1.0" encoding="utf-8"?><soap:Envelope xmlns:soap="hxxp://schemas.xmlsoap.org/soap/envelope/" xmlns:xsi="hxxp://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="hxxp://www.w3.org/2001/XMLSchema"><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>SoapException</faultstring><detail><HRESULT>0xC004C032</HRESULT><Messages><Message>153 (Activation) - [PA: New time based activation not available. ---> Time based activation is not available]</Message></Messages></detail></soap:Fault></soap:Body></soap:Envelope>)
00010003(0x8004FC01, 00:29:06:765)
Error: (01/19/2014 00:26:21 AM) (Source: Office Software Protection Platform Service)(User: )
Description: hr=0xC004C03242122f59-2850-485e-b0c0-1aaca1c88923
CodeIntegrity Errors:
===================================
Date: 2013-01-31 02:12:46.615
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_003\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-31 01:36:24.145
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_003\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-30 23:23:21.570
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00176_003\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-30 02:26:38.369
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-29 23:59:23.955
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-29 22:45:16.181
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-29 22:27:11.064
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-29 22:16:21.036
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-29 21:26:39.353
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2013-01-29 20:58:42.000
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files\Bitdefender\Bitdefender 2013\active virus control\Avc3_00175_002\avcuf32.dll" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 53%
Total physical RAM: 3066.65 MB
Available physical RAM: 1412.71 MB
Total Pagefile: 6131.59 MB
Available Pagefile: 4428.63 MB
Total Virtual: 2047.88 MB
Available Virtual: 1880.29 MB
==================== Drives ================================
Drive c: (System) (Fixed) (Total:192.06 GB) (Free:45.09 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Data) (Fixed) (Total:97.03 GB) (Free:67.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: A9859A93)
Partition 1: (Not Active) - (Size=9 GB) - (Type=27)
Partition 2: (Active) - (Size=192 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19324 - hxxp://www.gmer.net
Rootkit scan 2014-01-20 19:47:03
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543232L9A300 rev.FB4OC40C 298,09GB
Running: gmer.exe; Driver: C:\Users\FAME\AppData\Local\Temp\kwtdypow.sys
---- System - GMER 2.1 ----
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAllocateVirtualMemory [0x8EDC90BE]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAlpcConnectPort [0x8EDCC566]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAlpcSendWaitReceivePort [0x8EDCC09C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwAssignProcessToJobObject [0x8EDC9C88]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwClose [0x8EDCCB8C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwConnectPort [0x8EDCB418]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateFile [0x8EDCA95C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateKey [0x8EDCBB10]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcess [0x8EDC9EDE]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateProcessEx [0x8EDC9F94]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateSection [0x8EDCA27E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThread [0x8EDC8A2E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwCreateThreadEx [0x8EDCCDA8]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDeviceIoControlFile [0x8EDCBC80]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwDuplicateObject [0x8EDD011A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwFsControlFile [0x8EDCBF38]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwLoadDriver [0x8EDC9594]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwMakeTemporaryObject [0x8EDCC934]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenFile [0x8EDCA74E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenProcess [0x8EDCFB72]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenSection [0x8EDCA04E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwOpenThread [0x8EDCFE22]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwProtectVirtualMemory [0x8EDC8F42]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwQueueApcThread [0x8EDC9DB0]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwReplaceKey [0x8EDCC782]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestPort [0x8EDCB586]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRequestWaitReplyPort [0x8EDCAF1A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwRestoreKey [0x8EDCC80C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSecureConnectPort [0x8EDCB9A0]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetContextThread [0x8EDC8B9E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSecurityObject [0x8EDCC6DC]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSetSystemInformation [0x8EDC978E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwShutdownSystem [0x8EDCC89E]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendProcess [0x8EDC8E1A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSuspendThread [0x8EDC8CF4]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwSystemDebugControl [0x8EDC9BBA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateProcess [0x8EDCFA6A]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwTerminateThread [0x8EDD030C]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwUnloadDriver [0x8EDCC9CA]
SSDT \??\C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys ZwWriteVirtualMemory [0x8EDC88B2]
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82291A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 822CB212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 10F3 822D2488 4 Bytes [BE, 90, DC, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 10FF 822D2494 4 Bytes [66, C5, DC, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1143 822D24D8 4 Bytes [9C, C0, DC, 8E] {PUSHF ; RCR AH, 0x8e}
.text ntkrnlpa.exe!KeRemoveQueueEx + 1153 822D24E8 4 Bytes [88, 9C, DC, 8E]
.text ntkrnlpa.exe!KeRemoveQueueEx + 116F 822D2504 4 Bytes [8C, CB, DC, 8E]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtCreateFile + 6 7706560E 4 Bytes [28, E4, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtCreateFile + B 77065613 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + 6 77065C6E 4 Bytes [28, E7, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtMapViewOfSection + B 77065C73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenFile + 6 77065D1E 4 Bytes [68, E4, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenFile + B 77065D23 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcess + 6 77065DCE 4 Bytes [A8, E5, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcess + B 77065DD3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessToken + B 77065DE3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessTokenEx + 6 77065DEE 4 Bytes [A8, E6, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenProcessTokenEx + B 77065DF3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThread + 6 77065E4E 4 Bytes [68, E5, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThread + B 77065E53 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadToken + 6 77065E5E 4 Bytes [68, E6, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadToken + B 77065E63 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtOpenThreadTokenEx + B 77065E73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryAttributesFile + 6 77065F7E 4 Bytes [A8, E4, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryAttributesFile + B 77065F83 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtQueryFullAttributesFile + B 77066033 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationFile + 6 7706667E 4 Bytes [28, E5, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationFile + B 77066683 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationThread + 6 770666DE 4 Bytes [28, E6, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtSetInformationThread + B 770666E3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + 6 770669FE 4 Bytes [68, E7, A3, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[3708] ntdll.dll!NtUnmapViewOfSection + B 77066A03 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtCreateFile + 6 7706560E 4 Bytes [28, 70, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtCreateFile + B 77065613 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + 6 77065C6E 4 Bytes [28, 73, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtMapViewOfSection + B 77065C73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenFile + 6 77065D1E 4 Bytes [68, 70, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenFile + B 77065D23 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcess + 6 77065DCE 4 Bytes [A8, 71, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcess + B 77065DD3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessToken + B 77065DE3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessTokenEx + 6 77065DEE 4 Bytes [A8, 72, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenProcessTokenEx + B 77065DF3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThread + 6 77065E4E 4 Bytes [68, 71, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThread + B 77065E53 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadToken + 6 77065E5E 4 Bytes [68, 72, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadToken + B 77065E63 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtOpenThreadTokenEx + B 77065E73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryAttributesFile + 6 77065F7E 4 Bytes [A8, 70, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryAttributesFile + B 77065F83 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtQueryFullAttributesFile + B 77066033 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationFile + 6 7706667E 4 Bytes [28, 71, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationFile + B 77066683 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationThread + 6 770666DE 4 Bytes [28, 72, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtSetInformationThread + B 770666E3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + 6 770669FE 4 Bytes [68, 73, D7, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4488] ntdll.dll!NtUnmapViewOfSection + B 77066A03 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtCreateFile + 6 7706560E 4 Bytes [28, E4, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtCreateFile + B 77065613 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtMapViewOfSection + 6 77065C6E 4 Bytes [28, E7, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtMapViewOfSection + B 77065C73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenFile + 6 77065D1E 4 Bytes [68, E4, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenFile + B 77065D23 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcess + 6 77065DCE 4 Bytes [A8, E5, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcess + B 77065DD3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessToken + B 77065DE3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessTokenEx + 6 77065DEE 4 Bytes [A8, E6, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenProcessTokenEx + B 77065DF3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThread + 6 77065E4E 4 Bytes [68, E5, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThread + B 77065E53 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadToken + 6 77065E5E 4 Bytes [68, E6, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadToken + B 77065E63 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtOpenThreadTokenEx + B 77065E73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryAttributesFile + 6 77065F7E 4 Bytes [A8, E4, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryAttributesFile + B 77065F83 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtQueryFullAttributesFile + B 77066033 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationFile + 6 7706667E 4 Bytes [28, E5, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationFile + B 77066683 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationThread + 6 770666DE 4 Bytes [28, E6, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtSetInformationThread + B 770666E3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtUnmapViewOfSection + 6 770669FE 4 Bytes [68, E7, 3F, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4684] ntdll.dll!NtUnmapViewOfSection + B 77066A03 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtCreateFile + 6 7706560E 4 Bytes [28, A0, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtCreateFile + B 77065613 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + 6 77065C6E 4 Bytes [28, A3, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtMapViewOfSection + B 77065C73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenFile + 6 77065D1E 4 Bytes [68, A0, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenFile + B 77065D23 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcess + 6 77065DCE 4 Bytes [A8, A1, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcess + B 77065DD3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessToken + B 77065DE3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessTokenEx + 6 77065DEE 4 Bytes [A8, A2, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenProcessTokenEx + B 77065DF3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThread + 6 77065E4E 4 Bytes [68, A1, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThread + B 77065E53 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadToken + 6 77065E5E 4 Bytes [68, A2, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadToken + B 77065E63 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtOpenThreadTokenEx + B 77065E73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryAttributesFile + 6 77065F7E 4 Bytes [A8, A0, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryAttributesFile + B 77065F83 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtQueryFullAttributesFile + B 77066033 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationFile + 6 7706667E 4 Bytes [28, A1, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationFile + B 77066683 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationThread + 6 770666DE 4 Bytes [28, A2, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtSetInformationThread + B 770666E3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + 6 770669FE 4 Bytes [68, A3, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[4996] ntdll.dll!NtUnmapViewOfSection + B 77066A03 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtCreateFile + 6 7706560E 4 Bytes [28, DC, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtCreateFile + B 77065613 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + 6 77065C6E 4 Bytes [28, DF, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtMapViewOfSection + B 77065C73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenFile + 6 77065D1E 4 Bytes [68, DC, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenFile + B 77065D23 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcess + 6 77065DCE 4 Bytes [A8, DD, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcess + B 77065DD3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessToken + B 77065DE3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessTokenEx + 6 77065DEE 4 Bytes [A8, DE, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenProcessTokenEx + B 77065DF3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThread + 6 77065E4E 4 Bytes [68, DD, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThread + B 77065E53 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadToken + 6 77065E5E 4 Bytes [68, DE, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadToken + B 77065E63 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtOpenThreadTokenEx + B 77065E73 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryAttributesFile + 6 77065F7E 4 Bytes [A8, DC, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryAttributesFile + B 77065F83 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtQueryFullAttributesFile + B 77066033 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationFile + 6 7706667E 4 Bytes [28, DD, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationFile + B 77066683 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationThread + 6 770666DE 4 Bytes [28, DE, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtSetInformationThread + B 770666E3 1 Byte [E2]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + 6 770669FE 4 Bytes [68, DF, 5E, 00]
.text C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe[5072] ntdll.dll!NtUnmapViewOfSection + B 77066A03 1 Byte [E2]
---- EOF - GMER 2.1 ----
|
|
20.01.2014, 21:21
| #2 |
| /// the machine /// TB-Ausbilder    | Trojaner yelp helperbar hi,
__________________Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
20.01.2014, 22:54
| #3 |
| | Trojaner yelp helperbarCode:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.20.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 11.0.9600.16476 FAME :: FAME-PC [Administrator] Schutz: Aktiviert 20.01.2014 21:56:57 mbam-log-2014-01-20 (21-56-57).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216655 Laufzeit: 17 Minute(n), 7 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 43 HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\mysearchdial.mysearchdialdskBnd.1 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\mysearchdial.mysearchdialdskBnd (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.mysearchdialESrvc.1 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.mysearchdialESrvc (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\mysearchdial.mysearchdialHlpr.1 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\mysearchdial.mysearchdialHlpr (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF5625A3-37AB-4BDB-9875-2A3D91CD0DFD} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Typelib\{FBC322D5-407E-4854-8C0B-555B951FD8E3} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C} (PUP.Optional.Wajam.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Digital Sites (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\mysearchdial.com (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Systweak\RegClean Pro (PUP.Optional.RegCleanerPro.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\InstallCore\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\BonanzaDealsLive.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{C358B3D0-B911-41E3-A276-E7D43A6BA56D} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\mysearchdial.mysearchdialappCore.1 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\mysearchdial.mysearchdialappCore (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{4ED063C9-4A0B-4B44-A9DC-23AFF424A0D3} (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\m (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 3 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Daten: mysearchdial Toolbar -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{3004627E-F8E9-4E8B-909D-316753CBA923} (PUP.Optional.MySearchDial.A) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Daten: 0A2O0R1R1H2Z1S1G0H1F -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 6 HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=635347469&ir=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Page (PUP.Optional.HelperBar.A) -> Bösartig: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|Search Bar (PUP.Optional.HelperBar.A) -> Bösartig: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|Default_Search_URL (PUP.Optional.HelperBar.A) -> Bösartig: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Internet Explorer\Search|SearchAssistant (PUP.Optional.HelperBar.A) -> Bösartig: (hxxp://feed.helperbar.com/?publisher=YahooOC&dpid=YahooOC&co=DE&userid=d0aaf950-dc79-9ad5-7ecc-6c45a744f512&searchtype=ds&p={searchTerms}&fr=linkury-tb&installDate=08/01/2014&type=hp1000) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (PUP.Optional.MySearchDial.A) -> Bösartig: (hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T&cr=635347469&ir=) Gut: (hxxp://www.google.com) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 19 C:\Users\FAME\AppData\Roaming\DigitalSites\UpdateProc (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial\icons_2.2.15.1592 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial\UpdateProc (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\48D9D008009044668D70DF24532D7AC1 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\6F960A6E1CA9467C86B2198321DC92A5 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\90994A2E365B4AED96C5A8D59830ACB3 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\BB11C0051591409CB1C41A9C0A2E2D4B (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update\Log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BonanzaDealsLive (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\BonanzaDealsLive\CrashReports (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0 (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\bh (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 44 C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialTlbr.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialsrv.exe (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\bh\mysearchdial.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\6F960A6E1CA9467C86B2198321DC92A5\DeltaTB.exe (PUP.Optional.Delta.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\90994A2E365B4AED96C5A8D59830ACB3\Installer.exe (PUP.Optional.Linkury.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-1959429063-2497190240-3554024458-1001\$R2MA7KE.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\$Recycle.Bin\S-1-5-21-1959429063-2497190240-3554024458-1001\$RKNKYXL.exe (PUP.Optional.InstallCore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\295.36275568578634_Update.exe (PUP.Optional.DigitalSites.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\649.4465923474506_Update.exe (PUP.Optional.DigitalSites.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\is357113909\12363730_stp\Mysearchdial.exe (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\FAE3C240-BAB0-7891-B392-8387E77D4155\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\FAE3C240-BAB0-7891-B392-8387E77D4155\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\FAE3C240-BAB0-7891-B392-8387E77D4155\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\FAE3C240-BAB0-7891-B392-8387E77D4155\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\FAE3C240-BAB0-7891-B392-8387E77D4155\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\is1590112554\15401696_stp\SearchGol.exe (PUP.Optional.PCFixSpeed.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\is1590112554\15401741_stp\wajam_download.exe (PUP.Optional.Wajam) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Temp\is1590112554\15401838_stp\bd.exe (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\Downloads\SoftonicDownloader_fuer_photoscape.exe (PUP.Optional.Softonic.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\Downloads\rcpsetup_softonic_new_de_pd_new.exe (PUP.Optional.RegCleanerPro) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\Downloads\sweetimsetup.exe (PUP.Optional.SweetIM) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\DigitalSites\UpdateProc\UpdateTask.exe (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\DigitalSites\UpdateProc\config.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\DigitalSites\UpdateProc\prod.dat (PUP.Optional.Updater) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\mysearchdial-speeddial.crx (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\roboot.exe (PUP.Optional.PCPerformer.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\Desktop\MySearchDial.url (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage (PUP.Optional.FunMoods.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial\icons_2.2.15.1592\62.ico (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial\icons_2.2.15.1592\80.ico (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial\UpdateProc\config.dat (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\mysearchdial\UpdateProc\UpdateTask.exe (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\48D9D008009044668D70DF24532D7AC1\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\6F960A6E1CA9467C86B2198321DC92A5\5472.ico (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\6F960A6E1CA9467C86B2198321DC92A5\EBB77268-338F-4C6A-8590-AD88FED26F4A (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\6F960A6E1CA9467C86B2198321DC92A5\OCBrowserHelper_1.0.6.125.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\FAME\AppData\Roaming\OpenCandy\BB11C0051591409CB1C41A9C0A2E2D4B\speedupmypcDE.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\BonanzaDealsLive\Update\Log\BonanzaDealsLive.log (PUP.Optional.BonanzaDeals.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\FavIcon.ico (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialApp.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\mysearchdialEng.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\Sqlite3.dll (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\uninst.dat (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\Mysearchdial\1.8.21.0\uninstall.exe (PUP.Optional.MySearchDial.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter 2014/01/20 21:54:30 +0100 FAME-PC FAME MESSAGE Executing scheduled update: Daily
2014/01/20 21:54:35 +0100 FAME-PC FAME MESSAGE Starting protection
2014/01/20 21:54:35 +0100 FAME-PC FAME MESSAGE Protection started successfully
2014/01/20 21:54:35 +0100 FAME-PC FAME MESSAGE Starting IP protection
2014/01/20 21:54:55 +0100 FAME-PC FAME MESSAGE IP Protection started successfully
2014/01/20 21:55:01 +0100 FAME-PC FAME MESSAGE Starting database refresh
2014/01/20 21:55:01 +0100 FAME-PC FAME MESSAGE Scheduled update executed successfully: database updated from version v2013.04.04.07 to version v2014.01.20.08
2014/01/20 21:55:01 +0100 FAME-PC FAME MESSAGE Stopping IP protection
2014/01/20 21:55:05 +0100 FAME-PC FAME MESSAGE IP Protection stopped successfully
2014/01/20 21:55:08 +0100 FAME-PC FAME MESSAGE Database refreshed successfully
2014/01/20 21:55:08 +0100 FAME-PC FAME MESSAGE Starting IP protection
2014/01/20 21:55:12 +0100 FAME-PC FAME MESSAGE IP Protection started successfully
2014/01/20 22:20:10 +0100 FAME-PC FAME MESSAGE Starting protection
2014/01/20 22:20:11 +0100 FAME-PC FAME MESSAGE Protection started successfully
2014/01/20 22:20:11 +0100 FAME-PC FAME MESSAGE Starting IP protection
2014/01/20 22:20:14 +0100 FAME-PC FAME MESSAGE IP Protection started successfully
2014/01/20 22:21:15 +0100 FAME-PC FAME IP-BLOCK 46.166.128.193 (Type: outgoing, Port: 8621, Process: tsengine.exe)
2014/01/20 22:33:44 +0100 FAME-PC FAME MESSAGE Starting protection
2014/01/20 22:33:44 +0100 FAME-PC FAME MESSAGE Protection started successfully
2014/01/20 22:33:44 +0100 FAME-PC FAME MESSAGE Starting IP protection
2014/01/20 22:33:48 +0100 FAME-PC FAME MESSAGE IP Protection started successfully
2014/01/20 22:40:05 +0100 FAME-PC FAME MESSAGE Starting protection
2014/01/20 22:40:06 +0100 FAME-PC FAME MESSAGE Protection started successfully
2014/01/20 22:40:06 +0100 FAME-PC FAME MESSAGE Starting IP protection
2014/01/20 22:40:10 +0100 FAME-PC FAME MESSAGE IP Protection started successfully
Code:
ATTFilter # AdwCleaner v3.017 - Bericht erstellt am 20/01/2014 um 22:30:57
# Aktualisiert 12/01/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : FAME - FAME-PC
# Gestartet von : C:\Users\FAME\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\open it!
Ordner Gelöscht : C:\Program Files\BonanzaDeals
Ordner Gelöscht : C:\Program Files\myfree codec
Ordner Gelöscht : C:\Program Files\MyPC Backup
Ordner Gelöscht : C:\Program Files\openit
Ordner Gelöscht : C:\Users\FAME\AppData\Roaming\CheckPoint\ZoneAlarm LTD Toolbar
Ordner Gelöscht : C:\Users\FAME\AppData\Roaming\digitalsite
Ordner Gelöscht : C:\Users\FAME\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Ordner Gelöscht : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\Extensions\ffxtlbr@mysearchdial.com
Ordner Gelöscht : C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Datei Gelöscht : C:\Users\Public\Desktop\Open It!.lnk
Datei Gelöscht : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\invalidprefs.js
Datei Gelöscht : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\searchplugins\Mysearchdial.xml
Datei Gelöscht : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\user.js
Datei Gelöscht : C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
Datei Gelöscht : C:\Windows\Tasks\digitalsite.job
Datei Gelöscht : C:\Windows\System32\Tasks\digitalsite
Datei Gelöscht : C:\Windows\Tasks\MySearchDial.job
Datei Gelöscht : C:\Windows\System32\Tasks\MySearchDial
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D2EA5906-772C-4CB2-A740-B415807691AC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2EA5906-772C-4CB2-A740-B415807691AC}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77B30033-B821-4AB7-A23C-9D5F682D5CEB}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77B30033-B821-4AB7-A23C-9D5F682D5CEB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker-1_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\systweakasp_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\52ed7dbe66dec40
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photoscape_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_picasa_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FD501041-8EBE-11CE-8183-00AA00577DA2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : HKCU\Software\dsiteproducts
Schlüssel Gelöscht : HKCU\Software\Myfree Codec
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\InstallCore
Schlüssel Gelöscht : HKLM\Software\Myfree Codec
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKLM\Software\Tarma Installer
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\OpenIt Open It!
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm LTD Toolbar
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\prefs.js ]
Zeile gelöscht : user_pref("browser.search.defaultenginename", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.order.1", "Mysearchdial");
Zeile gelöscht : user_pref("browser.search.selectedEngine", "Mysearchdial");
Zeile gelöscht : user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCt[...]
Zeile gelöscht : user_pref("extensions.enabledAddons", "adblockpopups%40jessehakanen.net:0.9.1,magicplayer%40torrentstream.org:1.1.33,%7BB64D9B05-48E1-4CEB-BF58-E0643994E900%7D:4.5.3.1206,%7Bad9a41d2-9a49-4fa6-a79e-71[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.AL", 2);
Zeile gelöscht : user_pref("extensions.mysearchdial.aflt", "irmsd0101");
Zeile gelöscht : user_pref("extensions.mysearchdial.appId", "{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}");
Zeile gelöscht : user_pref("extensions.mysearchdial.cd", "2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzytDtCtG1T");
Zeile gelöscht : user_pref("extensions.mysearchdial.cntry", "DE");
Zeile gelöscht : user_pref("extensions.mysearchdial.cr", "635347469");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltLng", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.dfltSrch", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dnsErr", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.dpkLst", "3654782829,1334533236,1121012847,231756876,1895130307,603719297,4288797614,3754950497,426401714,3046281807,752626116,1657571787,3224935090,2597085128,18285[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.excTlbr", false);
Zeile gelöscht : user_pref("extensions.mysearchdial.hdrMd5", "2899773D6198FD44DA05256B5559BBF4");
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial.hmpgUrl", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutD[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.id", "00216B1271E8BA01");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlDay", "16090");
Zeile gelöscht : user_pref("extensions.mysearchdial.instlRef", "");
Zeile gelöscht : user_pref("extensions.mysearchdial.lastB", "hxxp://start.mysearchdial.com/?f=1&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1CzutDzy[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.lastVrsnTs", "1.8.21.021:48:26");
Zeile gelöscht : user_pref("extensions.mysearchdial.newTabUrl", "hxxp://start.mysearchdial.com/?f=2&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1Czu[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.pnu_base", "{\"newVrsn\":\"90\",\"lastVrsn\":\"90\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"false\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Zeile gelöscht : user_pref("extensions.mysearchdial.prdct", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.prtnrId", "mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.sg", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial.srchPrvdr", "Mysearchdial");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrId", "base");
Zeile gelöscht : user_pref("extensions.mysearchdial.tlbrSrchUrl", "hxxp://start.mysearchdial.com/?f=3&a=irmsd0101&cd=2XzuyEtN2Y1L1QzutDtDtBtCyC0BtCtByBtC0Ezz0B0AtDtCtN0D0Tzu0CyByDtCtN1L2XzutBtFtBtFtCyDtFtCyDzytBtN1L1C[...]
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsn", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial.vrsni", "1.8.21.0");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.hmpg", true);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.newTab", false);
Zeile gelöscht : user_pref("extensions.mysearchdial_i.smplGrp", "none");
Zeile gelöscht : user_pref("extensions.mysearchdial_i.vrsnTs", "1.8.21.021:48:26");
-\\ Google Chrome v
[ Datei : C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht : homepage
*************************
AdwCleaner[R0].txt - [15290 octets] - [20/01/2014 22:23:32]
AdwCleaner[S0].txt - [14706 octets] - [20/01/2014 22:30:57]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14767 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x86
Ran by FAME on 20.01.2014 at 22:40:25,91
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1959429063-2497190240-3554024458-1001\Software\sweetim
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\FAME\AppData\Roaming\mozilla\firefox\profiles\hdylpvm4.default-1371408368503\minidumps [94 files]
~~~ Chrome
Successfully deleted: [Folder] C:\Users\FAME\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 20.01.2014 at 22:44:23,80
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 19-01-2014 04
Ran by FAME (administrator) on FAME-PC on 20-01-2014 22:46:53
Running from C:\Users\FAME\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
() C:\Program Files\Common Files\makeupdate\makeupdate.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(KARPOLAN) C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\FAME\AppData\Roaming\TorrentStream\engine\tsengine.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Users\FAME\AppData\Roaming\TorrentStream\updater\tsupdate.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7862816 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13797992 2009-09-01] (NVIDIA Corporation)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk [1270 2011-03-23] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1618488 2013-10-24] (Bitdefender)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [TouchpadBlocker.exe] - C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe [968704 2010-09-09] (KARPOLAN)
HKCU\...\Run: [Google Update] - C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-08] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-12] (Google Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [TorrentStream] - C:\Users\FAME\AppData\Roaming\TorrentStream\engine\tsengine.exe [27904 2013-11-08] ()
MountPoints2: {03449298-4dc0-11e0-ba4c-00030dc316f7} - F:\LaunchU3.exe
MountPoints2: {0da85e8e-e7f4-11e1-8b45-00030dc316f7} - F:\Startme.exe
MountPoints2: {2023916e-57d4-11e0-b9f2-00030dc316f7} - F:\Startme.exe
MountPoints2: {54a8bc0b-01c7-11e2-8b77-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {add11a25-01e0-11e2-8b40-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {e427eee8-c392-11e2-83fa-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {f6fdca3c-b7bf-11e2-8323-00030dc316f7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
MountPoints2: {fb1553ec-f3b3-11e1-8b3f-00030dc316f7} - F:\Startme.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4BE26D9A0188CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503
FF NewTab: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\FAME\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\FAME\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.7.1 - C:\Users\FAME\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-14]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-27]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-14]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-01-28]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-10-27]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (GrooveShark JukeBox) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmfagolojoigoigjcadgnpcbnlcofa [2013-11-11]
CHR Extension: (YouTube) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2013-03-26]
CHR Extension: (Adblock Plus) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-26]
CHR Extension: (Full Screen Weather) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-03-26]
CHR Extension: (Google Play Music) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-11-11]
CHR Extension: (Jok) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlggbomchamnjfdhemokemmgdfhpooo [2013-11-11]
CHR Extension: (Google Play) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-11-11]
CHR Extension: (Harley) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecibcfohcfpfodcfkookegngniglohk [2013-07-17]
CHR Extension: (Free Kick) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfnhkningpdichadhkccomfjgkbgkknm [2013-11-10]
CHR Extension: (Google Mail-Checker) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-03-26]
CHR Extension: (DVDVideoSoft) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (TS Magic Player) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg [2013-10-29]
CHR Extension: (TV Germany - TV Duitsland Fernsehen) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeikdijhnfihaklejncbiaciicpenhak [2013-11-11]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-08]
CHR HKCU\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx [2013-10-27]
CHR StartMenuInternet: Google Chrome - C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-10-24] (Bitdefender)
R2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 makeupdate; C:\Program Files\Common Files\makeupdate\makeupdate.exe [79360 2011-12-13] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-10-24] (Bitdefender)
==================== Drivers (Whitelisted) ====================
S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-04-29] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-10-24] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-10-24] (BitDefender LLC)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-24] (BitDefender LLC)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2013-04-26] (Research in Motion Limited)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 StarOpen; No ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-20 22:44 - 2014-01-20 22:44 - 00001239 _____ C:\Users\FAME\Desktop\JRT.txt
2014-01-20 22:37 - 2014-01-20 22:37 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 22:36 - 2014-01-20 22:36 - 01037068 _____ (Thisisu) C:\Users\FAME\Desktop\JRT.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00014848 _____ C:\Users\FAME\Desktop\AdwCleaner[S0].txt
2014-01-20 22:23 - 2014-01-20 22:31 - 00000000 ____D C:\AdwCleaner
2014-01-20 22:17 - 2014-01-20 22:17 - 01236282 _____ C:\Users\FAME\Desktop\adwcleaner.exe
2014-01-20 22:16 - 2014-01-20 22:16 - 01236282 _____ C:\Users\FAME\Downloads\adwcleaner.exe
2014-01-20 21:54 - 2014-01-20 21:54 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-20 21:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-20 21:53 - 2014-01-20 21:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FAME\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 21:48 - 2014-01-20 22:19 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-20 21:48 - 2014-01-20 22:15 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DigitalSites
2014-01-20 21:48 - 2014-01-20 21:48 - 00000386 _____ C:\Users\FAME\Desktop\FREE Games.url
2014-01-20 21:44 - 2014-01-20 21:44 - 00680328 _____ ( ) C:\Users\FAME\Desktop\ZipOpenerSetup.exe
2014-01-20 19:47 - 2014-01-20 19:47 - 00026245 _____ C:\Users\FAME\Desktop\Gmer.txt
2014-01-20 19:07 - 2014-01-17 20:25 - 00379904 _____ C:\Users\FAME\Desktop\gmer.exe
2014-01-20 19:05 - 2014-01-20 19:06 - 00370672 _____ C:\Users\FAME\Desktop\gmer_2.1.19324.zip
2014-01-20 19:03 - 2014-01-20 19:04 - 00042106 _____ C:\Users\FAME\Desktop\Addition.txt
2014-01-20 19:02 - 2014-01-20 22:46 - 00024203 _____ C:\Users\FAME\Desktop\FRST.txt
2014-01-20 19:02 - 2014-01-20 19:02 - 01221120 _____ (Farbar) C:\Users\FAME\Desktop\FRST.exe
2014-01-20 19:02 - 2014-01-20 19:02 - 00000000 ____D C:\FRST
2014-01-20 18:55 - 2014-01-20 18:55 - 00000470 _____ C:\Users\FAME\Desktop\defogger_disable.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000000 _____ C:\Users\FAME\defogger_reenable
2014-01-20 18:53 - 2014-01-20 18:53 - 00050477 _____ C:\Users\FAME\Desktop\Defogger.exe
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-19 00:14 - 2014-01-19 00:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-19 00:11 - 2014-01-19 00:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-19 00:09 - 2014-01-19 00:09 - 00000000 __RHD C:\MSOCache
2014-01-18 23:54 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-18 23:54 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 23:54 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 23:54 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 23:53 - 2014-01-18 23:54 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 23:48 - 2014-01-18 23:51 - 1025493776 _____ (Microsoft Corporation) C:\Users\FAME\Downloads\X17-75062.exe
2014-01-16 17:45 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:45 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:45 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 21:22 - 2014-01-10 21:22 - 00000033 _____ C:\Users\FAME\Documents\bundesnetzagentur.txt
2014-01-10 18:14 - 2014-01-10 18:14 - 00001128 _____ C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-09 00:00 - 2014-01-09 00:00 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-08 23:56 - 2014-01-08 23:56 - 34008992 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-08 23:51 - 2014-01-08 23:52 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeDownload.exe
2014-01-03 00:48 - 2014-01-18 23:54 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 00:48 - 2014-01-03 00:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-03 00:45 - 2014-01-03 00:45 - 00915368 _____ (Oracle Corporation) C:\Users\FAME\Downloads\jxpiinstall.exe
2013-12-27 21:41 - 2013-12-27 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-20 22:47 - 2014-01-20 19:02 - 00024203 _____ C:\Users\FAME\Desktop\FRST.txt
2014-01-20 22:47 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-20 22:47 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-20 22:44 - 2014-01-20 22:44 - 00001239 _____ C:\Users\FAME\Desktop\JRT.txt
2014-01-20 22:39 - 2013-05-17 17:05 - 00000000 ____D C:\Users\FAME\AppData\Local\FreePDF_XP
2014-01-20 22:39 - 2012-04-19 00:15 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-20 22:39 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 22:38 - 2013-10-09 21:28 - 00016785 _____ C:\Windows\setupact.log
2014-01-20 22:37 - 2014-01-20 22:37 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 22:37 - 2011-05-04 01:31 - 01358484 _____ C:\Windows\WindowsUpdate.log
2014-01-20 22:36 - 2014-01-20 22:36 - 01037068 _____ (Thisisu) C:\Users\FAME\Desktop\JRT.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00014848 _____ C:\Users\FAME\Desktop\AdwCleaner[S0].txt
2014-01-20 22:31 - 2014-01-20 22:23 - 00000000 ____D C:\AdwCleaner
2014-01-20 22:28 - 2012-03-08 14:08 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001UA.job
2014-01-20 22:20 - 2012-04-02 19:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-20 22:19 - 2014-01-20 21:48 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-20 22:19 - 2013-03-23 18:55 - 00051602 _____ C:\Windows\PFRO.log
2014-01-20 22:17 - 2014-01-20 22:17 - 01236282 _____ C:\Users\FAME\Desktop\adwcleaner.exe
2014-01-20 22:16 - 2014-01-20 22:16 - 01236282 _____ C:\Users\FAME\Downloads\adwcleaner.exe
2014-01-20 22:15 - 2014-01-20 21:48 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DigitalSites
2014-01-20 22:15 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Speech
2014-01-20 21:59 - 2012-04-19 00:15 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-20 21:54 - 2014-01-20 21:54 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-20 21:53 - 2014-01-20 21:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FAME\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 21:48 - 2014-01-20 21:48 - 00000386 _____ C:\Users\FAME\Desktop\FREE Games.url
2014-01-20 21:44 - 2014-01-20 21:44 - 00680328 _____ ( ) C:\Users\FAME\Desktop\ZipOpenerSetup.exe
2014-01-20 21:27 - 2012-03-08 14:08 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001Core.job
2014-01-20 19:47 - 2014-01-20 19:47 - 00026245 _____ C:\Users\FAME\Desktop\Gmer.txt
2014-01-20 19:06 - 2014-01-20 19:05 - 00370672 _____ C:\Users\FAME\Desktop\gmer_2.1.19324.zip
2014-01-20 19:04 - 2014-01-20 19:03 - 00042106 _____ C:\Users\FAME\Desktop\Addition.txt
2014-01-20 19:02 - 2014-01-20 19:02 - 01221120 _____ (Farbar) C:\Users\FAME\Desktop\FRST.exe
2014-01-20 19:02 - 2014-01-20 19:02 - 00000000 ____D C:\FRST
2014-01-20 18:55 - 2014-01-20 18:55 - 00000470 _____ C:\Users\FAME\Desktop\defogger_disable.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000000 _____ C:\Users\FAME\defogger_reenable
2014-01-20 18:55 - 2009-10-31 01:32 - 00000000 ____D C:\Users\FAME
2014-01-20 18:53 - 2014-01-20 18:53 - 00050477 _____ C:\Users\FAME\Desktop\Defogger.exe
2014-01-20 18:49 - 2009-11-24 02:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 18:35 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 18:35 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2014-01-20 00:19 - 2012-05-17 12:25 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Fotobücher
2014-01-20 00:19 - 2012-05-17 12:24 - 00000000 ____D C:\Users\FAME\AppData\Local\Albelli Fotobücher
2014-01-19 23:28 - 2009-10-31 18:28 - 00165280 _____ C:\Users\FAME\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 21:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-19 21:05 - 2009-07-14 05:33 - 00527544 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 00:14 - 2014-01-19 00:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-19 00:14 - 2009-11-24 02:34 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-19 00:14 - 2009-11-24 02:31 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-19 00:14 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2014-01-19 00:14 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-19 00:11 - 2014-01-19 00:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-19 00:09 - 2014-01-19 00:09 - 00000000 __RHD C:\MSOCache
2014-01-18 23:54 - 2014-01-18 23:53 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 23:54 - 2014-01-03 00:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 23:54 - 2009-11-08 01:52 - 00000000 ____D C:\Program Files\Java
2014-01-18 23:51 - 2014-01-18 23:48 - 1025493776 _____ (Microsoft Corporation) C:\Users\FAME\Downloads\X17-75062.exe
2014-01-18 22:24 - 2012-12-25 23:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\UseNeXT
2014-01-17 20:25 - 2014-01-20 19:07 - 00379904 _____ C:\Users\FAME\Desktop\gmer.exe
2014-01-17 17:16 - 2013-08-15 18:34 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 17:06 - 2009-10-31 03:07 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 17:39 - 2011-07-30 22:59 - 00000000 ____D C:\Users\FAME\AppData\Roaming\vlc
2014-01-12 23:35 - 2013-05-09 21:06 - 00000000 ____D C:\Users\FAME\Documents\BLACKBERRY-08F1
2014-01-12 23:35 - 2010-01-16 04:30 - 00000000 ____D C:\Users\FAME\AppData\Local\CrashDumps
2014-01-10 21:22 - 2014-01-10 21:22 - 00000033 _____ C:\Users\FAME\Documents\bundesnetzagentur.txt
2014-01-10 21:18 - 2012-01-16 21:13 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2014-01-10 18:14 - 2014-01-10 18:14 - 00001128 _____ C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-09 22:43 - 2013-09-09 22:33 - 00000000 ____D C:\Users\FAME\Documents\Meral
2014-01-09 00:46 - 2009-10-31 01:34 - 01514382 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 00:01 - 2009-11-08 01:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\TuneUp Software
2014-01-09 00:00 - 2014-01-09 00:00 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-09 00:00 - 2009-11-08 01:54 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-08 23:57 - 2013-06-16 18:19 - 00000000 ____D C:\Program Files\DVDVideoSoft
2014-01-08 23:57 - 2013-06-16 18:19 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2014-01-08 23:57 - 2011-01-05 19:55 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DVDVideoSoft
2014-01-08 23:56 - 2014-01-08 23:56 - 34008992 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-08 23:52 - 2014-01-08 23:51 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeDownload.exe
2014-01-06 01:32 - 2013-03-15 18:32 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-03 00:48 - 2014-01-03 00:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-03 00:45 - 2014-01-03 00:45 - 00915368 _____ (Oracle Corporation) C:\Users\FAME\Downloads\jxpiinstall.exe
2014-01-02 16:35 - 2010-06-15 21:42 - 00017408 _____ C:\Users\FAME\AppData\Local\WebpageIcons.db
2013-12-28 22:53 - 2012-04-23 23:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-27 21:41 - 2013-12-27 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 19:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
Files to move or delete:
====================
C:\Users\FAME\UseNeXT_Systemkategorien.dat
Some content of TEMP:
====================
C:\Users\FAME\AppData\Local\Temp\3CC4590A-ECEC-455B-BEEF-5D97D950649B.exe
C:\Users\FAME\AppData\Local\Temp\BackupSetup.exe
C:\Users\FAME\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\FAME\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\FAME\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\FAME\AppData\Local\Temp\Quarantine.exe
C:\Users\FAME\AppData\Local\Temp\SHSetup.exe
C:\Users\FAME\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-14 21:05
==================== End Of Log ============================
--- --- --- |
|
21.01.2014, 12:42
| #4 |
| /// the machine /// TB-Ausbilder | Trojaner yelp helperbarESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
22.01.2014, 01:10
| #5 |
| | Trojaner yelp helperbarCode:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=86474ca00073be4ca1e4f1c7f9d9f002
# engine=16736
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-21 11:52:10
# local_time=2014-01-22 12:52:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 30939737 30939737 0 0
# compatibility_mode=5893 16776574 100 94 8814980 141979521 0 0
# scanned=239571
# found=6
# cleaned=0
# scan_time=25795
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=F1CE7CA368C32ABA326BC4C2E5A97B89168B031E ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NCY trojan" ac=I fn="C:\Users\FAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\52f7b03b-49fd0c23"
sh=606C79ABBD3B6B818CC28304EFE886016730EC19 ft=1 fh=8b33d91f4b00a9fd vn="Win32/RiskWare.HackAV.FI application" ac=I fn="C:\Users\FAME\Downloads\ESET NOD32 Antivirus 4.2.71.2.exe"
sh=DCB283D61C095E213D32F2AD5A388DA8A9AA69D8 ft=1 fh=b5a4b35c59a5b7bc vn="Win32/RiskWare.HackAV.FI application" ac=I fn="C:\Users\FAME\Downloads\ESET Smart Security 4.2.71.2.exe"
sh=CBBF699F4C157ADB8FC3588ED90875C9309F2D18 ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.FI application" ac=I fn="C:\Users\FAME\Downloads\ESET.4.2.71.2[KrG].rar"
sh=9CC5FEA424DC79DDF25E86663BD4433B02B13430 ft=1 fh=c71c0011784d8214 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\FAME\Downloads\Setup (1).exe"
Code:
ATTFilter ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internet# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=86474ca00073be4ca1e4f1c7f9d9f002
# engine=16736
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-21 11:52:10
# local_time=2014-01-22 12:52:10 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=771 16777214 16 1 30939737 30939737 0 0
# compatibility_mode=5893 16776574 100 94 8814980 141979521 0 0
# scanned=239571
# found=6
# cleaned=0
# scan_time=25795
sh=410B32FD3FE4642644AD91AC60C69B86EC2762DD ft=1 fh=0e378a435beab91a vn="a variant of Win32/Adware.Yontoo.B application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll.vir"
sh=F1CE7CA368C32ABA326BC4C2E5A97B89168B031E ft=0 fh=0000000000000000 vn="Java/TrojanDownloader.OpenStream.NCY trojan" ac=I fn="C:\Users\FAME\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59\52f7b03b-49fd0c23"
sh=606C79ABBD3B6B818CC28304EFE886016730EC19 ft=1 fh=8b33d91f4b00a9fd vn="Win32/RiskWare.HackAV.FI application" ac=I fn="C:\Users\FAME\Downloads\ESET NOD32 Antivirus 4.2.71.2.exe"
sh=DCB283D61C095E213D32F2AD5A388DA8A9AA69D8 ft=1 fh=b5a4b35c59a5b7bc vn="Win32/RiskWare.HackAV.FI application" ac=I fn="C:\Users\FAME\Downloads\ESET Smart Security 4.2.71.2.exe"
sh=CBBF699F4C157ADB8FC3588ED90875C9309F2D18 ft=0 fh=0000000000000000 vn="Win32/RiskWare.HackAV.FI application" ac=I fn="C:\Users\FAME\Downloads\ESET.4.2.71.2[KrG].rar"
sh=9CC5FEA424DC79DDF25E86663BD4433B02B13430 ft=1 fh=c71c0011784d8214 vn="a variant of Win32/Adware.iBryte.G application" ac=I fn="C:\Users\FAME\Downloads\Setup (1).exe"
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-01-2014
Ran by FAME (administrator) on FAME-PC on 22-01-2014 01:08:14
Running from C:\Users\FAME\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe
() C:\Program Files\Common Files\makeupdate\makeupdate.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Intel Corporation) C:\Program Files\Intel\IntelAppStore\bin\serviceManager.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe
(shbox.de) C:\Program Files\FreePDF_XP\fpassist.exe
(Geek Software GmbH) C:\Program Files\PDF24\pdf24.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(KARPOLAN) C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe
(Google Inc.) C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
() C:\Users\FAME\AppData\Roaming\TorrentStream\engine\tsengine.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
() C:\Users\FAME\AppData\Roaming\TorrentStream\updater\tsupdate.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_9_900_170.exe
() C:\Users\FAME\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\ielowutil.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7862816 2009-10-28] (Realtek Semiconductor)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13797992 2009-09-01] (NVIDIA Corporation)
HKLM\...\Run: [Intel AppUp(SM) center] - C:\Program Files\Intel\IntelAppStore\bin\serviceManager.lnk [1270 2011-03-23] ()
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [Bdagent] - C:\Program Files\Bitdefender\Bitdefender 2013\bdagent.exe [1618488 2013-10-24] (Bitdefender)
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM\...\Run: [PDFPrint] - C:\Program Files\PDF24\pdf24.exe [162856 2013-03-20] (Geek Software GmbH)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [Komsa_Germany Silverstone ModemListener] - C:\Program Files\HSPA USB MODEM\BackgroundService\ModemListener.exe [109120 2012-03-14] ()
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKCU\...\Run: [TouchpadBlocker.exe] - C:\Program Files\Touchpad Blocker\TouchpadBlocker.exe [968704 2010-09-09] (KARPOLAN)
HKCU\...\Run: [Google Update] - C:\Users\FAME\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2012-03-08] (Google Inc.)
HKCU\...\Run: [MusicManager] - C:\Users\FAME\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7380992 2013-11-12] (Google Inc.)
HKCU\...\Run: [iCloudServices] - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-09-14] (Apple Inc.)
HKCU\...\Run: [TorrentStream] - C:\Users\FAME\AppData\Roaming\TorrentStream\engine\tsengine.exe [27904 2013-11-08] ()
MountPoints2: {03449298-4dc0-11e0-ba4c-00030dc316f7} - F:\LaunchU3.exe
MountPoints2: {0da85e8e-e7f4-11e1-8b45-00030dc316f7} - F:\Startme.exe
MountPoints2: {2023916e-57d4-11e0-b9f2-00030dc316f7} - F:\Startme.exe
MountPoints2: {54a8bc0b-01c7-11e2-8b77-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {add11a25-01e0-11e2-8b40-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {e427eee8-c392-11e2-83fa-00030dc316f7} - F:\HTC_Sync_Manager_PC.exe
MountPoints2: {f6fdca3c-b7bf-11e2-8323-00030dc316f7} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL F:\start.exe
MountPoints2: {fb1553ec-f3b3-11e1-8b3f-00030dc316f7} - F:\Startme.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x4BE26D9A0188CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: DivX Plus Web Player HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: DivX HiQ - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503
FF NewTab: about:blank
FF Keyword.URL: user_pref("keyword.URL", "");
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin: @divx.com/DivX Player Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll No File
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @google.com/npPicasa3,version=3.0.0 - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @pages.tvunetworks.com/WebPlayer - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
FF Plugin: @playstation.com/PsndlCheck,version=1.00 - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @veetle.com/vbp;version=0.9.17 - C:\Program Files\Veetle\VLCBroadcast\npvbp.dll No File
FF Plugin: @videolan.org/vlc,version=2.0.7 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\FAME\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\FAME\AppData\Local\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @torrentstream.net/tsplugin,version=2.0.7.1 - C:\Users\FAME\AppData\Roaming\TorrentStream\player\npts_plugin.dll (Innovative Digital Technologies)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus Pop-up Addon - C:\Users\FAME\AppData\Roaming\Mozilla\Firefox\Profiles\hdylpvm4.default-1371408368503\Extensions\adblockpopups@jessehakanen.net.xpi [2013-09-14]
FF Extension: Click to call with Skype - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-27]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-27]
FF HKLM\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011-05-14]
FF HKLM\...\Firefox\Extensions: [{6904342A-8307-11DF-A508-4AE2DFD72085}] - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa
FF Extension: DivX HiQ - C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011-05-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext
FF Extension: bdToolbar - C:\Program Files\Bitdefender\Bitdefender 2013\bdtbext [2013-01-28]
FF HKCU\...\Firefox\Extensions: [magicplayer@torrentstream.org] - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org
FF Extension: TS Magic Player - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\firefox\magicplayer@torrentstream.org [2013-10-27]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchProvider: "name": "Mysearchdial"
CHR Plugin: (Shockwave Flash) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\FAME\AppData\Local\Google\Chrome\Application\32.0.1700.76\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (DivX Player Netscape Plugin) - C:\Program Files\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll (DivX, Inc)
CHR Plugin: (Flatcast Viewer Plugin 5.3.0.784) - C:\Program Files\Mozilla Firefox\plugins\NpFv530.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (DivX VOD Helper Plug-in) - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Picasa) - C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (PlayStation(R)Network Downloader Check Plug-in) - C:\Program Files\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.)
CHR Plugin: (TVU Web Player for FireFox) - C:\Program Files\TVUPlayer\npTVUAx.dll (TVU networks)
CHR Plugin: (VLC Multimedia Plug-in) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.150.3) - C:\Windows\system32\npDeployJava1.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Extension: (GrooveShark JukeBox) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjgmfagolojoigoigjcadgnpcbnlcofa [2013-11-11]
CHR Extension: (YouTube) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-11]
CHR Extension: (Google+ Benachrichtigungen) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\boemmnepglcoinjcdlfcpcbmhiecichi [2013-03-26]
CHR Extension: (Adblock Plus) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-03-26]
CHR Extension: (Full Screen Weather) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2013-03-26]
CHR Extension: (Google Play Music) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2013-11-11]
CHR Extension: (Jok) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\jhlggbomchamnjfdhemokemmgdfhpooo [2013-11-11]
CHR Extension: (Google Play) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2013-11-11]
CHR Extension: (Harley) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lecibcfohcfpfodcfkookegngniglohk [2013-07-17]
CHR Extension: (Free Kick) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfnhkningpdichadhkccomfjgkbgkknm [2013-11-10]
CHR Extension: (Google Mail-Checker) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2013-03-26]
CHR Extension: (DVDVideoSoft) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp [2014-01-09]
CHR Extension: (Google Wallet) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (TS Magic Player) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\ochbjojkpcmlfeagbaahkofepalngihg [2013-10-29]
CHR Extension: (TV Germany - TV Duitsland Fernsehen) - C:\Users\FAME\AppData\Local\Google\Chrome\User Data\Default\Extensions\oeikdijhnfihaklejncbiaciicpenhak [2013-11-11]
CHR HKLM\...\Chrome\Extension: [fnjbmmemklcjgepojigaapkoodmkgbae] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\wpa\wpa.crx [2011-02-08]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-08-16]
CHR HKLM\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files\DivX\DivX Plus Web Player\google_chrome\html5video\html5video.crx [2011-02-08]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-01-08]
CHR HKCU\...\Chrome\Extension: [ochbjojkpcmlfeagbaahkofepalngihg] - C:\Users\FAME\AppData\Roaming\TorrentStream\extensions\chrome\magicplayer.crx [2013-10-27]
CHR StartMenuInternet: Google Chrome - C:\Users\FAME\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S4 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2013\bdparentalservice.exe [62688 2013-10-24] (Bitdefender)
R2 Komsa_Germany Silverstone Modem Device Helper; C:\Program Files\HSPA USB MODEM\BackgroundService\ServiceManager.exe [53312 2012-03-14] ()
R2 makeupdate; C:\Program Files\Common Files\makeupdate\makeupdate.exe [79360 2011-12-13] ()
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe [54960 2013-10-24] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe [1343472 2013-10-24] (Bitdefender)
==================== Drivers (Whitelisted) ====================
S3 AlcatelOTnet; C:\Windows\System32\DRIVERS\AlcatelOTUsbnet.sys [118272 2011-06-20] (TCT International Mobile Ltd)
R3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [26080 2012-10-08] (Wondershare)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [640560 2013-10-24] (BitDefender)
R3 avchv; C:\Windows\System32\DRIVERS\avchv.sys [242504 2012-11-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [490144 2013-10-24] (BitDefender)
R1 BdfNdisf; c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [78144 2013-04-29] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [90704 2011-11-14] (BitDefender LLC)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [66832 2013-10-24] (BitDefender SRL)
R1 bdselfpr; C:\Program Files\Bitdefender\Bitdefender 2013\bdselfpr.sys [135600 2013-10-24] (BitDefender LLC)
S3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [36640 2010-10-25] ()
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [165744 2013-10-24] (BitDefender LLC)
S3 jrdusbser; C:\Windows\System32\DRIVERS\jrdusbser.sys [106112 2011-06-20] (TCT International Mobile Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MotDev; C:\Windows\System32\DRIVERS\motodrv.sys [42752 2009-05-08] (Motorola Inc)
S3 rimvndis; C:\Windows\System32\Drivers\rimvndis6.sys [14336 2013-04-26] (Research in Motion Limited)
R1 SLEE_17_DRIVER; C:\Windows\system32\drivers\Sleen17.sys [94560 2010-02-17] (Softwareentwicklung Remus - ArchiCrypt - )
R1 SLEE_18_DRIVER; C:\Windows\system32\drivers\Sleen18.sys [91112 2013-01-08] (Softwareentwicklung Remus - ArchiCrypt - )
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [360376 2013-10-24] (BitDefender S.R.L.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
S3 dgderdrv; System32\drivers\dgderdrv.sys [x]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
U5 hw_usbdev; C:\Windows\System32\Drivers\hw_usbdev.sys [102272 2011-10-24] (Huawei Technologies Co., Ltd.)
S3 nmwcd; system32\drivers\ccdcmb.sys [x]
S3 nmwcdc; system32\drivers\ccdcmbo.sys [x]
S3 StarOpen; No ImagePath
S3 upperdev; system32\DRIVERS\usbser_lowerflt.sys [x]
S3 UsbserFilt; system32\DRIVERS\usbser_lowerfltj.sys [x]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-22 01:07 - 2014-01-22 01:07 - 00000000 ____D C:\Users\FAME\Desktop\FRST-OlderVersion
2014-01-22 01:01 - 2014-01-22 01:01 - 00987425 _____ C:\Users\FAME\Desktop\SecurityCheck.exe
2014-01-22 00:59 - 2014-01-22 00:59 - 00001940 _____ C:\Users\FAME\Desktop\eset.txt
2014-01-21 17:31 - 2014-01-21 17:32 - 02347384 _____ (ESET) C:\Users\FAME\Desktop\esetsmartinstaller_enu.exe
2014-01-20 22:44 - 2014-01-20 22:44 - 00001239 _____ C:\Users\FAME\Desktop\JRT.txt
2014-01-20 22:37 - 2014-01-20 22:37 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 22:36 - 2014-01-20 22:36 - 01037068 _____ (Thisisu) C:\Users\FAME\Desktop\JRT.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00014848 _____ C:\Users\FAME\Desktop\AdwCleaner[S0].txt
2014-01-20 22:23 - 2014-01-20 22:31 - 00000000 ____D C:\AdwCleaner
2014-01-20 22:17 - 2014-01-20 22:17 - 01236282 _____ C:\Users\FAME\Desktop\adwcleaner.exe
2014-01-20 22:16 - 2014-01-20 22:16 - 01236282 _____ C:\Users\FAME\Downloads\adwcleaner.exe
2014-01-20 21:54 - 2014-01-20 21:54 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-20 21:54 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-20 21:53 - 2014-01-20 21:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FAME\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 21:48 - 2014-01-22 00:48 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-20 21:48 - 2014-01-20 22:15 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DigitalSites
2014-01-20 21:48 - 2014-01-20 21:48 - 00000386 _____ C:\Users\FAME\Desktop\FREE Games.url
2014-01-20 19:47 - 2014-01-20 19:47 - 00026245 _____ C:\Users\FAME\Desktop\Gmer.txt
2014-01-20 19:07 - 2014-01-17 20:25 - 00379904 _____ C:\Users\FAME\Desktop\gmer.exe
2014-01-20 19:05 - 2014-01-20 19:06 - 00370672 _____ C:\Users\FAME\Desktop\gmer_2.1.19324.zip
2014-01-20 19:03 - 2014-01-20 19:04 - 00042106 _____ C:\Users\FAME\Desktop\Addition.txt
2014-01-20 19:02 - 2014-01-22 01:08 - 00024336 _____ C:\Users\FAME\Desktop\FRST.txt
2014-01-20 19:02 - 2014-01-22 01:07 - 01222144 _____ (Farbar) C:\Users\FAME\Desktop\FRST.exe
2014-01-20 19:02 - 2014-01-22 01:07 - 00000000 ____D C:\FRST
2014-01-20 18:55 - 2014-01-20 18:55 - 00000470 _____ C:\Users\FAME\Desktop\defogger_disable.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000000 _____ C:\Users\FAME\defogger_reenable
2014-01-20 18:53 - 2014-01-20 18:53 - 00050477 _____ C:\Users\FAME\Desktop\Defogger.exe
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-19 00:14 - 2014-01-19 00:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-19 00:11 - 2014-01-19 00:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-19 00:09 - 2014-01-19 00:09 - 00000000 __RHD C:\MSOCache
2014-01-18 23:54 - 2013-12-18 21:10 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-18 23:54 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-18 23:54 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-18 23:54 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-18 23:53 - 2014-01-18 23:54 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 23:48 - 2014-01-18 23:51 - 1025493776 _____ (Microsoft Corporation) C:\Users\FAME\Downloads\X17-75062.exe
2014-01-16 17:45 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-16 17:45 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-16 17:45 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-16 17:45 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-10 21:22 - 2014-01-10 21:22 - 00000033 _____ C:\Users\FAME\Documents\bundesnetzagentur.txt
2014-01-10 18:14 - 2014-01-10 18:14 - 00001128 _____ C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-09 00:00 - 2014-01-09 00:00 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-08 23:56 - 2014-01-08 23:56 - 34008992 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-08 23:51 - 2014-01-08 23:52 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeDownload.exe
2014-01-03 00:48 - 2014-01-18 23:54 - 00000000 ____D C:\ProgramData\Oracle
2014-01-03 00:48 - 2014-01-03 00:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-03 00:45 - 2014-01-03 00:45 - 00915368 _____ (Oracle Corporation) C:\Users\FAME\Downloads\jxpiinstall.exe
2013-12-27 21:41 - 2013-12-27 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-22 01:09 - 2014-01-20 19:02 - 00024336 _____ C:\Users\FAME\Desktop\FRST.txt
2014-01-22 01:07 - 2014-01-22 01:07 - 00000000 ____D C:\Users\FAME\Desktop\FRST-OlderVersion
2014-01-22 01:07 - 2014-01-20 19:02 - 01222144 _____ (Farbar) C:\Users\FAME\Desktop\FRST.exe
2014-01-22 01:07 - 2014-01-20 19:02 - 00000000 ____D C:\FRST
2014-01-22 01:01 - 2014-01-22 01:01 - 00987425 _____ C:\Users\FAME\Desktop\SecurityCheck.exe
2014-01-22 01:00 - 2011-05-04 01:31 - 01426560 _____ C:\Windows\WindowsUpdate.log
2014-01-22 00:59 - 2014-01-22 00:59 - 00001940 _____ C:\Users\FAME\Desktop\eset.txt
2014-01-22 00:59 - 2012-04-19 00:15 - 00001094 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-22 00:48 - 2014-01-20 21:48 - 00000288 _____ C:\Windows\Tasks\Digital Sites.job
2014-01-22 00:28 - 2012-03-08 14:08 - 00001116 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001UA.job
2014-01-22 00:20 - 2012-04-02 19:32 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-21 21:27 - 2012-03-08 14:08 - 00001064 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1959429063-2497190240-3554024458-1001Core.job
2014-01-21 17:35 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-21 17:35 - 2009-07-14 05:34 - 00013216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-21 17:32 - 2014-01-21 17:31 - 02347384 _____ (ESET) C:\Users\FAME\Desktop\esetsmartinstaller_enu.exe
2014-01-21 17:28 - 2013-05-17 17:05 - 00000000 ____D C:\Users\FAME\AppData\Local\FreePDF_XP
2014-01-21 17:28 - 2012-04-19 00:15 - 00001090 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-21 17:27 - 2013-10-09 21:28 - 00016841 _____ C:\Windows\setupact.log
2014-01-21 17:27 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-20 22:44 - 2014-01-20 22:44 - 00001239 _____ C:\Users\FAME\Desktop\JRT.txt
2014-01-20 22:37 - 2014-01-20 22:37 - 00000000 ____D C:\Windows\ERUNT
2014-01-20 22:36 - 2014-01-20 22:36 - 01037068 _____ (Thisisu) C:\Users\FAME\Desktop\JRT.exe
2014-01-20 22:33 - 2014-01-20 22:33 - 00014848 _____ C:\Users\FAME\Desktop\AdwCleaner[S0].txt
2014-01-20 22:31 - 2014-01-20 22:23 - 00000000 ____D C:\AdwCleaner
2014-01-20 22:30 - 2012-11-27 17:20 - 00000000 ____D C:\Users\FAME\AppData\Roaming\CheckPoint
2014-01-20 22:19 - 2013-03-23 18:55 - 00051602 _____ C:\Windows\PFRO.log
2014-01-20 22:18 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Speech
2014-01-20 22:17 - 2014-01-20 22:17 - 01236282 _____ C:\Users\FAME\Desktop\adwcleaner.exe
2014-01-20 22:16 - 2014-01-20 22:16 - 01236282 _____ C:\Users\FAME\Downloads\adwcleaner.exe
2014-01-20 22:15 - 2014-01-20 21:48 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DigitalSites
2014-01-20 21:54 - 2014-01-20 21:54 - 00001077 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-20 21:54 - 2014-01-20 21:54 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2014-01-20 21:53 - 2014-01-20 21:53 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\FAME\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-20 21:48 - 2014-01-20 21:48 - 00000386 _____ C:\Users\FAME\Desktop\FREE Games.url
2014-01-20 19:47 - 2014-01-20 19:47 - 00026245 _____ C:\Users\FAME\Desktop\Gmer.txt
2014-01-20 19:06 - 2014-01-20 19:05 - 00370672 _____ C:\Users\FAME\Desktop\gmer_2.1.19324.zip
2014-01-20 19:04 - 2014-01-20 19:03 - 00042106 _____ C:\Users\FAME\Desktop\Addition.txt
2014-01-20 18:55 - 2014-01-20 18:55 - 00000470 _____ C:\Users\FAME\Desktop\defogger_disable.log
2014-01-20 18:55 - 2014-01-20 18:55 - 00000000 _____ C:\Users\FAME\defogger_reenable
2014-01-20 18:55 - 2009-10-31 01:32 - 00000000 ____D C:\Users\FAME
2014-01-20 18:53 - 2014-01-20 18:53 - 00050477 _____ C:\Users\FAME\Desktop\Defogger.exe
2014-01-20 18:49 - 2009-11-24 02:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-20 18:39 - 2014-01-20 18:39 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-20 18:35 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\System
2014-01-20 18:35 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2014-01-20 00:19 - 2012-05-17 12:25 - 00000000 ____D C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albelli Fotobücher
2014-01-20 00:19 - 2012-05-17 12:24 - 00000000 ____D C:\Users\FAME\AppData\Local\Albelli Fotobücher
2014-01-19 23:28 - 2009-10-31 18:28 - 00165280 _____ C:\Users\FAME\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-19 21:57 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2014-01-19 21:05 - 2009-07-14 05:33 - 00527544 _____ C:\Windows\system32\FNTCACHE.DAT
2014-01-19 00:14 - 2014-01-19 00:14 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2014-01-19 00:14 - 2009-11-24 02:34 - 00000000 ____D C:\Program Files\Microsoft.NET
2014-01-19 00:14 - 2009-11-24 02:31 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-19 00:14 - 2009-07-14 09:57 - 00000000 ____D C:\Windows\ShellNew
2014-01-19 00:14 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-19 00:11 - 2014-01-19 00:11 - 00000000 ____D C:\Program Files\Microsoft Analysis Services
2014-01-19 00:09 - 2014-01-19 00:09 - 00000000 __RHD C:\MSOCache
2014-01-18 23:54 - 2014-01-18 23:53 - 00005315 _____ C:\Windows\system32\jupdate-1.7.0_51-b13.log
2014-01-18 23:54 - 2014-01-03 00:48 - 00000000 ____D C:\ProgramData\Oracle
2014-01-18 23:54 - 2009-11-08 01:52 - 00000000 ____D C:\Program Files\Java
2014-01-18 23:51 - 2014-01-18 23:48 - 1025493776 _____ (Microsoft Corporation) C:\Users\FAME\Downloads\X17-75062.exe
2014-01-18 22:24 - 2012-12-25 23:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\UseNeXT
2014-01-17 20:25 - 2014-01-20 19:07 - 00379904 _____ C:\Users\FAME\Desktop\gmer.exe
2014-01-17 17:16 - 2013-08-15 18:34 - 00000000 ____D C:\Windows\system32\MRT
2014-01-17 17:06 - 2009-10-31 03:07 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-16 17:39 - 2011-07-30 22:59 - 00000000 ____D C:\Users\FAME\AppData\Roaming\vlc
2014-01-12 23:35 - 2013-05-09 21:06 - 00000000 ____D C:\Users\FAME\Documents\BLACKBERRY-08F1
2014-01-12 23:35 - 2010-01-16 04:30 - 00000000 ____D C:\Users\FAME\AppData\Local\CrashDumps
2014-01-10 21:22 - 2014-01-10 21:22 - 00000033 _____ C:\Users\FAME\Documents\bundesnetzagentur.txt
2014-01-10 21:18 - 2012-01-16 21:13 - 00000000 ____D C:\Program Files\Mozilla Thunderbird
2014-01-10 18:14 - 2014-01-10 18:14 - 00001128 _____ C:\Users\FAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-09 22:43 - 2013-09-09 22:33 - 00000000 ____D C:\Users\FAME\Documents\Meral
2014-01-09 00:46 - 2009-10-31 01:34 - 01514382 _____ C:\Windows\system32\PerfStringBackup.INI
2014-01-09 00:01 - 2009-11-08 01:54 - 00000000 ____D C:\Users\FAME\AppData\Roaming\TuneUp Software
2014-01-09 00:00 - 2014-01-09 00:00 - 00000000 __SHD C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-01-09 00:00 - 2009-11-08 01:54 - 00000000 ____D C:\ProgramData\TuneUp Software
2014-01-08 23:57 - 2013-06-16 18:19 - 00000000 ____D C:\Program Files\DVDVideoSoft
2014-01-08 23:57 - 2013-06-16 18:19 - 00000000 ____D C:\Program Files\Common Files\DVDVideoSoft
2014-01-08 23:57 - 2011-01-05 19:55 - 00000000 ____D C:\Users\FAME\AppData\Roaming\DVDVideoSoft
2014-01-08 23:56 - 2014-01-08 23:56 - 34008992 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeToMP3Converter.exe
2014-01-08 23:52 - 2014-01-08 23:51 - 32244744 _____ (DVDVideoSoft Ltd. ) C:\Users\FAME\Downloads\FreeYouTubeDownload.exe
2014-01-06 01:32 - 2013-03-15 18:32 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2014-01-03 00:48 - 2014-01-03 00:48 - 00000000 ____D C:\Program Files\Common Files\Java
2014-01-03 00:45 - 2014-01-03 00:45 - 00915368 _____ (Oracle Corporation) C:\Users\FAME\Downloads\jxpiinstall.exe
2014-01-02 16:35 - 2010-06-15 21:42 - 00017408 _____ C:\Users\FAME\AppData\Local\WebpageIcons.db
2013-12-28 22:53 - 2012-04-23 23:27 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2013-12-27 21:41 - 2013-12-27 21:41 - 00000000 ____D C:\Program Files\Mozilla Firefox
2013-12-27 19:46 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\NDF
Files to move or delete:
====================
C:\Users\FAME\UseNeXT_Systemkategorien.dat
Some content of TEMP:
====================
C:\Users\FAME\AppData\Local\Temp\3CC4590A-ECEC-455B-BEEF-5D97D950649B.exe
C:\Users\FAME\AppData\Local\Temp\BackupSetup.exe
C:\Users\FAME\AppData\Local\Temp\BlackBerryDeviceManager.exe
C:\Users\FAME\AppData\Local\Temp\BlackBerryLauncher.exe
C:\Users\FAME\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\FAME\AppData\Local\Temp\Quarantine.exe
C:\Users\FAME\AppData\Local\Temp\SHSetup.exe
C:\Users\FAME\AppData\Local\Temp\uninst1.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-14 21:05
==================== End Of Log ============================
--- --- --- |
|
22.01.2014, 16:32
| #6 |
| /// the machine /// TB-Ausbilder | Trojaner yelp helperbar Fertig Falls Du Lob oder Kritik loswerden möchtest kannst Du das hier tun Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Trojaner yelp helperbar |
|
22.01.2014, 23:38
| #7 |
| | Trojaner yelp helperbar Super, vielen Dank für die klasse Hilfe. Vor allem so schnell. Ich werde auf jeden Fall spenden. Kannst Du mir nur noch sagen, warum dieser dämliche Feuerfuchs immer einfriert?? Kannst Du mir vielleicht auch sagen, warum ich in Chrome immer start.mysearchdial und nach wie vor yelp als reiter geöffnet bekomme? |
|
23.01.2014, 19:32
| #8 |
| /// the machine /// TB-Ausbilder | Trojaner yelp helperbar Warum sagst Du mir sowas nit wenn ich frage ob es noch Probleme gibt? Firefox und Chrome komplett deinstalliren, keine Daten behalten, neu installieren. Firefox dann das: https://support.mozilla.org/de/kb/fi...einfach-loesen Immer noch?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.01.2014, 20:57
| #9 |
| | Trojaner yelp helperbar BOMBE!!! Vielen Dank, ich hab beide Browser runter geschmissen und opera installiert: rasend schnell und keine helpbar! 1000 Dank schrauber, das war echte Maßarbeit! Cheers! Du kannst mich rausnehmen, ich hab mich mit meinem Rechner wieder versöhnt :-D |
|
24.01.2014, 14:20
| #10 |
| /// the machine /// TB-Ausbilder | Trojaner yelp helperbar Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
Linear-Darstellung
