Sporadische Abstürze des Windows Explorers, modifizierter MBR

schrauber · 04.02.2014, 11:50

Wer sagt das? Lass bitte nochmal MBR Master von Emsisoft laufen.

AlterHase · 04.02.2014, 14:40

Hallo Schrauber,

hier das Ergebnis von MBR Master

Code:

ATTFilter

Detected Windows version: 6.0 Build 6002 Service Pack 2
Installing direct disk access driver ...
Driver connection handle: 0x000000D0
1 valid drive(s) found.

Details for Disk 0 - WDC WD32 00BEVT-35ZCT Rev 11.0:
  Device name              : \\.\PhysicalDrive0
  Geometry (C/H/S)         : 38913/255/63
  Boot loader reputation   : Known Good (Windows Vista)
  Cross view comparison    : Passed
  Partition table integrity: Passed

  Boot loader hashes
    SHA-1                  : 8DF43F2BDE2D9451948FA14B5279969C777A7979
    MD5                    : 5C616939100B85E558DA92B899A0FC36

Der MBR-Backup und das Programmfenster sind im Anhang.

Gruß
AlterHase

schrauber · 05.02.2014, 09:21

Sieht alles gut aus.

Zitat:

Es scheinen also immer noch problematische Dateinen vorhanden zu sein.

Wie kommst du darauf?

AlterHase · 05.02.2014, 13:15

Hallo Schrauber,

meine Vermutung stützt sich nur auf die GMER-Meldungen vom 03.02. 15:46:27, weiter nichts. Die Explorer-Abstürze sind bis auf den einen genannten Fall bei der Datei-Umbenennung nicht mehr aufgetreten.

Gruß
AlterHase

schrauber · 06.02.2014, 10:08

Das GMER log ist sauber. Poste bitte zum Abschluss ein frisches FRST log, dann räumen wir auf

AlterHase · 06.02.2014, 14:35

Hallo Schrauber,

hier der FRST-Log:

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-02-2014
Ran by Guru (administrator) on TRAUMBOY on 06-02-2014 14:26:51
Running from C:\Users\Guru\Desktop
Microsoft® Windows Vista™ Home Premium  Service Pack 2 (X86) OS Language: German Standard
Internet Explorer Version 9
Boot Mode: Normal



==================== Processes (Whitelisted) ===================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\E_S00RP2.EXE
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7Debug\mdm.exe
() C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared Files\RichVideo.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Star Finanz - Software Entwicklung und Vertriebs GmbH) C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe
(SEIKO EPSON CORPORATION) C:\Windows\System32\SAgent4.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\PowerDVD\PDVDServ.exe
(Elaborate Bytes AG) D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Gemalto N.V.) C:\Users\Edith\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe
() C:\Users\Edith\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ArcSoft, Inc.) C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Cyberlink Corp.) C:\Program Files\PowerDVD\PDVDServ.exe
(Elaborate Bytes AG) D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(IVT Corporation) D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(ArcSoft, Inc.) C:\Program Files\MSI\ArcSoft\TotalMedia\TMMonitor.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [RemoteControl] - C:\Program Files\PowerDVD\PDVDServ.exe [71216 2007-03-14] (Cyberlink Corp.)
HKLM\...\Run: [VirtualCloneDrive] - D:\Tools\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [52168 2008-06-29] (Elaborate Bytes AG)
HKLM\...\Run: [Eraser] - C:\Program Files\Eraser\Eraser.exe [980920 2012-05-22] (The Eraser Project)
HKLM\...\Run: [ROC_roc_ssl_v12] - "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
HKLM\...\Run: [] - [X]
HKLM\...\Run: [MSC] - C:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Run: [BtTray] - D:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [315478 2009-09-02] (IVT Corporation)
HKU\S-1-5-21-649218269-1362006895-3548190089-1003\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-649218269-1362006895-3548190089-1003\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-649218269-1362006895-3548190089-1003\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-649218269-1362006895-3548190089-1003\...\MountPoints2: {98fa05c2-9cec-11dd-8062-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [PC Suite Tray] - "C:\Programme\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [Alamandi tray notifier] - C:\Program Files\DEUTSCHLAND SPIELT\AlamandiCD\TaskBarNotifier.exe
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [] - C:\Program Files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [SanDiskSecureAccess_Manager.exe] - C:\Users\Edith\AppData\Roaming\SanDisk\SanDiskSecureAccess_Manager.exe [27311232 2011-06-29] (Gemalto N.V.)
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Edith\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-649218269-1362006895-3548190089-1004\...\Run: [WMPNSCFG] - C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
Startup: C:\Users\Root\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk.disabled
ShortcutTarget: OpenOffice.org 3.0.lnk.disabled -> C:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.bing.com
URLSearchHook: HKLM - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
URLSearchHook: HKCU - (No Name) - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F464F524D3D56453344303126713D7B7365617263685465726D737D267372633D7B72656665727265723A736F757263653F7D&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {0A8AE23C-A3ED-437D-917D-0BA70E1E7F7A} URL = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {5F561372-A6B6-45F1-B03A-1F17A57CFD88} URL = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E676F6F676C652E636F6D2F7365617263683F713D7B7365617263685465726D737D26726C733D636F6D2E6D6963726F736F66743A7B6C616E67756167657D3A7B72656665727265723A736F757263653F7D2669653D7B696E707574456E636F64696E677D266F653D7B6F7574707574456E636F64696E677D26736F7572636569643D696537&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&k=0
SearchScopes: HKCU - {7917D784-2086-42C1-A64A-5D9243A58FFF} URL = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {9EFD52BD-8D03-470F-A6A3-22F442E06C7C} URL = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {A75FFC07-A59B-4880-8979-34EAEBD8CD9E} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=386496&p={searchTerms}
SearchScopes: HKCU - {A8FC31F3-57C3-4DE9-9C3A-2EA3F90F6023} URL = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
SearchScopes: HKCU - {F9FFBD07-CBED-4537-9120-845121F47B44} URL = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=dc91b82c-c929-4a4a-b4da-a66fbb18846c&pid=fotofreeware&mode=bounce&k=0
BHO: No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: MyEmoticons Class - {DCC39ACE-709B-44EA-B062-5F6BE2774644} - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons-1.4.dll (GreenTree Applications)
Toolbar: HKLM - No Name - {5786d022-540e-4699-b350-b4be0ae94b79} -  No File
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Windows\system32\skype4com.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default
FF DefaultSearchEngine: MetaGer
FF SelectedSearchEngine: MetaGer
FF Homepage: hxxp://www.metager.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin: @digitalpublishing.de/dpLaunch - C:\Program Files\digital publishing\LAUNCHER_12_999999\nplaunch.dll (digital publishing AG)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\PROGRAM FILES\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll No File
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.51.2 - D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WPF,version=3.5 - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll No File
FF Plugin: @pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin: @real.com/npracplug;version=1.0.0.0 - C:\Program Files\Real\RealArcade\Plugins\Mozilla\npracplug.dll (RealNetworks)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.0.8 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Guru\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin - C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin HKCU: thehappycloud.com/HappyCloudPlugin - C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npgcplug.dll (RealNetworks)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npracplug.dll (RealNetworks)
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\ashampoo-de-customized-web-search.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\metager.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{CC82F702-0437-4623-B58F-098E34B6D510}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{E77802C1-8764-420A-BDB9-4B5B82C90948}.xml
FF SearchPlugin: C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\searchplugins\{F088237D-FE59-4CD3-AC20-23626D5F303F}.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-12-04]
FF Extension: YouTube mp3 - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\info@youtube-mp3.org.xpi [2012-07-05]
FF Extension: NoScript - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012-07-05]
FF Extension: Adblock Plus - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-07-05]
FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [myemoticons@myemoticons.com] - C:\Users\Guru\AppData\Roaming\MyEmoticons\myemoticons@myemoticons.com-1.4
FF HKCU\...\Firefox\Extensions: [extension@preispilot.com] - C:\Users\Guru\AppData\Roaming\Mozilla\Firefox\Profiles\23nc5p0g.default\extensions\extension@preispilot.com

========================== Services (Whitelisted) =================

R2 Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [132424 2008-11-07] (Apple Inc.)
R2 BlueSoleilCS; D:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [1466476 2009-09-02] (IVT Corporation)
R3 BsHelpCS; D:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2009-09-02] (IVT Corporation)
R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2007-05-23] (CrypKey (Canada) Ltd.)
R2 EPSON_PM_RPCV2_02; C:\Windows\system32\E_S00RP2.EXE [65536 2004-02-19] (SEIKO EPSON CORPORATION)
S2 gupdate1c986be46fae48f; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-04] (Google Inc.)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [280288 2013-10-23] (Microsoft Corporation)
R2 PassThru Service; C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] ()
R2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [272024 2006-12-19] ()
R2 Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [3064000 2012-10-02] (Skype Technologies S.A.)
R2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0 S-Edition\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)
R2 StatusAgent4; C:\Windows\system32\SAgent4.exe [122880 2002-12-11] (SEIKO EPSON CORPORATION)
S4 uvnc_service; D:\Program Files\UltraVNC\winvnc.exe [1830856 2009-07-09] (UltraVNC)
S3 WLSetupSvc; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [266240 2007-10-25] (Microsoft Corporation)
S4 DlProtectSvc; C:\Windows\System32\DlProtectSvc.exe [X]
S2 mshta32; C:\Windows\system32\kbd106nd.exe [X]
S4 SophosVirusRemovalTool; C:\Program Files\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [X]

==================== Drivers (Whitelisted) ====================

R2 ACEDRV06; C:\Windows\system32\drivers\ACEDRV06.sys [99840 2010-04-29] (Protect Software GmbH)
R2 ACEDRV08; C:\Windows\system32\drivers\ACEDRV08.sys [108768 2009-10-07] (Protect Software GmbH)
R2 acedrv09; C:\Windows\system32\drivers\acedrv09.sys [373568 2007-06-18] (Protect Software GmbH)
R2 acedrv10; C:\Windows\system32\drivers\acedrv10.sys [583128 2007-10-28] (Protect Software GmbH)
R2 acedrv11; C:\Windows\system32\drivers\acedrv11.sys [185472 2010-02-24] (Protect Software GmbH)
R2 acehlp09; C:\Windows\system32\drivers\acehlp09.sys [201696 2007-05-30] (Protect Software GmbH)
R2 acehlp10; C:\Windows\system32\drivers\acehlp10.sys [250560 2007-10-26] (Protect Software GmbH)
S3 ADDMEM; C:\Users\Root\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [3205 2010-12-10] ()
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [306816 2009-04-17] (AfaTech                  )
R3 Afc; C:\Windows\System32\drivers\Afc.sys [11776 2005-02-23] (Arcsoft, Inc.)
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [278984 2009-10-08] ()
S3 BlueletAudio; C:\Windows\System32\DRIVERS\blueletaudio.sys [33800 2009-06-17] (IVT Corporation.)
S3 BlueletSCOAudio; C:\Windows\System32\DRIVERS\BlueletSCOAudio.sys [27528 2009-06-17] (IVT Corporation.)
R3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.)
S3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [39304 2009-07-08] (IVT Corporation.)
R0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [20744 2009-06-17] (IVT Corporation.)
R3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-06-17] ()
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [24392 2008-07-21] (Elaborate Bytes AG)
S3 gdrv; C:\Windows\gdrv.sys [17488 2009-12-17] (Windows (R) 2000 DDK provider)
R3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-06-17] (IVT Corporation.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-09-12] (SAMSUNG ELECTRONICS CO., LTD.)
S3 KOBCCEX; C:\Windows\System32\drivers\KOBCCEX.sys [23680 2008-07-09] (KOBIL Systems GmbH)
S3 KOBCCID; C:\Windows\System32\drivers\KOBCCID.sys [94720 2012-07-09] (KOBIL Systems GmbH)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25416 2009-01-30] ()
S3 MosIrUsb; C:\Windows\System32\DRIVERS\MosIrUsb.sys [22016 2007-10-11] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl4f2e32e6; C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{CB1187FB-495E-457C-B13B-31B3C340D855}\MpKsl4f2e32e6.sys [40392 2014-02-06] (Microsoft Corporation)
R1 NetworkX; C:\Windows\system32\ckldrv.sys [16896 2007-05-01] ()
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-12-09] (RapidSolution Software AG)
R1 SCT_SKMScan; C:\Windows\System32\DRIVERS\sct_skmscan.sys [33568 2011-03-09] (Sophos Plc)
S3 SIVDRIVER; C:\Windows\system32\Drivers\SIVX32.sys [72256 2010-09-13] (Ray Hinchliffe)
R3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-12-09] (RapidSolution Software AG)
S3 VBoxNetAdp; C:\Windows\System32\DRIVERS\VBoxNetAdp.sys [91472 2009-08-05] (Sun Microsystems, Inc.)
R3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-06-17] (IVT Corporation.)
R3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-06-17] (IVT Corporation.)
S3 VMC302; C:\Windows\System32\Drivers\VMC302.sys [243840 2009-01-23] (Vimicro Corporation)
S1 Ai2Chroniker; system32\DRIVERS\Ai2Chroniker.sys [X]
S3 Ai2Mmpd; system32\DRIVERS\Ai2Mmpd.sys [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S0 BTHidEnum; System32\Drivers\vbtenum.sys [X]
S0 BTHidMgr; System32\Drivers\BTHidMgr.sys [X]
S3 btwaudio; system32\drivers\btwaudio.sys [X]
S3 btwavdt; system32\drivers\btwavdt.sys [X]
S3 btwrchid; system32\DRIVERS\btwrchid.sys [X]
S3 catchme; \??\C:\Users\Guru\AppData\Local\Temp\catchme.sys [X]
S3 cpuz134; \??\C:\Users\Root\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-06 14:26 - 2014-02-06 14:26 - 00024860 _____ () C:\Users\Guru\Desktop\FRST.txt
2014-02-04 14:29 - 2014-02-04 14:29 - 00072064 _____ () C:\Users\Guru\Desktop\~BRMaster.tmp
2014-02-04 14:29 - 2014-02-04 14:29 - 00000603 _____ () C:\Users\Guru\Desktop\MBRMastr_2014.02.04_14.29.29.txt
2014-02-04 14:20 - 2014-02-04 14:20 - 00000603 _____ () C:\Users\Guru\Desktop\MBRMastr_2014.02.04_14.20.59.txt
2014-02-04 14:20 - 2014-02-04 14:20 - 00000567 _____ () C:\Users\Guru\Desktop\emsi2.zip
2014-02-04 14:06 - 2014-02-04 14:06 - 00074590 _____ () C:\Users\Guru\Desktop\~msisoft_Fenster.tmp
2014-02-04 14:05 - 2006-11-02 13:56 - 00001610 _____ () C:\Users\Guru\Desktop\Snipping Tool.lnk
2014-02-04 13:56 - 2014-02-04 13:56 - 00000512 _____ () C:\Users\Guru\Desktop\emsi2.mbr
2014-02-03 15:46 - 2014-02-03 15:46 - 00007229 _____ () C:\Users\Guru\Desktop\gmer_run_03_02_14.log
2014-02-03 15:15 - 2014-02-03 15:15 - 00380416 _____ () C:\Users\Guru\Desktop\Gmer-19357.exe
2014-02-03 14:37 - 2014-02-03 14:37 - 00013864 _____ () C:\Users\Guru\Desktop\MBRCheck_02.03.14_14.37.27.txt
2014-02-03 12:15 - 2014-02-03 12:20 - 00000000 ____D () C:\Windows\pss
2014-02-02 16:56 - 2014-02-03 17:02 - 00001742 _____ () C:\Users\Guru\Desktop\DiskEditor.exe - Verknüpfung.lnk
2014-02-02 13:46 - 2014-02-02 13:46 - 04101441 _____ () C:\Users\Guru\Downloads\tdsskiller.zip
2014-02-02 13:39 - 2013-11-18 06:28 - 04121952 _____ (Kaspersky Lab ZAO) C:\Users\Guru\Desktop\TDSSKiller.exe
2014-02-01 23:15 - 2014-02-01 23:23 - 00000000 ____D () C:\Users\Edith\Paypal
2014-02-01 17:51 - 2014-02-01 17:51 - 00000522 _____ () C:\Users\Guru\Desktop\emsi.zip
2014-02-01 17:43 - 2014-02-01 17:43 - 00000543 _____ () C:\Users\Guru\Desktop\MBRMastr_2014.02.01_17.42.47.zip
2014-02-01 17:41 - 2014-02-01 17:41 - 00000512 _____ () C:\Users\Guru\Desktop\emsi.mbr
2014-02-01 17:38 - 2014-02-01 17:38 - 00788728 _____ (Emsisoft GmbH) C:\Users\Guru\Desktop\mbrmastr.exe
2014-02-01 00:40 - 2014-02-01 00:40 - 00000000 ____D () C:\Users\Guru\AppData\Local\Apps\2.0
2014-01-31 19:06 - 2014-01-31 19:06 - 00000512 _____ () C:\Users\Guru\Desktop\mbr_disk0.bin
2014-01-31 02:53 - 2014-01-31 02:53 - 00987425 _____ () C:\Users\Guru\Desktop\SecurityCheck.exe
2014-01-29 15:25 - 2014-02-06 14:26 - 00000000 ____D () C:\Users\Guru\Desktop\FRST-OlderVersion
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 15:17 - 2014-01-29 15:17 - 01037068 _____ (Thisisu) C:\Users\Guru\Desktop\JRT.exe
2014-01-29 15:03 - 2014-01-29 15:03 - 01166132 _____ () C:\Users\Guru\Desktop\adwcleaner.exe
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 14:42 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-01-29 13:42 - 2014-01-29 14:14 - 00000000 ___SD () C:\ComboFix
2014-01-29 13:40 - 2014-01-29 13:40 - 05177551 ____R (Swearware) C:\Users\Guru\Desktop\ComboFix.exe
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D () C:\Users\Guru\Downloads\GPU24_Meter
2014-01-28 17:09 - 2014-01-28 17:09 - 00000000 ____D () C:\Users\Guru\Downloads\CoreTemp32
2014-01-28 17:06 - 2014-01-28 17:06 - 00617196 _____ () C:\Users\Guru\Downloads\GPU24_Meter.zip
2014-01-28 17:04 - 2014-01-28 17:04 - 00206064 _____ () C:\Users\Guru\Downloads\All_CPU473_Meter.zip
2014-01-28 00:27 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-01-28 00:27 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-01-28 00:27 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-01-28 00:27 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-01-28 00:26 - 2014-01-29 13:42 - 00000000 ___SD () C:\32788R22FWJFW
2014-01-28 00:26 - 2014-01-28 00:27 - 00000000 ____D () C:\Qoobox
2014-01-28 00:26 - 2014-01-28 00:26 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 18:47 - 2014-01-27 18:47 - 00007338 _____ () C:\Users\Guru\Desktop\Ct-desinfect_Funde.htm
2014-01-27 18:02 - 2014-01-27 18:02 - 00380416 _____ () C:\Users\Guru\Desktop\co9715eh.exe
2014-01-27 17:58 - 2014-02-06 14:26 - 01139200 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-01-27 17:51 - 2014-01-25 01:01 - 00080384 _____ () C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ () C:\mbr.bin
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ () C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-01-23 23:13 - 2014-01-23 23:12 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:13 - 2014-01-23 23:12 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ () C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 19:54 - 2014-02-06 14:26 - 00000000 ____D () C:\FRST
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ () C:\Users\Guru\defogger_reenable
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ () C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:22 - 2014-01-23 16:50 - 00000000 ____D () C:\Users\Guru\Virus-Analyse
2014-01-23 15:55 - 2014-01-23 16:44 - 00001801 _____ () C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ () C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ () C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:37 - 2014-02-01 00:36 - 00000000 ____D () C:\Users\Guru\Downloads\Tools
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ () C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ () C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-22 15:05 - 2012-04-27 15:41 - 01317376 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2014-01-22 01:20 - 2014-01-24 00:01 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\aignes
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ () C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-21 15:49 - 00000000 ____D () C:\Users\Guru\AppData\Local\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ () C:\Users\Edith\daemonprocess.txt
2014-01-20 12:14 - 2014-01-20 12:15 - 00000000 ____D () C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D () C:\Program Files\Playrix Entertainment
2014-01-12 23:41 - 2014-01-13 19:55 - 00001767 _____ () C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Maximize Games

==================== One Month Modified Files and Folders =======

2014-02-06 14:27 - 2014-02-06 14:26 - 00024860 _____ () C:\Users\Guru\Desktop\FRST.txt
2014-02-06 14:26 - 2014-01-29 15:25 - 00000000 ____D () C:\Users\Guru\Desktop\FRST-OlderVersion
2014-02-06 14:26 - 2014-01-27 17:58 - 01139200 _____ (Farbar) C:\Users\Guru\Desktop\FRST.exe
2014-02-06 14:26 - 2014-01-23 19:54 - 00000000 ____D () C:\FRST
2014-02-06 14:25 - 2009-07-01 11:21 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-06 14:25 - 2009-03-10 15:14 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-02-06 14:23 - 2008-10-18 09:21 - 01196120 _____ () C:\Windows\WindowsUpdate.log
2014-02-06 14:16 - 2014-01-04 13:04 - 00005063 _____ () C:\Windows\system32\LOCALSERVICE.INI
2014-02-06 14:16 - 2013-02-23 14:27 - 00025296 _____ () C:\Windows\error.log
2014-02-06 14:16 - 2009-09-07 15:42 - 00000933 _____ () C:\Windows\system32\bscs.ini
2014-02-06 14:16 - 2006-11-02 14:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-06 14:15 - 2006-11-02 13:47 - 00004912 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-06 14:15 - 2006-11-02 13:47 - 00004912 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-06 13:50 - 2006-11-02 14:01 - 00032560 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-02-06 13:01 - 2009-07-01 11:21 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-05 18:00 - 2009-08-26 12:51 - 00000440 _____ () C:\Windows\Tasks\ParetoLogic Registration.job
2014-02-05 13:38 - 2009-08-26 12:51 - 00000414 _____ () C:\Windows\Tasks\ParetoLogic Update Version2.job
2014-02-04 15:39 - 2012-05-08 00:21 - 00000000 ____D () C:\Program Files\StarMoney 8.0 S-Edition
2014-02-04 14:29 - 2014-02-04 14:29 - 00072064 _____ () C:\Users\Guru\Desktop\~BRMaster.tmp
2014-02-04 14:29 - 2014-02-04 14:29 - 00000603 _____ () C:\Users\Guru\Desktop\MBRMastr_2014.02.04_14.29.29.txt
2014-02-04 14:20 - 2014-02-04 14:20 - 00000603 _____ () C:\Users\Guru\Desktop\MBRMastr_2014.02.04_14.20.59.txt
2014-02-04 14:20 - 2014-02-04 14:20 - 00000567 _____ () C:\Users\Guru\Desktop\emsi2.zip
2014-02-04 14:06 - 2014-02-04 14:06 - 00074590 _____ () C:\Users\Guru\Desktop\~msisoft_Fenster.tmp
2014-02-04 13:56 - 2014-02-04 13:56 - 00000512 _____ () C:\Users\Guru\Desktop\emsi2.mbr
2014-02-04 01:01 - 2011-12-19 18:24 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\vlc
2014-02-04 01:00 - 2008-12-20 01:16 - 00007680 _____ () C:\Users\Guru\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-02-03 22:16 - 2014-01-04 16:11 - 00002549 _____ () C:\Users\Public\Desktop\Dreamland.lnk
2014-02-03 22:16 - 2014-01-04 16:11 - 00002549 _____ () C:\ProgramData\Desktop\Dreamland.lnk
2014-02-03 17:02 - 2014-02-02 16:56 - 00001742 _____ () C:\Users\Guru\Desktop\DiskEditor.exe - Verknüpfung.lnk
2014-02-03 15:46 - 2014-02-03 15:46 - 00007229 _____ () C:\Users\Guru\Desktop\gmer_run_03_02_14.log
2014-02-03 15:15 - 2014-02-03 15:15 - 00380416 _____ () C:\Users\Guru\Desktop\Gmer-19357.exe
2014-02-03 14:37 - 2014-02-03 14:37 - 00013864 _____ () C:\Users\Guru\Desktop\MBRCheck_02.03.14_14.37.27.txt
2014-02-03 13:22 - 2008-12-18 21:09 - 00001517 _____ () C:\Users\Guru\Desktop\Windows Explorer.lnk
2014-02-03 12:23 - 2008-01-21 03:47 - 01239660 _____ () C:\Windows\PFRO.log
2014-02-03 12:20 - 2014-02-03 12:15 - 00000000 ____D () C:\Windows\pss
2014-02-02 15:30 - 2008-12-20 22:00 - 00000000 ____D () C:\Users\Stefan
2014-02-02 13:46 - 2014-02-02 13:46 - 04101441 _____ () C:\Users\Guru\Downloads\tdsskiller.zip
2014-02-02 12:22 - 2012-02-27 22:22 - 00002391 _____ () C:\Users\Edith\Desktop\capella reader.lnk
2014-02-01 23:23 - 2014-02-01 23:15 - 00000000 ____D () C:\Users\Edith\Paypal
2014-02-01 23:15 - 2008-12-19 20:49 - 00000000 ____D () C:\Users\Edith
2014-02-01 23:03 - 2006-11-02 11:33 - 01646180 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-02-01 17:51 - 2014-02-01 17:51 - 00000522 _____ () C:\Users\Guru\Desktop\emsi.zip
2014-02-01 17:43 - 2014-02-01 17:43 - 00000543 _____ () C:\Users\Guru\Desktop\MBRMastr_2014.02.01_17.42.47.zip
2014-02-01 17:41 - 2014-02-01 17:41 - 00000512 _____ () C:\Users\Guru\Desktop\emsi.mbr
2014-02-01 17:38 - 2014-02-01 17:38 - 00788728 _____ (Emsisoft GmbH) C:\Users\Guru\Desktop\mbrmastr.exe
2014-02-01 00:40 - 2014-02-01 00:40 - 00000000 ____D () C:\Users\Guru\AppData\Local\Apps\2.0
2014-02-01 00:36 - 2014-01-23 14:37 - 00000000 ____D () C:\Users\Guru\Downloads\Tools
2014-01-31 19:06 - 2014-01-31 19:06 - 00000512 _____ () C:\Users\Guru\Desktop\mbr_disk0.bin
2014-01-31 18:55 - 2013-01-07 15:26 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-01-31 10:38 - 2011-11-10 14:14 - 00000000 ____D () C:\Users\Guru\AppData\Local\Htc
2014-01-31 02:53 - 2014-01-31 02:53 - 00987425 _____ () C:\Users\Guru\Desktop\SecurityCheck.exe
2014-01-30 23:24 - 2011-01-23 22:53 - 00000000 ____D () C:\Users\Guru\AppData\Local\Downloaded Installations
2014-01-30 22:51 - 2010-12-04 18:51 - 00000000 ____D () C:\Users\Root\Downloads\Samsung R710
2014-01-30 22:42 - 2009-04-29 15:45 - 00000000 ____D () C:\ProgramData\Installations
2014-01-30 21:39 - 2009-06-01 11:07 - 00000000 ____D () C:\Program Files\Common Files\Nokia
2014-01-30 21:38 - 2010-08-12 14:00 - 00000000 ____D () C:\Users\Guru\AppData\Local\NokiaAccount
2014-01-30 16:53 - 2012-07-08 14:25 - 00000000 ____D () C:\Users\Guru\Downloads\Virus-Tools
2014-01-29 15:18 - 2014-01-29 15:18 - 00000000 ____D () C:\Windows\ERUNT
2014-01-29 15:17 - 2014-01-29 15:17 - 01037068 _____ (Thisisu) C:\Users\Guru\Desktop\JRT.exe
2014-01-29 15:09 - 2013-08-15 10:17 - 00000000 ____D () C:\AdwCleaner
2014-01-29 15:03 - 2014-01-29 15:03 - 01166132 _____ () C:\Users\Guru\Desktop\adwcleaner.exe
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000866 _____ () C:\ProgramData\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 14:42 - 2014-01-29 14:42 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2014-01-29 14:14 - 2014-01-29 13:42 - 00000000 ___SD () C:\ComboFix
2014-01-29 13:42 - 2014-01-28 00:26 - 00000000 ___SD () C:\32788R22FWJFW
2014-01-29 13:40 - 2014-01-29 13:40 - 05177551 ____R (Swearware) C:\Users\Guru\Desktop\ComboFix.exe
2014-01-29 02:19 - 2008-12-25 21:49 - 00029184 _____ () C:\Users\Edith\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-28 18:15 - 2013-12-20 22:55 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\NVIDIA
2014-01-28 17:11 - 2014-01-28 17:11 - 00000000 ____D () C:\Users\Guru\Downloads\GPU24_Meter
2014-01-28 17:09 - 2014-01-28 17:09 - 00000000 ____D () C:\Users\Guru\Downloads\CoreTemp32
2014-01-28 17:06 - 2014-01-28 17:06 - 00617196 _____ () C:\Users\Guru\Downloads\GPU24_Meter.zip
2014-01-28 17:04 - 2014-01-28 17:04 - 00206064 _____ () C:\Users\Guru\Downloads\All_CPU473_Meter.zip
2014-01-28 00:27 - 2014-01-28 00:26 - 00000000 ____D () C:\Qoobox
2014-01-28 00:26 - 2014-01-28 00:26 - 00000000 ____D () C:\Windows\erdnt
2014-01-27 18:47 - 2014-01-27 18:47 - 00007338 _____ () C:\Users\Guru\Desktop\Ct-desinfect_Funde.htm
2014-01-27 18:02 - 2014-01-27 18:02 - 00380416 _____ () C:\Users\Guru\Desktop\co9715eh.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-01-27 17:22 - 2014-01-27 17:22 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-01-27 17:22 - 2008-12-19 22:29 - 00000000 ____D () C:\Users\Guru\AppData\Local\Adobe
2014-01-26 16:43 - 2008-09-12 02:46 - 00000000 ____D () C:\Windows\nvtmpinst
2014-01-26 01:35 - 2010-11-21 18:39 - 00000000 ___RD () C:\Users\Edith\Mails
2014-01-26 01:28 - 2011-12-28 16:07 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\vlc
2014-01-26 00:40 - 2008-12-18 21:09 - 00000000 ____D () C:\Users\Guru
2014-01-25 23:29 - 2010-10-10 21:50 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-25 01:03 - 2014-01-25 01:03 - 00000512 _____ () C:\mbr.bin
2014-01-25 01:01 - 2014-01-27 17:51 - 00080384 _____ () C:\Users\Guru\Desktop\MBRCheck.exe
2014-01-25 01:01 - 2014-01-25 01:01 - 00080384 _____ () C:\Users\Edith\Desktop\MBRCheck.exe
2014-01-24 00:16 - 2013-11-10 18:19 - 00001064 _____ () C:\Users\Edith\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-01-24 00:16 - 2013-11-10 18:19 - 00001056 _____ () C:\Users\Edith\Desktop\Mozilla Firefox.lnk
2014-01-24 00:16 - 2010-08-04 11:37 - 00000998 _____ () C:\Users\Root\Desktop\Procmon.exe - Verknüpfung.lnk
2014-01-24 00:15 - 2013-01-15 23:52 - 00001231 _____ () C:\Users\Edith\Desktop\Handbuch_GT-N7105_UM_Open_Jellybean_Ger_Rev.1.1_121106_Screen.pdf - Verknüpfung.lnk
2014-01-24 00:15 - 2011-08-21 13:28 - 00000956 _____ () C:\Users\Edith\Desktop\Mobile Atlas Creator.exe - Verknüpfung.lnk
2014-01-24 00:14 - 2011-01-22 10:33 - 00001139 _____ () C:\Users\Edith\Desktop\HTC_Desire_HD_Benutzerhandbuch.pdf - Verknüpfung.lnk
2014-01-24 00:14 - 2008-12-29 17:15 - 00000903 _____ () C:\Users\Stefan\Desktop\DiscSpeed_5.0.1.250.exe - Verknüpfung.lnk
2014-01-24 00:01 - 2014-01-24 00:01 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-01-24 00:01 - 2014-01-22 01:20 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\GlarySoft
2014-01-23 23:17 - 2013-11-01 14:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-23 23:12 - 2014-01-23 23:13 - 00264616 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00174504 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2014-01-23 23:12 - 2014-01-23 23:13 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2014-01-23 22:46 - 2014-01-23 22:46 - 00000607 _____ () C:\Users\Guru\Desktop\CDex170.lnk
2014-01-23 19:52 - 2014-01-23 19:52 - 00000000 _____ () C:\Users\Guru\defogger_reenable
2014-01-23 19:37 - 2014-01-23 19:37 - 00050477 _____ () C:\Users\Guru\Desktop\Defogger.exe
2014-01-23 16:50 - 2014-01-23 16:22 - 00000000 ____D () C:\Users\Guru\Virus-Analyse
2014-01-23 16:44 - 2014-01-23 16:44 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Mael
2014-01-23 16:44 - 2014-01-23 15:55 - 00001801 _____ () C:\Users\Guru\Last session Guru.prj
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ () C:\Users\Public\Desktop\HxD.lnk
2014-01-23 15:37 - 2014-01-23 15:37 - 00000536 _____ () C:\ProgramData\Desktop\HxD.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-01-23 14:45 - 2014-01-23 14:45 - 00000610 _____ () C:\ProgramData\Desktop\Speccy.lnk
2014-01-23 14:09 - 2014-01-23 14:09 - 00000388 _____ () C:\Users\Guru\Documents\gmer2.1.19324.log
2014-01-23 00:46 - 2014-01-23 00:46 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-01-23 00:45 - 2014-01-23 00:45 - 00000147 _____ () C:\Users\Guru\Desktop\Goodgame Empire.url
2014-01-22 00:58 - 2014-01-22 00:58 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\aignes
2014-01-22 00:15 - 2009-12-16 17:09 - 00000000 ____D () C:\Users\Edith\Chor
2014-01-21 23:44 - 2014-01-02 13:57 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Dropbox
2014-01-21 23:37 - 2013-08-14 15:31 - 00000000 ____D () C:\Windows\system32\MRT
2014-01-21 23:15 - 2006-11-02 11:24 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\mrt.exe
2014-01-21 23:00 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-01-21 23:00 - 2006-11-02 11:22 - 69206016 _____ () C:\Windows\system32\config\software_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 45613056 _____ () C:\Windows\system32\config\components_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 24117248 _____ () C:\Windows\system32\config\system_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00524288 _____ () C:\Windows\system32\config\default_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-01-21 23:00 - 2006-11-02 11:22 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-01-21 22:59 - 2008-12-20 17:08 - 00000000 ____D () C:\Users\Root
2014-01-21 22:58 - 2014-01-04 13:59 - 00000000 ____D () C:\Users\Edith\AppData\Local\bluesoleil
2014-01-21 22:58 - 2014-01-04 12:43 - 00000000 ____D () C:\Users\Guru\AppData\Local\bluesoleil
2014-01-21 22:58 - 2013-11-14 21:42 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeRIP MP3 Converter
2014-01-21 22:58 - 2013-03-26 13:58 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Happy Cloud
2014-01-21 22:58 - 2013-03-06 22:39 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\nvda
2014-01-21 22:58 - 2013-03-02 22:00 - 00000000 ____D () C:\Users\Guru\AppData\Local\fd
2014-01-21 22:58 - 2013-02-26 21:38 - 00000000 ____D () C:\Users\Guru\Documents\Das Vermachtnis - Das Geheimniss des Verchollenen Konigreiches
2014-01-21 22:58 - 2013-02-24 17:26 - 00000000 ___RD () C:\Users\Guru\Documents\IVONA Reader Podcasts
2014-01-21 22:58 - 2013-01-17 00:21 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\MyPhoneExplorer
2014-01-21 22:58 - 2013-01-08 00:32 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\DVDVideoSoft
2014-01-21 22:58 - 2013-01-06 13:54 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2014-01-21 22:58 - 2013-01-06 13:36 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2013-01-06 13:33 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\IrfanView
2014-01-21 22:58 - 2012-11-09 21:56 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Fritz und Fertig
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\MyEmoticons
2014-01-21 22:58 - 2012-10-31 17:37 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MyEmoticons
2014-01-21 22:58 - 2012-10-15 23:02 - 00000000 ____D () C:\Users\Guru\Documents\Audible
2014-01-21 22:58 - 2012-07-29 00:51 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Tales - Der Mord in der Rue Morgue von Edgar Allan Poe
2014-01-21 22:58 - 2012-04-10 19:03 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Skype
2014-01-21 22:58 - 2011-12-26 23:59 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Dimensions - Stadt im Nebel Sammleredition
2014-01-21 22:58 - 2011-11-28 14:16 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\MusE
2014-01-21 22:58 - 2011-11-26 23:34 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\capella-software
2014-01-21 22:58 - 2011-10-26 00:46 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Gefaehrliche Schatten Sammleredition
2014-01-21 22:58 - 2011-08-10 23:06 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\TOMI3
2014-01-21 22:58 - 2011-07-11 11:47 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AVS4YOU
2014-01-21 22:58 - 2011-05-22 20:29 - 00000000 ____D () C:\Users\Guru\Documents\DVDVideoSoft
2014-01-21 22:58 - 2010-10-12 21:20 - 00000000 ____D () C:\BigFishGamesCache
2014-01-21 22:58 - 2009-12-07 01:32 - 00000000 ___RD () C:\Users\Guru\dwhelper
2014-01-21 22:58 - 2009-10-07 12:22 - 00000000 ___SD () C:\Users\Guru\Documents\Eigene Webs
2014-01-21 22:58 - 2009-08-03 15:48 - 00000000 ____D () C:\Users\Guru\10DaysUnderTheSea
2014-01-21 22:58 - 2009-06-25 13:29 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Thunderbird
2014-01-21 22:58 - 2009-01-30 23:22 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\.pknowledge
2014-01-21 22:58 - 2009-01-25 00:29 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\TMInc
2014-01-21 22:58 - 2009-01-23 23:00 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\COKTEL
2014-01-21 22:58 - 2008-12-31 16:10 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\dvdcss
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-01-21 22:58 - 2008-12-18 21:09 - 00000000 ___RD () C:\Users\Guru\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\system32\spool
2014-01-21 22:58 - 2006-11-02 12:18 - 00000000 ____D () C:\Windows\registration
2014-01-21 21:56 - 2008-09-12 04:49 - 00000000 ____D () C:\Windows\Options
2014-01-21 15:49 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\AppData\Local\Mobogenie
2014-01-21 15:34 - 2014-01-21 15:34 - 00000000 _____ () C:\Users\Guru\daemonprocess.txt
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\EAC
2014-01-20 13:35 - 2014-01-20 13:35 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\AccurateRip
2014-01-20 12:47 - 2014-01-20 12:47 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Mp3jam
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\Documents\Mobogenie
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\AppData\Local\cache
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 ____D () C:\Users\Guru\.android
2014-01-20 12:15 - 2014-01-20 12:15 - 00000000 _____ () C:\Users\Edith\daemonprocess.txt
2014-01-20 12:15 - 2014-01-20 12:14 - 00000000 ____D () C:\Program Files\Mobogenie
2014-01-20 12:14 - 2014-01-20 12:14 - 00000000 ____D () C:\Users\Guru\AppData\Roaming\Mp3jam
2014-01-19 08:32 - 2009-10-03 06:02 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-01-14 23:04 - 2014-01-14 23:04 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Screenshots
2014-01-14 22:12 - 2014-01-14 22:12 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\AlexanderTheGreat
2014-01-14 22:11 - 2014-01-14 22:11 - 00000000 ____D () C:\Program Files\Playrix Entertainment
2014-01-13 19:55 - 2014-01-12 23:41 - 00001767 _____ () C:\Users\Edith\Documents\captune.log
2014-01-08 22:44 - 2014-01-08 22:44 - 00000000 ____D () C:\Users\Edith\AppData\Roaming\Maximize Games

Files to move or delete:
====================
C:\ProgramData\dlprotect.exe


Some content of TEMP:
====================
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer-1.exe
C:\Users\Edith\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Edith\AppData\Local\Temp\LEGOLOTR.exe
C:\Users\Guru\AppData\Local\Temp\fatemp-icon.dll
C:\Users\Guru\AppData\Local\Temp\NEventMessages.dll
C:\Users\Guru\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Guru\AppData\Local\Temp\Quarantine.exe
C:\Users\Root\AppData\Local\Temp\AdobeUpdater12345.exe
C:\Users\Root\AppData\Local\Temp\AskSLib.dll
C:\Users\Root\AppData\Local\Temp\ConResGr.dll
C:\Users\Root\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe
C:\Users\Root\AppData\Local\Temp\NEventMessages.dll
C:\Users\Root\AppData\Local\Temp\NOSEventMessages.dll
C:\Users\Root\AppData\Local\Temp\setup_3.0.5481.exe
C:\Users\Root\AppData\Local\Temp\siw_sdk.dll
C:\Users\Root\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-06 14:21

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß
AlterHase

schrauber · 07.02.2014, 09:49

Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

C:\ProgramData\dlprotect.exe

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).

Starte nun FRST erneut und klicke den Entfernen Button.
Das Tool erstellt eine Fixlog.txt.
Poste mir deren Inhalt.

Fertig

Die Reihenfolge ist hier entscheidend.

Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
- Windowstaste + R > Combofix /Uninstall (eingeben) > OK
- Alternative: Combofix.exe in uninstall.exe umbenennen und starten
- Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
- Schließe alle offenen Programme.
- Starte die delfix.exe mit einem Doppelklick.
- Setze vor jede Funktion ein Häkchen.
- Klicke auf Start.
- Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
- Starte deinen Rechner abschließend neu.
Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun

Hier noch ein paar Tipps zur Absicherung deines Systems.

Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.

Bitte überprüfe ob dein System Windows Updates automatisch herunter lädt
Windows Updates
- Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
- Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
Gehe sicher das die automatischen Updates aktiviert sind.
Software Updates
Installierte Software kann ebenfalls Sicherheitslücken haben, welche Malware nutzen kann, um dein System zu infizieren.
Um deine Installierte Software up to date zu halten, empfehle ich dir Secunia Online Software.

Anti- Viren Software

Gehe sicher immer eine Anti Viren Software installiert zu haben und das diese auch up to date ist. Es ist nämlich nutzlos wenn diese out of date sind.

Zusätzlicher Schutz

MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
WinPatrol
Diese Software macht einen Snapshot deines Systems und warnt dich vor eventuellen Änderungen. Downloade dir die Freeware Version von hier.

Sicheres Browsen

SpywareBlaster
Eine kurze Einführung findest du Hier
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Alternative Browser

Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.

Opera
Mozilla Firefox.
- Hinweis: Für diesen Browser habe ich hier ein paar nützliche Add Ons
- NoScript
  Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
- AdblockPlus
  Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
  Es spart ausserdem Downloadkapazität.

Performance
Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC
Halte dich fern von jedlichen Registry Cleanern.
Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links
Miekemoes Blogspot ( MVP )
Bill Castner ( MVP )

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

AlterHase · 07.02.2014, 11:03

Hallo Schrauber,

hier die Logs:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-02-2014
Ran by Guru at 2014-02-07 10:30:32 Run:2
Running from C:\Users\Guru\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
C:\ProgramData\dlprotect.exe
         
*****************

C:\ProgramData\dlprotect.exe => Moved successfully.

==== End of Fixlog ====

Defogger Run OK
Combofix Run OK
DelFix Run OK

Gruß
AlterHase

schrauber · 08.02.2014, 10:41

fertig

AlterHase · 22.02.2014, 13:24

Hallo Schrauber,
sorry für die etwas verspätete Rückmeldung. Unser Rechner läuft wieder stabil und der Thread kann geschlossen werden.

Besten Dank

AlterHase

schrauber · 23.02.2014, 11:16

Gern Geschehen

04.02.2014, 11:50	#16
schrauber /// the machine /// TB-Ausbilder	Sporadische Abstürze des Windows Explorers, modifizierter MBR Wer sagt das? Lass bitte nochmal MBR Master von Emsisoft laufen. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

06.02.2014, 10:08	#20
schrauber /// the machine /// TB-Ausbilder	Sporadische Abstürze des Windows Explorers, modifizierter MBR Das GMER log ist sauber. Poste bitte zum Abschluss ein frisches FRST log, dann räumen wir auf __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

08.02.2014, 10:41	#24
schrauber /// the machine /// TB-Ausbilder	Sporadische Abstürze des Windows Explorers, modifizierter MBR fertig __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

23.02.2014, 11:16	#26
schrauber /// the machine /// TB-Ausbilder	Sporadische Abstürze des Windows Explorers, modifizierter MBR Gern Geschehen __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Sporadische Abstürze des Windows Explorers, modifizierter MBR

Log-Analyse und Auswertung: Sporadische Abstürze des Windows Explorers, modifizierter MBR