| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.05.2014, 18:52
| #1 |
| |  MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? Hallo liebe Community!  ich habe die starke Befürchtung, mir einen Virus eingefangen zu haben. Und zwar habe ich beim Einsichten in die Quarantäneliste vermehrt eine Datei namens MegaBrowse.BrowserAdapter.exe aufgefunden, die zum Einen als Virus gekennzeichnet ist und die mir deshalb bekannt vorkommt, weil ich für kurze Zeit häufiger Werbung von MegaBrowse im Internet gesehen hatte und teilweise bestimmte Wörter einer Seite blau unterlegt waren und die seltsame Popups öffneten wenn man mit der Maus darüber ging. Mittlerweile haben sich auch andere Dateien in diese Liste eingereiht, u.A. SupTab.dll, SupTabP.exe, utilMegaBrowse.exe und einige mehr. Jetzt wollte ich wissen, ob ich weitere Schritte einleiten muss, oder ob es reicht, wenn diese Dateien in Quarantäne sind. Vielen lieben Dank schon im Vorraus! victorious |
|
05.05.2014, 20:18
| #2 |
| /// the machine /// TB-Ausbilder    |  MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? hi,
__________________Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ |
|
06.05.2014, 13:57
| #3 |
| | MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? hier also FRST.txt:
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014
Ran by admin (administrator) on VICTORIA on 06-05-2014 14:34:50
Running from C:\Users\admin\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Cherished Technololgy LIMITED) C:\ProgramData\WPM\wprotectmanager.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(APN LLC.) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
() C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe
(Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(APN) C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(APN LLC.) C:\Users\admin\AppData\Local\VNT\vntldr.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
(Google Inc.) C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe
(G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVK.exe
(Spotify Ltd) C:\Users\admin\AppData\Roaming\Spotify\spotify.exe
(Microsoft Corporation) C:\Windows\System32\sdclt.exe
(Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
(Microsoft Corporation) C:\Windows\System32\wsqmcons.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
(Apple Inc.) C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
() C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10821224 2010-06-02] (Realtek Semiconductor)
HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-03-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.)
HKLM-x32\...\Run: [ApnTBMon] => C:\Program Files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe [1801168 2014-03-19] (APN)
HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196048 2014-03-19] (APN LLC.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] => C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [95848 2010-04-07] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\SupTab\SEARCH~2.DLL => "C:\PROGRA~2\SupTab\SEARCH~2.DLL" File Not Found
Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A0CB3A92060CD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.sweet-page.com/?type=hp&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.sweet-page.com/?type=hp&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
URLSearchHook: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
URLSearchHook: HKCU - UrlSearchHook Class - {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
URLSearchHook: HKCU - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
SearchScopes: HKLM-x32 - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
SearchScopes: HKCU - {4327FABE-3C22-4689-8DBF-D226CF777FE9} URL = hxxp://www.searchplusnetwork.com/?sp=vit4&q={searchTerms}
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear
SearchScopes: HKCU - {A0D55E76-09FC-48C2-9FF9-B2DBD5197B25} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=CLM&o=15427&src=kw&q={searchTerms}&locale=&apn_ptnrs=LE&apn_dtid=YYYYYYYYDE&apn_uid=72d64421-03a2-4925-baa9-d081be206c34&apn_sauid=3C950538-F1A0-4D27-AB19-0C53332FC4D1
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns64.dll (DVDVideoSoft Ltd.)
BHO-x32: Browser Companion Helper - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
BHO-x32: Mega Browse - {4e6cd411-ce62-4584-97ff-6afbcf6900af} - C:\Program Files (x86)\Mega Browse\MegaBrowseBHO.dll No File
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Browser Companion Helper Verifier - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: DVDVideoSoft IE Extension - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll No File
Toolbar: HKLM-x32 - DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
Toolbar: HKCU - No Name - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No File
DPF: HKLM-x32 {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} hxxp://consumersupport.lenovo.com/ge/en/SmartDownloading/cab/npdueng.cab
Handler: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - No File
Handler-x32: base64 - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: chrome - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: prox - {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default
FF user.js: detected! => C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\user.js
FF SearchEngineOrder.1: Ask.com
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @lenovo.com/dueng,version=2.0 - C:\Windows\system32\lenovo\update\npdueng.dll No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\sweet-page.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Foxdie - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\Foxdie@tanjihay.com [2012-08-20]
FF Extension: Free YouTube Download (Free Studio) Menu - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012-07-12]
FF Extension: Personas Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\personas@christopher.beard.xpi [2012-08-12]
FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-10-06]
FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-22]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-29]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\extensions\quick_start@gmail.com
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR StartupUrls: "hxxp://google.de/"
CHR Extension: (Duolingo) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-07-07]
CHR Extension: (Theme Creator) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-07-06]
CHR Extension: (Radio UK) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmkagpegbacdkfenpgimgihkcplmpdh [2013-07-06]
CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-10]
CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-04-03]
CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-27]
CHR Extension: (Google-Suche) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-10]
CHR Extension: (Sighpic) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\diclpocmbllagclnooehpmpjbccmmnpi [2013-07-07]
CHR Extension: (Puzzle & Skill Games) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpbeidibgdgnhcgoamegepdcgmnlbaj [2013-07-05]
CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-18]
CHR Extension: (Cut the Rope) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-07-05]
CHR Extension: (Online TV From Ireland) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloeijnimhipefjhgcidooaojgciifcn [2014-02-04]
CHR Extension: (Webpage Screenshot Gallery) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohfjeijmlcjiofmmcfichimcnbclkhp [2014-03-17]
CHR Extension: (Water's Valley) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2014-02-04]
CHR Extension: (Uphill Rush Spielesammlung) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\molaaggdgdhfdkbjljdjohccdbicagej [2013-07-07]
CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30]
CHR Extension: (GIFPAL) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2013-07-06]
CHR Extension: (YouTube Unblocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-04-19]
CHR Extension: (Draw My Thing) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpjeimbfolekeldhfddmbemmpiffkch [2013-07-05]
CHR Extension: (Google Mail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-10]
CHR HKCU\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\admin\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-07-04]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-15]
CHR HKCU\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\admin\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2014-03-15]
CHR HKLM-x32\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-03-27]
CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\admin\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-07-04]
CHR HKLM-x32\...\Chrome\Extension: [bodddioamolcibagionmmobehnbhiakf] - C:\Program Files (x86)\BrowserCompanion\blabbers-ch.crx [2012-07-02]
CHR HKLM-x32\...\Chrome\Extension: [pelmeidfhdlhlbjimpabfcbnnojbboma] - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx [2014-03-09]
CHR HKLM-x32\...\Chrome\Extension: [plmlpkfpkijnlijgalnjaacllnjmoamo] - C:\Users\admin\AppData\Local\CRE\plmlpkfpkijnlijgalnjaacllnjmoamo.crx [2014-03-09]
==================== Services (Whitelisted) =================
R2 APNMCP; C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [166352 2014-03-19] (APN LLC.)
R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG)
R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG)
R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.)
R2 FreemiumSystemStoreService; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe [7244800 2012-09-20] ()
R2 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG)
R2 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG)
S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] ()
R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.)
R2 Wpm; C:\ProgramData\WPM\wprotectmanager.exe [496640 2014-03-09] (Cherished Technololgy LIMITED)
S2 Update Mega Browse; "C:\Program Files (x86)\Mega Browse\updateMegaBrowse.exe" [X]
==================== Drivers (Whitelisted) ====================
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-04] (G Data Software AG)
R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-04] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-04] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-04] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-04] (G Data Software AG)
R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-10] (G Data Software)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-04] (G Data Software AG)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation)
S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider)
R1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64; C:\Windows\System32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [61120 2014-04-24] (StdLib)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-06 14:39 - 2014-05-06 14:40 - 00000000 ___DC () C:\1a98b22fd6177dc218f1e5
2014-05-06 14:34 - 2014-05-06 14:41 - 00027607 ____C () C:\Users\admin\Desktop\FRST.txt
2014-05-06 14:32 - 2014-05-06 14:34 - 00000000 ___DC () C:\FRST
2014-05-06 14:26 - 2014-05-06 14:28 - 02063872 ____C (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-04 18:33 - 2014-05-04 18:33 - 00022016 ____C (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-04 18:33 - 2014-05-04 18:33 - 00001978 ____C () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-04 12:11 - 2014-05-04 12:11 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\DropboxMaster
2014-05-02 15:04 - 2014-05-02 15:04 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 15:04 - 2014-05-02 15:04 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-25 19:14 - 2014-04-24 12:33 - 00061120 ____C (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieUserList
2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieSiteList
2014-04-23 21:51 - 2014-04-23 21:51 - 00003118 ____C () C:\Windows\System32\Tasks\{21B6F604-8461-453F-BFD3-BE07AD712FDB}
2014-04-22 13:04 - 2014-04-22 13:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 13:04 - 2014-04-22 13:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 13:03 - 2014-04-22 13:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 13:03 - 2014-04-22 13:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 13:03 - 2014-04-22 13:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 13:03 - 2014-04-22 13:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 13:02 - 2014-04-22 13:11 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 13:02 - 2014-04-22 13:11 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 13:02 - 2014-04-22 13:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 13:02 - 2014-04-22 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 13:02 - 2014-04-22 13:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-19 23:57 - 2014-04-19 23:59 - 00282775 ____C () C:\Users\admin\Downloads\YouTube-Unblocker-055.crx
2014-04-19 15:16 - 2014-04-14 20:13 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-19 15:16 - 2014-04-14 20:05 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-19 15:16 - 2014-04-14 20:05 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-19 15:16 - 2014-04-14 20:04 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-19 15:15 - 2014-04-19 15:16 - 00004224 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-10 19:33 - 2014-04-10 19:33 - 00106272 ____C (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-10 19:33 - 2014-04-10 19:33 - 00019016 ____C (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-09 15:42 - 2014-04-09 23:17 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 15:42 - 2014-04-09 23:17 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 15:42 - 2014-04-09 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 15:42 - 2014-04-09 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 15:42 - 2014-04-09 23:13 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 15:42 - 2014-04-09 23:13 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 15:42 - 2014-04-09 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 15:42 - 2014-04-09 23:12 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-09 15:42 - 2014-02-04 04:35 - 00274880 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
==================== One Month Modified Files and Folders =======
2014-05-06 14:41 - 2014-05-06 14:34 - 00027607 ____C () C:\Users\admin\Desktop\FRST.txt
2014-05-06 14:41 - 2012-09-30 10:28 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\Spotify
2014-05-06 14:40 - 2014-05-06 14:39 - 00000000 ___DC () C:\1a98b22fd6177dc218f1e5
2014-05-06 14:39 - 2012-07-11 15:28 - 01369936 ____C () C:\Windows\WindowsUpdate.log
2014-05-06 14:34 - 2014-05-06 14:32 - 00000000 ___DC () C:\FRST
2014-05-06 14:30 - 2009-07-14 06:45 - 00021840 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-06 14:30 - 2009-07-14 06:45 - 00021840 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-06 14:29 - 2012-09-30 10:31 - 00000000 ___DC () C:\Users\admin\AppData\Local\Spotify
2014-05-06 14:28 - 2014-05-06 14:26 - 02063872 ____C (Farbar) C:\Users\admin\Desktop\FRST64.exe
2014-05-06 14:26 - 2011-04-12 09:43 - 00699666 ____C () C:\Windows\system32\perfh007.dat
2014-05-06 14:26 - 2011-04-12 09:43 - 00149774 ____C () C:\Windows\system32\perfc007.dat
2014-05-06 14:26 - 2009-07-14 07:13 - 01620612 ____C () C:\Windows\system32\PerfStringBackup.INI
2014-05-06 14:22 - 2013-10-03 12:40 - 00000000 __RDC () C:\Users\admin\Dropbox
2014-05-06 14:22 - 2013-10-03 12:32 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\Dropbox
2014-05-06 14:19 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT
2014-05-06 14:19 - 2009-07-14 06:51 - 00097440 ____C () C:\Windows\setupact.log
2014-05-04 19:50 - 2012-09-10 18:46 - 00001120 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000UA.job
2014-05-04 19:18 - 2012-08-26 09:59 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-04 19:07 - 2014-03-09 20:07 - 00000292 ____C () C:\Windows\Tasks\UpdaterEX.job
2014-05-04 18:34 - 2013-08-27 13:26 - 00068608 ____C (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-05-04 18:33 - 2014-05-04 18:33 - 00022016 ____C (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys
2014-05-04 18:33 - 2014-05-04 18:33 - 00001978 ____C () C:\Users\Public\Desktop\G Data InternetSecurity.lnk
2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf
2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity
2014-05-04 18:33 - 2013-08-27 13:25 - 00135168 ____C (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-05-04 18:33 - 2013-08-27 13:25 - 00065024 ____C (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-05-04 18:33 - 2013-08-27 13:25 - 00064000 ____C (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys
2014-05-04 18:33 - 2013-08-27 13:25 - 00057344 ____C (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-05-04 18:32 - 2012-07-11 15:45 - 00015006 ____C () C:\Windows\DPINST.LOG
2014-05-04 18:31 - 2013-08-27 13:18 - 00000000 ___DC () C:\ProgramData\G Data
2014-05-04 18:23 - 2014-03-09 20:07 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\SupTab
2014-05-04 12:59 - 2014-03-09 20:07 - 00000000 ___DC () C:\ProgramData\IePluginService
2014-05-04 12:11 - 2014-05-04 12:11 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\DropboxMaster
2014-05-04 12:11 - 2013-10-03 12:40 - 00001017 ____C () C:\Users\admin\Desktop\Dropbox.lnk
2014-05-04 12:11 - 2013-10-03 12:34 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-04 12:11 - 2012-07-11 15:28 - 00000000 __RDC () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-02 15:04 - 2014-05-02 15:04 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-02 15:04 - 2014-05-02 15:04 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-02 14:55 - 2012-09-10 18:51 - 00002356 ____C () C:\Users\admin\Desktop\Google Chrome.lnk
2014-04-29 17:21 - 2012-08-26 09:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-29 17:21 - 2012-07-11 16:40 - 00692400 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 17:21 - 2012-07-11 16:40 - 00070832 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 16:26 - 2009-07-14 05:20 - 00000000 _RHDC () C:\Users\Public\Libraries
2014-04-27 15:44 - 2009-07-14 04:34 - 00000603 ____C () C:\Windows\win.ini
2014-04-27 15:42 - 2014-03-09 20:05 - 00000000 ___DC () C:\Program Files (x86)\Mega Browse
2014-04-27 12:51 - 2012-07-12 16:54 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-27 12:51 - 2010-11-21 05:47 - 00253072 ____C () C:\Windows\PFRO.log
2014-04-25 18:42 - 2014-02-16 16:40 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox.bak
2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieUserList
2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieSiteList
2014-04-24 12:33 - 2014-04-25 19:14 - 00061120 ____C (StdLib) C:\Windows\system32\Drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys
2014-04-23 21:53 - 2014-03-09 20:03 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\sweet-page
2014-04-23 21:51 - 2014-04-23 21:51 - 00003118 ____C () C:\Windows\System32\Tasks\{21B6F604-8461-453F-BFD3-BE07AD712FDB}
2014-04-22 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-22 14:31 - 2009-07-14 05:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions
2014-04-22 13:11 - 2014-04-22 13:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-22 13:11 - 2014-04-22 13:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-22 13:11 - 2014-04-22 13:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-22 13:11 - 2014-04-22 13:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-22 13:11 - 2014-04-22 13:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-22 13:11 - 2014-04-22 13:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-22 13:11 - 2014-04-22 13:02 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-22 13:11 - 2014-04-22 13:02 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-22 13:11 - 2014-04-22 13:02 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-22 13:11 - 2014-04-22 13:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-22 13:11 - 2014-04-22 13:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-22 11:50 - 2012-09-10 18:46 - 00001068 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000Core.job
2014-04-19 23:59 - 2014-04-19 23:57 - 00282775 ____C () C:\Users\admin\Downloads\YouTube-Unblocker-055.crx
2014-04-19 15:17 - 2014-03-09 20:15 - 00000000 ___DC () C:\ProgramData\Oracle
2014-04-19 15:16 - 2014-04-19 15:15 - 00004224 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log
2014-04-19 15:16 - 2012-07-21 14:20 - 00000000 ___DC () C:\Program Files (x86)\Java
2014-04-14 20:13 - 2014-04-19 15:16 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-04-14 20:05 - 2014-04-19 15:16 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-04-14 20:05 - 2014-04-19 15:16 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-04-14 20:04 - 2014-04-19 15:16 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-04-10 19:33 - 2014-04-10 19:33 - 00106272 ____C (G Data Software) C:\Windows\system32\Drivers\GRD.sys
2014-04-10 19:33 - 2014-04-10 19:33 - 00019016 ____C (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys
2014-04-09 23:17 - 2014-04-09 15:42 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 23:17 - 2014-04-09 15:42 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 23:17 - 2014-04-09 15:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 23:17 - 2014-04-09 15:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 23:17 - 2013-08-11 10:17 - 00000000 ___DC () C:\Windows\system32\MRT
2014-04-09 23:13 - 2014-04-09 15:42 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 23:13 - 2014-04-09 15:42 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 23:13 - 2014-04-09 15:42 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 23:13 - 2014-04-09 15:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 23:13 - 2012-07-11 17:03 - 90655440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 23:12 - 2014-04-09 15:42 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-06 11:13 - 2014-04-02 19:21 - 00000000 ___DC () C:\Users\admin\Downloads\5SOS
Some content of TEMP:
====================
C:\Users\admin\AppData\Local\Temp\abelssoft.setup.exe
C:\Users\admin\AppData\Local\Temp\AskSLib.dll
C:\Users\admin\AppData\Local\Temp\AutoRun.exe
C:\Users\admin\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\admin\AppData\Local\Temp\Browser_Helper_Companion_DE.exe
C:\Users\admin\AppData\Local\Temp\drm_dialogs.dll
C:\Users\admin\AppData\Local\Temp\drm_dyndata_7390004.dll
C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6uei_x.dll
C:\Users\admin\AppData\Local\Temp\First15.exe
C:\Users\admin\AppData\Local\Temp\IMsetup.exe
C:\Users\admin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe
C:\Users\admin\AppData\Local\Temp\mconduitinstaller.exe
C:\Users\admin\AppData\Local\Temp\mgsqlite3.dll
C:\Users\admin\AppData\Local\Temp\mism.exe
C:\Users\admin\AppData\Local\Temp\nitro_reader3_64.exe
C:\Users\admin\AppData\Local\Temp\SCC.dll
C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe
C:\Users\admin\AppData\Local\Temp\sqlite3.dll
C:\Users\admin\AppData\Local\Temp\TubeBoxSetup.exe
C:\Users\admin\AppData\Local\Temp\VP6Install.exe
C:\Users\admin\AppData\Local\Temp\VP6VFW.dll
C:\Users\admin\AppData\Local\Temp\{415CB889-DB93-4371-AF25-073E3E4E4CEC}-28.0.1500.72_28.0.1500.71_chrome_updater.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-04-29 17:59
==================== End Of Log ============================
und Addition.txt: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-05-2014
Ran by admin at 2014-05-06 14:44:50
Running from C:\Users\admin\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: G Data InternetSecurity (Enabled - Up to date) {545C8713-0744-B079-87F8-349A6D5C8CF0}
AS: G Data InternetSecurity (Enabled - Up to date) {EF3D66F7-217E-BFF7-BD48-0FE816DBC64D}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: G Data Personal Firewall (Enabled) {6C670636-4D2B-B121-ACA7-9DAF938FCB8B}
==================== Installed Programs ======================
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Adobe Shockwave Player (HKLM-x32\...\{A7DB362E-16DC-4E29-8A34-E74381E00B5B}) (Version: 10.1.4.020 - Adobe Systems, Inc.)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.6.147 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Ask Toolbar (HKLM-x32\...\{434D452D-5637-006A-76A7-A758B70C0A06}) (Version: 12.10.6.4906 - APN, LLC) <==== ATTENTION
Ask Toolbar (HKLM-x32\...\{86D4B82A-ABED-442A-BE86-96357B70F4FE}) (Version: 1.15.4.0 - Ask.com) <==== ATTENTION
Audacity 1.2.6 (HKLM-x32\...\Audacity_is1) (Version: - )
Bing-Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.171.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom 802.11 Wireless Driver (HKLM-x32\...\{8991E763-21F5-4DEA-A938-5D9D77DCB488}) (Version: 1.0.0.0 - )
BrowserCompanion (HKLM-x32\...\BrowserCompanion) (Version: - ) <==== ATTENTION
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DC Universe Online Live (HKCU\...\SOE-DC Universe Online Live PSG) (Version: - Sony Online Entertainment)
DC Universe Online PSG (HKCU\...\soe-DC Universe Online PSG) (Version: 1.0.3.183 - Sony Online Entertainment)
Die Sims 2 (HKLM-x32\...\{6E7DD182-9FC6-4651-0095-2E666CC6AF35}) (Version: - )
Dropbox (HKCU\...\Dropbox) (Version: 2.6.31 - Dropbox, Inc.)
DVD Suite (HKLM-x32\...\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 5.0.1319 - CyberLink Corporation)
DVDVideoSoftTB Toolbar (HKLM-x32\...\DVDVideoSoftTB Toolbar) (Version: 6.9.0.16 - DVDVideoSoftTB)
Energy Management (HKLM-x32\...\{0CE226F3-EB27-4ECD-BBF5-F088716779FD}) (Version: 5.4.1.9 - Lenovo)
ETDWare PS/2-x64 7.0.4.17_WHQL (HKLM\...\Elantech) (Version: 7.0.4.17 - ELAN Microelectronics Corp.)
Extended Update (HKCU\...\UpdaterEX) (Version: - Extended Update)
Facebook Messenger 2.1.4814.0 (HKLM-x32\...\{7204BDEE-1A48-4D95-A964-44A9250B439E}) (Version: 2.1.4814.0 - Facebook)
Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.2.13.304 - DVDVideoSoft Ltd.)
Free Video Flip and Rotate version 2.1.8.622 (HKLM-x32\...\Free Video Flip and Rotate_is1) (Version: 2.1.8.622 - DVDVideoSoft Ltd.)
Free YouTube to MP3 Converter version 3.11.31.917 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.11.31.917 - DVDVideoSoft Ltd.)
G Data InternetSecurity (HKLM-x32\...\{85203592-3610-4FB9-AA11-15B2255B5A12}) (Version: 25.0.1.2 - G Data Software AG)
Google Chrome (HKCU\...\Google Chrome) (Version: 34.0.1847.131 - Google Inc.)
Google+ Auto Backup (HKCU\...\Google+ Auto Backup) (Version: 1.0.25.133 - Google, Inc.)
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
HDPlayer (HKLM-x32\...\1ClickDownload) (Version: 2.1 Build 26473 - HDPlayer) <==== ATTENTION
HDvid Codec V6.0 (HKLM-x32\...\HDvid Codec V6.0) (Version: 1.31.153.0 - installdaddy) <==== ATTENTION
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
ICQ7M (HKLM-x32\...\{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}) (Version: 7.8 - ICQ)
IePluginService12.27.0.3413 (HKLM-x32\...\IePlugins) (Version: 12.27.0.3413 - Cherished Technololgy LIMITED) <==== ATTENTION
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 39 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216033FF}) (Version: 6.0.390 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
K-Lite Codec Pack 6.0.4 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 6.0.4 - )
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ecc-B6BD-9C31E51D0332}) (Version: 1.10.01.29.1 - Vimicro)
Lenovo_Wireless_Driver (HKLM-x32\...\{28ABE740-47F3-441B-9437-852F6A64EFF8}) (Version: 1.02.01 - Lenovo)
Mathica (HKLM-x32\...\{511C626A-66BB-4E4D-8A23-5E8D52B8FA32}) (Version: 1.00.0000 - BrainGame Publishing GmbH)
Mega Browse (HKLM\...\Mega Browse) (Version: 2014.03.07.194536 - Mega Browse) <==== ATTENTION
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC100_CRT_x86 (HKLM-x32\...\{6FDDB201-2CA0-42BD-973F-7B2C4A61EA3F}) (Version: 1.0.0 - Microsoft)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
My Video Converter 1.0.0 (HKLM-x32\...\My Video Converter_is1) (Version: - Ether Software)
Nero 7 Essentials (HKLM-x32\...\{45B3A3BD-F90D-48FE-A147-D74878A51031}) (Version: 7.03.0920 - Nero AG)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.59.37 - NVIDIA Corporation)
NVIDIA Updatus (x32 Version: 1.0.3 - NVIDIA Corporation) Hidden
OpenOffice.org 3.4 (HKLM-x32\...\{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}) (Version: 3.4.9590 - OpenOffice.org)
phase-6 2.1.1 (HKLM-x32\...\phase-6) (Version: 2.1.1 - phase-6)
phase-6 Feeding Tool 1.1.4 (HKLM-x32\...\phase-6 Feeding Tool) (Version: 1.1.4 - phase-6)
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PowerDVD (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 7.0.3409.a - CyberLink Corporation)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6128 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7600.30117 - Realtek Semiconductor Corp.)
RtLED (HKLM\...\{5ACF5427-B4E4-4F85-A512-151E0BECF7E3}) (Version: 1.0.2 - Realtek Semiconductor Corp.)
Serif PhotoPlus X5 (HKLM-x32\...\{617E7009-0C50-4178-B0E2-F9D66DC8A582}) (Version: 15.0.1.011 - Serif (Europe) Ltd)
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Spotify (HKCU\...\Spotify) (Version: 0.9.8.296.g91f68827 - Spotify AB)
sweet-page uninstaller (HKLM-x32\...\sweet-page uninstaller) (Version: - sweet-page) <==== ATTENTION
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tomb Raider: Legend 1.0 (HKLM-x32\...\Tomb Raider: Legend) (Version: - )
Video Booth (HKLM-x32\...\VideoBooth) (Version: 2.4.3.6 - )
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows-Treiberpaket - Lenovo (ACPIVPC) System (10/19/2009 5.4.0.1) (HKLM\...\0A4175B489A1B4A6E07E11B063A6263480C51D71) (Version: 10/19/2009 5.4.0.1 - Lenovo)
WPM17.8.0.3442 (HKLM-x32\...\WPM) (Version: 17.8.0.3442 - Cherished Technololgy LIMITED) <==== ATTENTION
YouTube Song Downloader (HKLM-x32\...\{4281435C-AD1D-4C8A-B9C0-3961C11EF142}_is1) (Version: 8.2 - Abelssoft) <==== ATTENTION
==================== Restore Points =========================
25-04-2014 16:50:56 Windows Update
29-04-2014 14:38:10 Windows Update
02-05-2014 13:03:29 Windows Update
06-05-2014 12:34:15 Windows Update
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ___AC C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {07A7A0B3-DC39-409C-8105-08739FFD9F24} - System32\Tasks\HDvid Codec V6.0-chromeinstaller => C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-chromeinstaller.exe [2013-12-10] (installdaddy) <==== ATTENTION
Task: {27A563B1-6132-4C51-B4CD-1DE36D81B04F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-29] (Adobe Systems Incorporated)
Task: {4B3D5B8F-DC41-45B0-8070-9A2C4F66439B} - System32\Tasks\HDvid Codec V6.0-updater => C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-updater.exe [2013-12-10] (installdaddy) <==== ATTENTION
Task: {5760FBF8-04B6-45A3-87DB-EEB16B6265D5} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000UA => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-22] (Facebook Inc.)
Task: {5F0A49FA-4272-49D8-A165-A5247437C758} - System32\Tasks\Scheduled Update for Ask Toolbar => C:\Program Files (x86)\Ask.com\UpdateTask.exe <==== ATTENTION
Task: {717D1D81-A2BA-4F60-9723-44F9F9912197} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000Core => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-09-22] (Facebook Inc.)
Task: {A6E7597F-5926-456A-8BDD-8EF63F778F50} - System32\Tasks\UpdaterEX => C:\Users\admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
Task: {B5F8DA91-295A-42F9-A7B6-460B667FA83E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {C54066E5-6B0A-4062-A56C-FDBBAF1B7A6E} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000UA => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-10] (Google Inc.)
Task: {DF31F11A-D7B3-45D4-96D2-3091768B5EA2} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000Core => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-10] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000Core.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000UA.job => C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000Core.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000UA.job => C:\Users\admin\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HDvid Codec V6.0-chromeinstaller.job => C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-chromeinstaller.exe <==== ATTENTION
Task: C:\Windows\Tasks\HDvid Codec V6.0-updater.job => C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-updater.exe <==== ATTENTION
Task: C:\Windows\Tasks\UpdaterEX.job => C:\Users\admin\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
==================== Loaded Modules (whitelisted) =============
2012-09-20 19:18 - 2012-09-20 19:19 - 07244800 _____ () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe
2013-12-19 04:42 - 2013-12-19 04:42 - 00350840 ____N () C:\Program Files (x86)\Common Files\G Data\AVKProxy\PktIcpt2x64.dll
2012-07-11 16:36 - 2007-05-14 04:54 - 00272024 ____N () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe
2012-01-10 21:12 - 2012-01-10 21:12 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-11 16:13 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2012-07-11 16:13 - 2009-07-15 15:55 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2013-09-28 15:17 - 2014-04-09 22:43 - 00602680 ____C () C:\Users\admin\AppData\Roaming\Spotify\Data\SpotifyHelper.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 ____C () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-09-14 02:51 - 2013-09-14 02:51 - 00087952 ____C () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
2013-09-14 02:50 - 2013-09-14 02:50 - 01242952 ____C () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
2014-05-02 14:54 - 2014-04-24 02:33 - 00065352 ____C () C:\Users\admin\AppData\Local\Google\Chrome\Application\34.0.1847.131\chrome_elf.dll
2014-05-06 14:20 - 2014-05-06 14:20 - 00041984 ____C () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp6uei_x.dll
2013-10-19 01:55 - 2013-10-19 01:55 - 25100288 ____C () C:\Users\admin\AppData\Roaming\Dropbox\bin\libcef.dll
2014-05-02 14:54 - 2014-04-24 02:33 - 00674632 ____C () C:\Users\admin\AppData\Local\Google\Chrome\Application\34.0.1847.131\libglesv2.dll
2014-05-02 14:54 - 2014-04-24 02:33 - 00093000 ____C () C:\Users\admin\AppData\Local\Google\Chrome\Application\34.0.1847.131\libegl.dll
2014-05-02 14:54 - 2014-04-24 02:33 - 04081480 ____C () C:\Users\admin\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll
2014-05-02 14:55 - 2014-04-24 02:33 - 00390472 ____C () C:\Users\admin\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll
2014-05-02 14:54 - 2014-04-24 02:33 - 01647432 ____C () C:\Users\admin\AppData\Local\Google\Chrome\Application\34.0.1847.131\ffmpegsumo.dll
2012-09-30 10:31 - 2014-04-09 22:43 - 36966968 ____C () C:\Users\admin\AppData\Roaming\Spotify\Data\libcef.dll
2013-09-28 15:17 - 2014-04-09 22:43 - 00886840 ____C () C:\Users\admin\AppData\Roaming\Spotify\Data\libglesv2.dll
2013-09-28 15:17 - 2014-04-09 22:43 - 00108600 ____C () C:\Users\admin\AppData\Roaming\Spotify\Data\libegl.dll
2014-04-29 17:21 - 2014-04-29 17:21 - 16351920 ____C () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (05/06/2014 02:21:23 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2014 06:38:49 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2014 01:03:29 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2014 11:59:52 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 02:26:28 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 02:26:17 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Local Hostname Victoria.local already in use; will try Victoria-2.local instead
Error: (05/02/2014 02:26:17 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Victoria.local. Addr 192.168.2.101
Error: (05/02/2014 02:26:17 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 4 Victoria.local. Addr 192.168.2.108
Error: (04/29/2014 07:02:27 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/29/2014 04:34:00 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (05/06/2014 02:21:04 PM) (Source: Service Control Manager) (User: ) (EventID: 7022)
Description: Der Dienst "G Data Personal Firewall" wurde nicht richtig gestartet.
Error: (05/06/2014 02:19:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (05/06/2014 02:19:42 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Update Mega Browse" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/04/2014 06:38:40 PM) (Source: Service Control Manager) (User: ) (EventID: 7022)
Description: Der Dienst "G Data Personal Firewall" wurde nicht richtig gestartet.
Error: (05/04/2014 06:37:19 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (05/04/2014 06:37:19 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Update Mega Browse" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/04/2014 01:01:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "WebcamMax, WDM Video Capture" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error: (05/04/2014 01:01:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Util Mega Browse" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/04/2014 01:01:48 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "Update Mega Browse" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (05/04/2014 01:01:45 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "IePlugin Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (05/06/2014 02:21:23 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2014 06:38:49 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2014 01:03:29 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/04/2014 11:59:52 AM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 02:26:28 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/02/2014 02:26:17 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: Local Hostname Victoria.local already in use; will try Victoria-2.local instead
Error: (05/02/2014 02:26:17 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: mDNSCoreReceiveResponse: ProbeCount 1; will deregister 4 Victoria.local. Addr 192.168.2.101
Error: (05/02/2014 02:26:17 PM) (Source: Bonjour Service) (User: ) (EventID: 100)
Description: mDNSCoreReceiveResponse: Received from 192.168.2.108:5353 4 Victoria.local. Addr 192.168.2.108
Error: (04/29/2014 07:02:27 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (04/29/2014 04:34:00 PM) (Source: WinMgmt) (User: ) (EventID: 10)
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Percentage of memory in use: 83%
Total physical RAM: 1844.43 MB
Available physical RAM: 296.91 MB
Total Pagefile: 3920.85 MB
Available Pagefile: 383.88 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:310.07 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E97E2011)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
07.05.2014, 08:50
| #4 |
| /// the machine /// TB-Ausbilder | MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? Revo Uninstaller - Download - Filepony Damit alles deinstallieren was Du in der Additional.txt findest mit dem Zusatz <== ATTENTION Mit Revo auch Moderat die Reste entfernen lassen. Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
08.05.2014, 19:04
| #5 |
| | MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? hier der mbam.txt: (wobei ich anmerken muss, das sich beim ersten Versuch das Programm aufgehangen hat und ich den Scan abbrechen und dann erneut starten musste) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 08.05.2014 Scan Time: 18:44:33 Logfile: mbam.txt Administrator: Yes Version: 0.00.0.0000 Malware Database: v0000.00.00.00 Rootkit Database: v0000.00.00.00 License: Trial Malware Protection: Disabled Malicious Website Protection: Disabled Chameleon: Disabled OS: Windows 7 Service Pack 1 CPU: x64 File System: NTFS User: admin Scan Type: Threat Scan Result: Completed Objects Scanned: 2907 Time Elapsed: 5 min, 2 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Shuriken: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) AdwCleaner: Code:
ATTFilter # AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 18:55:59
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : admin - VICTORIA
# Gestartet von : C:\Users\admin\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : APNMCP
[#] Dienst Gelöscht : Update Mega Browse
[#] Dienst Gelöscht : Wpm
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\apn
Ordner Gelöscht : C:\ProgramData\AskPartnerNetwork
Ordner Gelöscht : C:\ProgramData\IePluginService
Ordner Gelöscht : C:\ProgramData\WPM
Ordner Gelöscht : C:\Program Files (x86)\AskPartnerNetwork
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\Mega Browse
Ordner Gelöscht : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Ordner Gelöscht : C:\Users\admin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\admin\AppData\Local\Temp\apn
Ordner Gelöscht : C:\Users\admin\AppData\Local\Temp\AskSearch
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\BrowserCompanion
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\OpenCandy
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\sweet-page
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Systweak
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\UpdaterEX
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Smartbar
Ordner Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\{ACAA314B-EEBA-48E4-AD47-84E31C44796C}
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweet-page.xml
Datei Gelöscht : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\user.js
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage
Datei Gelöscht : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.softonic.de_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Datei Gelöscht : C:\Windows\Tasks\UpdaterEX.job
Datei Gelöscht : C:\Windows\System32\Tasks\UpdaterEX
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\updateMegaBrowse_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\utilMegaBrowse_RASMANCS
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_free-youtube-download_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freemium-tubebox_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_freemium-tubebox_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-booth-fur-windows-7_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_photo-booth-fur-windows-7_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C007DADD-132A-624C-088E-59EE6CF0711F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4E6CD411-CE62-4584-97FF-6AFBCF6900AF}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6F04B79-1D2F-4FD9-8DFA-7313710BB570}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BD358EB8-B3C9-417B-9FF4-8A851153ABB6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Blabbers
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Mega Browse
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\systweak
Schlüssel Gelöscht : HKCU\Software\UpdaterEX
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskPartnerNetwork
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\IePlugin
Schlüssel Gelöscht : HKLM\Software\Mega Browse
Schlüssel Gelöscht : HKLM\Software\supTab
Schlüssel Gelöscht : HKLM\Software\supWPM
Schlüssel Gelöscht : HKLM\Software\sweet-pageSoftware
Schlüssel Gelöscht : HKLM\Software\systweak
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IePlugins
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mega Browse
Daten Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\prefs.js ]
Zeile gelöscht : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Zeile gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\":\"Hotmix 108\",\"url\":\"hxxp://67.202.67.18:8082\"}");
Zeile gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "HAMELN");
Zeile gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "DE");
Zeile gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.FirstTime", "true");
Zeile gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Zeile gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
Zeile gelöscht : user_pref("CT2269050.UserID", "UN24995043965451602");
Zeile gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Zeile gelöscht : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Zeile gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Zeile gelöscht : user_pref("CT2269050.enableAlerts", "always");
Zeile gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Zeile gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Zeile gelöscht : user_pref("CT2269050.fixUrls", true);
Zeile gelöscht : user_pref("CT2269050.installType", "Unknown");
Zeile gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);
Zeile gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Zeile gelöscht : user_pref("CT2269050.isNewTabEnabled", true);
Zeile gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Zeile gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Zeile gelöscht : user_pref("CT2269050.keyword", true);
Zeile gelöscht : user_pref("CT2269050.migrateAppsAndComponents", true);
Zeile gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_SEARCH_TERM\":\"Web\\r\\n Bilder\\r\\n\\r\\nThema anzeigen\",\"EB_TOOLBAR_S[...]
Zeile gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Zeile gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Zeile gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Zeile gelöscht : user_pref("CT2269050.search.searchCount", "0");
Zeile gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Zeile gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2269050\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://DVDVideoSoftTB.OurToolbar.com//xpi\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"DVDVideoSoftTB\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1349526364533");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1349526364213");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1349526367763");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1349526364797");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1349526365259");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1349526367874");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1349526361111");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1349526360595");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1349526367670");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1349526361293");
Zeile gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1349526364436");
Zeile gelöscht : user_pref("CT2269050.settingsINI", true);
Zeile gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Zeile gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Zeile gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Zeile gelöscht : user_pref("CT2269050.smartbar.homepage", true);
Zeile gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Zeile gelöscht : user_pref("CT2269050.toolbarBornServerTime", "6-10-2012");
Zeile gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "6-10-2012");
Zeile gelöscht : user_pref("CT2269050.toolbarDisabled", "true");
Zeile gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1349526351740,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Zeile gelöscht : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT2269050&SearchSource=13");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "DVDVideoSoftTB Customized Web Search");
Zeile gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=");
Zeile gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=CLM&o=15427&locale=de_DE&apn_uid=72d64421-03a2-4925-baa9-d081be206c34&apn_ptnrs=LE&apn_sauid=3[...]
Zeile gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Zeile gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Zeile gelöscht : user_pref("browser.search.order.1", "Ask.com");
Zeile gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://www.searchplusnetwork.com/?sp=vit4&q=");
-\\ Google Chrome v
[ Datei : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&ctid=CT2269050
Gelöscht [Search Provider] : hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=CLM&o=15427&locale=de_DE&apn_uid=&apn_ptnrs=LE&apn_sauid=&apn_dtid=YYYYYYYYDE&psv=&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.search.ask.com/web?tpid=CME-V7&o=APN11289&pf=&p2=%5EB7J%5EYYYYYY%5EYY%5EDE&gct=&itbv=12.7.0.2278&doi=2013-12-10&apn_uid=DE397DE2-3FE3-415B-B4FA-54B9D24744A0&apn_ptnrs=%5EB7J&apn_dtid=%5EYYYYYY%5EYY%5EDE&apn_dbr=cr_31.0.1650.63&psv=barid%253D20630860083986873348682706986204298628%2526cargo%253DCME%252DV7%2526spr%253Da%2526did%253D10714%2526ppd%253D&trgb=CR&tbv=&crxv=&q={searchTerms}
Gelöscht [Search Provider] : hxxp://www.softonic.de/s/{searchTerms}
Gelöscht [Search Provider] : hxxp://www.sweet-page.com/web/?type=ds&ts=1394388143&from=cor&uid=WDCXWD5000BPKT-00PK4T0_WD-WX11EC1R6134R6134&q={searchTerms}
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_18_ff&cd=2XzuyEtN2Y1L1Qzu0AtDzzzzyCzytAyByEtByE0E0F0EtA0FtN0D0Tzu0SzzyDtBtN1L2XzutBtFtBtDtFyCtFtDtN1L1CzutCyEtDtAtDyD1V1StN1L1G1B1V1N2Y1L1Qzu2SyCtD0C0AtBtC0EzztG0FtCyByDtGzyzzyD0AtG0DzytD0DtGtB0F0EtBtB0FyD0FtD0D0Azz2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyE0FtB0FyE0EyDyDtGtB0EtD0AtGyD0CtDtCtG0D0FtAzytGtA0FyCzytAyDyB0CtCzytD0C2Q&cr=1995714700&ir=
Gelöscht [Extension] : bodddioamolcibagionmmobehnbhiakf
Gelöscht [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
*************************
AdwCleaner[R0].txt - [25491 octets] - [08/05/2014 18:51:44]
AdwCleaner[S0].txt - [23495 octets] - [08/05/2014 18:55:59]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23556 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by admin on 08.05.2014 at 19:24:49,41
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{A0D55E76-09FC-48C2-9FF9-B2DBD5197B25}
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\admin\AppData\Roaming\getrighttogo"
~~~ FireFox
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\7ab8q7a8.default\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 19:49:51,84
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-05-2014 Ran by admin (administrator) on VICTORIA on 08-05-2014 19:51:13 Running from C:\Users\admin\Desktop Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe (Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe () C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe (Malwarebytes Corporation) C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe () C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLEDService.exe (Realtek Semiconductor Corp.) C:\Program Files\Realtek\RtLED\RtLED.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GdBgInx64.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\GDKBFltExe32.exe (Intel Corporation) C:\Windows\System32\igfxtray.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe (Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) C:\Windows\System32\StikyNot.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Dropbox, Inc.) C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (G Data Software AG) C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe (APN LLC.) C:\Users\admin\AppData\Local\VNT\vntldr.exe (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe (G Data Software AG) C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKBap64.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10821224 2010-06-02] (Realtek Semiconductor) HKLM\...\Run: [ETDWare] => C:\Program Files\Elantech\ETDCtrl.exe [2598280 2010-03-29] (ELAN Microelectronics Corp.) HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\utility.exe [4462496 2010-04-12] (Lenovo(beijing) Limited) HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [7056800 2010-03-18] (Lenovo (Beijing) Limited) HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [17412200 2010-04-07] (NVIDIA Corporation) HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [GDFirewallTray] => C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1724728 2013-12-19] (G Data Software AG) HKLM-x32\...\Run: [G Data ASM] => C:\Program Files (x86)\G Data\InternetSecurity\DelayLoader\AutorunDelayLoader.exe [431224 2013-12-19] (G Data Software AG) HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2249352 2013-06-20] (Microsoft Corp.) HKLM-x32\...\Run: [VNT] => C:\Program Files (x86)\VNT\vntldr.exe [196048 2014-03-19] (APN LLC.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation) HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe,c:\program files (x86)\g data\internetsecurity\avkkid\avkcks.exe,C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation) HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720 2013-11-20] (Apple Inc.) HKU\S-1-5-21-3409214283-677167080-1938789171-1000\...\Run: [GoogleChromeAutoLaunch_A822CA3D40D4B8944864CFEA751D8D57] => C:\Users\admin\AppData\Local\Google\Chrome\Application\chrome.exe [841032 2014-04-24] (Google Inc.) AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [95848 2010-04-07] (NVIDIA Corporation) Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> C:\Users\admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x7A0CB3A92060CD01 HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://www.google.com/search?q={sear BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) DPF: HKLM-x32 {9E2CD2C3-4DDA-4473-B904-B8E6D0DBAB86} hxxp://consumersupport.lenovo.com/ge/en/SmartDownloading/cab/npdueng.cab Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.2.1 FireFox: ======== FF ProfilePath: C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll () FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll () FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1206147.dll (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF Plugin-x32: @lenovo.com/dueng,version=2.0 - C:\Windows\system32\lenovo\update\npdueng.dll No File FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\admin\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) FF Plugin HKCU: facebook.com/fbDesktopPlugin - C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll (Facebook, Inc.) FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: Foxdie - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\Foxdie@tanjihay.com [2012-08-20] FF Extension: Personas Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\personas@christopher.beard.xpi [2012-08-12] FF Extension: Updated Ad Blocker for Firefox 11+ - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\{4DC70064-89E2-4a55-8FC6-E8CDEAE3618C}.xpi [2013-10-06] FF Extension: Adblock Plus - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\7ab8q7a8.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-12-22] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-29] FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} [2014-03-29] FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ FF Extension: Download videos and MP3s from YouTube - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [] Chrome: ======= CHR HomePage: hxxp://www.google.com CHR StartupUrls: "hxxp://google.de/" CHR Extension: (Duolingo) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiahmijlpehemcpleichkcokhegllfjl [2013-07-07] CHR Extension: (Theme Creator) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\akpelnjfckgfiplcikojhomllgombffc [2013-07-06] CHR Extension: (Radio UK) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmkagpegbacdkfenpgimgihkcplmpdh [2013-07-06] CHR Extension: (YouTube) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-10] CHR Extension: (Chromoji - Emoji for Google Chrome™) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cahedbegdkagmcjfolhdlechbkeaieki [2014-04-03] CHR Extension: (Webseiten-Screenshot - Webpage Screenshot) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki [2014-03-27] CHR Extension: (Google-Suche) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-10] CHR Extension: (Sighpic) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\diclpocmbllagclnooehpmpjbccmmnpi [2013-07-07] CHR Extension: (Puzzle & Skill Games) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\djpbeidibgdgnhcgoamegepdcgmnlbaj [2013-07-05] CHR Extension: (AdBlock) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-18] CHR Extension: (Cut the Rope) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkddaofiamhgfjmaccfcfpfolpgbeomj [2013-07-05] CHR Extension: (Online TV From Ireland) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kloeijnimhipefjhgcidooaojgciifcn [2014-02-04] CHR Extension: (Webpage Screenshot Gallery) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohfjeijmlcjiofmmcfichimcnbclkhp [2014-03-17] CHR Extension: (Water's Valley) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\lhpodmbdlgmgffpgbennemfkjhhaocfl [2014-02-04] CHR Extension: (Uphill Rush Spielesammlung) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\molaaggdgdhfdkbjljdjohccdbicagej [2013-07-07] CHR Extension: (Google Wallet) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-30] CHR Extension: (GIFPAL) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\noohoboklgjeccnihfkbdakbchbhjlch [2013-07-06] CHR Extension: (YouTube Unblocker) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\npnkeeiehehhefofiekoflfedgehcdhl [2014-04-19] CHR Extension: (Draw My Thing) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\odpjeimbfolekeldhfddmbemmpiffkch [2013-07-05] CHR Extension: (Google Mail) - C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-10] CHR HKCU\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\admin\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-07-04] CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-03-15] CHR HKLM-x32\...\Chrome\Extension: [aaaajabnoiehionljhjpclogplgillib] - C:\ProgramData\AskPartnerNetwork\Toolbar\CME-V7\CRX\ToolbarCR.crx [2014-03-15] CHR HKLM-x32\...\Chrome\Extension: [bcfjehbfanfhgoehogmbiebedkidedjb] - C:\Users\admin\AppData\Local\CRE\bcfjehbfanfhgoehogmbiebedkidedjb.crx [2013-07-04] ==================== Services (Whitelisted) ================= R2 AVKProxy; C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe [2244728 2014-02-12] (G Data Software AG) R2 AVKService; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe [914552 2013-12-19] (G Data Software AG) R2 AVKWCtl; C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlx64.exe [2723400 2014-03-25] (G Data Software AG) R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173192 2013-06-20] (Microsoft Corp.) R2 FreemiumSystemStoreService; C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.exe [7244800 2012-09-20] () R2 GDFwSvc; C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe [2992760 2014-01-30] (G Data Software AG) R2 GDScan; C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe [700024 2014-02-03] (G Data Software AG) R2 MBAMScheduler; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation) S2 MBAMService; C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation) S3 NMIndexingService; C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe [279848 2007-06-27] (Nero AG) R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe [272024 2007-05-14] () R2 RtLedService; C:\Program Files\Realtek\RtLED\RtLEDService.exe [311296 2010-02-05] (Realtek Semiconductor Corp.) ==================== Drivers (Whitelisted) ==================== R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [57344 2014-05-04] (G Data Software AG) R3 GDKBFlt; C:\Windows\system32\drivers\GDKBFlt64.sys [22016 2014-05-04] (G Data Software AG) R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [135168 2014-05-04] (G Data Software AG) R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [68608 2014-05-04] (G Data Software AG) R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd64.sys [64000 2014-05-04] (G Data Software AG) R1 GRD; C:\Windows\system32\drivers\GRD.sys [106272 2014-04-10] (G Data Software) R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [65024 2014-05-04] (G Data Software AG) R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation) S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-05-08] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation) S3 MWAC; \??\C:\Windows\system32\drivers\ [0 ] () S3 MWAC; \??\C:\Windows\SysWOW64\drivers\ [0 ] () R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [214912 2010-01-27] (Vimicro Corporation) S2 WCMVCAM; C:\Windows\System32\DRIVERS\wcmvcam64.sys [1071032 2012-04-15] (Windows (R) Win 7 DDK provider) S3 clwvd; system32\DRIVERS\clwvd.sys [X] S1 {29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64; system32\drivers\{29b136c9-938d-4d3d-8df8-d649d9b74d02}Gw64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-05-08 19:51 - 2014-05-08 19:51 - 00019342 ____C () C:\Users\admin\Desktop\FRST.txt 2014-05-08 19:49 - 2014-05-08 19:49 - 00001348 ____C () C:\Users\admin\Desktop\JRT.txt 2014-05-08 19:23 - 2014-05-08 19:23 - 00000000 ___DC () C:\Windows\ERUNT 2014-05-08 19:10 - 2014-05-08 19:11 - 01016261 ____C (Thisisu) C:\Users\admin\Desktop\JRT.exe 2014-05-08 19:08 - 2014-05-08 19:08 - 00023685 ____C () C:\Users\admin\Desktop\AdwCleaner[S0].txt 2014-05-08 18:54 - 2010-08-30 08:34 - 00536576 ____C (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll 2014-05-08 18:51 - 2014-05-08 19:01 - 00000000 ___DC () C:\AdwCleaner 2014-05-08 18:48 - 2014-05-08 18:48 - 00001044 ____C () C:\Users\admin\Desktop\mbam.txt 2014-05-08 18:38 - 2014-05-08 18:44 - 00000000 ___DC () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-07 19:52 - 2014-05-08 18:38 - 00119512 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-07 19:49 - 2014-05-07 19:49 - 00001102 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-07 19:49 - 2014-05-07 19:49 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-05-07 19:49 - 2014-05-07 19:49 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-07 19:49 - 2014-04-03 09:51 - 00088280 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys 2014-05-07 19:49 - 2014-04-03 09:51 - 00063192 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys 2014-05-07 19:49 - 2014-04-03 09:50 - 00025816 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys 2014-05-07 19:46 - 2014-05-07 19:46 - 01316991 ____C () C:\Users\admin\Desktop\adwcleaner.exe 2014-05-07 19:44 - 2014-05-07 19:47 - 17305616 ____C (Malwarebytes Corporation ) C:\Users\admin\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-07 19:44 - 2014-05-07 19:44 - 00001264 ____C () C:\Users\admin\Desktop\Revo Uninstaller.lnk 2014-05-07 19:44 - 2014-05-07 19:44 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group 2014-05-07 19:40 - 2014-05-07 19:41 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\admin\Desktop\revosetup95.exe 2014-05-06 15:04 - 2014-05-06 15:04 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-05-06 14:41 - 2014-05-06 15:04 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 14:41 - 2014-05-06 15:04 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 14:32 - 2014-05-08 19:51 - 00000000 ___DC () C:\FRST 2014-05-06 14:26 - 2014-05-06 14:28 - 02063872 ____C (Farbar) C:\Users\admin\Desktop\FRST64.exe 2014-05-04 18:33 - 2014-05-04 18:33 - 00022016 ____C (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-05-04 18:33 - 2014-05-04 18:33 - 00001978 ____C () C:\Users\Public\Desktop\G Data InternetSecurity.lnk 2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf 2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014-05-04 12:11 - 2014-05-04 12:11 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\DropboxMaster 2014-05-02 15:04 - 2014-05-02 15:04 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-02 15:04 - 2014-05-02 15:04 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieUserList 2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieSiteList 2014-04-23 21:51 - 2014-04-23 21:51 - 00003118 ____C () C:\Windows\System32\Tasks\{21B6F604-8461-453F-BFD3-BE07AD712FDB} 2014-04-22 13:04 - 2014-04-22 13:11 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-22 13:04 - 2014-04-22 13:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-22 13:03 - 2014-04-22 13:11 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-22 13:03 - 2014-04-22 13:11 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-22 13:03 - 2014-04-22 13:11 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-22 13:03 - 2014-04-22 13:11 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-22 13:02 - 2014-04-22 13:11 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-22 13:02 - 2014-04-22 13:11 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-22 13:02 - 2014-04-22 13:11 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-22 13:02 - 2014-04-22 13:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-22 13:02 - 2014-04-22 13:11 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-19 23:57 - 2014-04-19 23:59 - 00282775 ____C () C:\Users\admin\Downloads\YouTube-Unblocker-055.crx 2014-04-19 15:16 - 2014-04-14 20:13 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-19 15:16 - 2014-04-14 20:05 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-19 15:16 - 2014-04-14 20:05 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-19 15:16 - 2014-04-14 20:04 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-19 15:15 - 2014-04-19 15:16 - 00004224 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-10 19:33 - 2014-04-10 19:33 - 00106272 ____C (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-04-10 19:33 - 2014-04-10 19:33 - 00019016 ____C (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-04-09 15:42 - 2014-04-09 23:17 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 15:42 - 2014-04-09 23:17 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 15:42 - 2014-04-09 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 15:42 - 2014-04-09 23:17 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 15:42 - 2014-04-09 23:13 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 15:42 - 2014-04-09 23:13 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 15:42 - 2014-04-09 23:13 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 15:42 - 2014-04-09 23:12 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys 2014-04-09 15:42 - 2014-02-04 04:35 - 00274880 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys ==================== One Month Modified Files and Folders ======= 2014-05-08 19:52 - 2014-05-08 19:51 - 00019342 ____C () C:\Users\admin\Desktop\FRST.txt 2014-05-08 19:51 - 2014-05-06 14:32 - 00000000 ___DC () C:\FRST 2014-05-08 19:50 - 2012-09-10 18:46 - 00001120 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000UA.job 2014-05-08 19:49 - 2014-05-08 19:49 - 00001348 ____C () C:\Users\admin\Desktop\JRT.txt 2014-05-08 19:23 - 2014-05-08 19:23 - 00000000 ___DC () C:\Windows\ERUNT 2014-05-08 19:18 - 2012-08-26 09:59 - 00000884 ____C () C:\Windows\Tasks\Adobe Flash Player Updater.job 2014-05-08 19:13 - 2009-07-14 06:45 - 00021840 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2014-05-08 19:13 - 2009-07-14 06:45 - 00021840 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2014-05-08 19:11 - 2014-05-08 19:10 - 01016261 ____C (Thisisu) C:\Users\admin\Desktop\JRT.exe 2014-05-08 19:09 - 2011-04-12 09:43 - 00699666 ____C () C:\Windows\system32\perfh007.dat 2014-05-08 19:09 - 2011-04-12 09:43 - 00149774 ____C () C:\Windows\system32\perfc007.dat 2014-05-08 19:09 - 2009-07-14 07:13 - 01620612 ____C () C:\Windows\system32\PerfStringBackup.INI 2014-05-08 19:08 - 2014-05-08 19:08 - 00023685 ____C () C:\Users\admin\Desktop\AdwCleaner[S0].txt 2014-05-08 19:06 - 2013-10-03 12:40 - 00000000 __RDC () C:\Users\admin\Dropbox 2014-05-08 19:06 - 2013-10-03 12:32 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\Dropbox 2014-05-08 19:03 - 2010-11-21 05:47 - 00253654 ____C () C:\Windows\PFRO.log 2014-05-08 19:03 - 2009-07-14 07:08 - 00000006 ___HC () C:\Windows\Tasks\SA.DAT 2014-05-08 19:03 - 2009-07-14 06:51 - 00097720 ____C () C:\Windows\setupact.log 2014-05-08 19:02 - 2012-07-11 15:28 - 01432713 ____C () C:\Windows\WindowsUpdate.log 2014-05-08 19:01 - 2014-05-08 18:51 - 00000000 ___DC () C:\AdwCleaner 2014-05-08 18:48 - 2014-05-08 18:48 - 00001044 ____C () C:\Users\admin\Desktop\mbam.txt 2014-05-08 18:44 - 2014-05-08 18:38 - 00000000 ___DC () C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2014-05-08 18:38 - 2014-05-07 19:52 - 00119512 ____C (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2014-05-07 19:49 - 2014-05-07 19:49 - 00001102 ____C () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk 2014-05-07 19:49 - 2014-05-07 19:49 - 00000000 ___DC () C:\ProgramData\Malwarebytes 2014-05-07 19:49 - 2014-05-07 19:49 - 00000000 ___DC () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-05-07 19:47 - 2014-05-07 19:44 - 17305616 ____C (Malwarebytes Corporation ) C:\Users\admin\Desktop\mbam-setup-2.0.1.1004.exe 2014-05-07 19:46 - 2014-05-07 19:46 - 01316991 ____C () C:\Users\admin\Desktop\adwcleaner.exe 2014-05-07 19:44 - 2014-05-07 19:44 - 00001264 ____C () C:\Users\admin\Desktop\Revo Uninstaller.lnk 2014-05-07 19:44 - 2014-05-07 19:44 - 00000000 ___DC () C:\Program Files (x86)\VS Revo Group 2014-05-07 19:41 - 2014-05-07 19:40 - 02623656 ____C (VS Revo Group Ltd.) C:\Users\admin\Desktop\revosetup95.exe 2014-05-06 15:04 - 2014-05-06 15:04 - 00000000 __SDC () C:\Windows\system32\CompatTel 2014-05-06 15:04 - 2014-05-06 14:41 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2014-05-06 15:04 - 2014-05-06 14:41 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2014-05-06 14:59 - 2012-09-30 10:28 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\Spotify 2014-05-06 14:29 - 2012-09-30 10:31 - 00000000 ___DC () C:\Users\admin\AppData\Local\Spotify 2014-05-06 14:28 - 2014-05-06 14:26 - 02063872 ____C (Farbar) C:\Users\admin\Desktop\FRST64.exe 2014-05-04 18:34 - 2013-08-27 13:26 - 00068608 ____C (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys 2014-05-04 18:33 - 2014-05-04 18:33 - 00022016 ____C (G Data Software AG) C:\Windows\system32\Drivers\GDKBFlt64.sys 2014-05-04 18:33 - 2014-05-04 18:33 - 00001978 ____C () C:\Users\Public\Desktop\G Data InternetSecurity.lnk 2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___HC () C:\Windows\system32\Drivers\Msft_Kernel_GDKBFlt64_01007.Wdf 2014-05-04 18:33 - 2014-05-04 18:33 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\G Data InternetSecurity 2014-05-04 18:33 - 2013-08-27 13:25 - 00135168 ____C (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys 2014-05-04 18:33 - 2013-08-27 13:25 - 00065024 ____C (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys 2014-05-04 18:33 - 2013-08-27 13:25 - 00064000 ____C (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd64.sys 2014-05-04 18:33 - 2013-08-27 13:25 - 00057344 ____C (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys 2014-05-04 18:32 - 2012-07-11 15:45 - 00015006 ____C () C:\Windows\DPINST.LOG 2014-05-04 18:31 - 2013-08-27 13:18 - 00000000 ___DC () C:\ProgramData\G Data 2014-05-04 12:11 - 2014-05-04 12:11 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\DropboxMaster 2014-05-04 12:11 - 2013-10-03 12:40 - 00001017 ____C () C:\Users\admin\Desktop\Dropbox.lnk 2014-05-04 12:11 - 2013-10-03 12:34 - 00000000 ___DC () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2014-05-04 12:11 - 2012-07-11 15:28 - 00000000 __RDC () C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup 2014-05-02 15:04 - 2014-05-02 15:04 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2014-05-02 15:04 - 2014-05-02 15:04 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2014-05-02 15:04 - 2014-05-02 15:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2014-05-02 14:55 - 2012-09-10 18:51 - 00002356 ____C () C:\Users\admin\Desktop\Google Chrome.lnk 2014-04-29 17:21 - 2012-08-26 09:59 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2014-04-29 17:21 - 2012-07-11 16:40 - 00692400 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2014-04-29 17:21 - 2012-07-11 16:40 - 00070832 ____C (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2014-04-29 16:26 - 2009-07-14 05:20 - 00000000 _RHDC () C:\Users\Public\Libraries 2014-04-27 15:44 - 2009-07-14 04:34 - 00000603 ____C () C:\Windows\win.ini 2014-04-27 12:51 - 2012-07-12 16:54 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service 2014-04-25 18:42 - 2014-02-16 16:40 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox.bak 2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieUserList 2014-04-24 21:33 - 2014-04-24 21:33 - 00000000 _SHDC () C:\Users\admin\AppData\Local\EmieSiteList 2014-04-23 21:51 - 2014-04-23 21:51 - 00003118 ____C () C:\Windows\System32\Tasks\{21B6F604-8461-453F-BFD3-BE07AD712FDB} 2014-04-22 15:57 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache 2014-04-22 14:31 - 2009-07-14 05:20 - 00000000 ___DC () C:\Windows\PolicyDefinitions 2014-04-22 13:11 - 2014-04-22 13:04 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2014-04-22 13:11 - 2014-04-22 13:04 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2014-04-22 13:11 - 2014-04-22 13:03 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2014-04-22 13:11 - 2014-04-22 13:03 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2014-04-22 13:11 - 2014-04-22 13:03 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2014-04-22 13:11 - 2014-04-22 13:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2014-04-22 13:11 - 2014-04-22 13:02 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2014-04-22 13:11 - 2014-04-22 13:02 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2014-04-22 13:11 - 2014-04-22 13:02 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2014-04-22 13:11 - 2014-04-22 13:02 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2014-04-22 13:11 - 2014-04-22 13:02 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2014-04-22 11:50 - 2012-09-10 18:46 - 00001068 ____C () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3409214283-677167080-1938789171-1000Core.job 2014-04-19 23:59 - 2014-04-19 23:57 - 00282775 ____C () C:\Users\admin\Downloads\YouTube-Unblocker-055.crx 2014-04-19 15:17 - 2014-03-09 20:15 - 00000000 ___DC () C:\ProgramData\Oracle 2014-04-19 15:16 - 2014-04-19 15:15 - 00004224 ____C () C:\Windows\SysWOW64\jupdate-1.7.0_55-b14.log 2014-04-19 15:16 - 2012-07-21 14:20 - 00000000 ___DC () C:\Program Files (x86)\Java 2014-04-14 20:13 - 2014-04-19 15:16 - 00096168 ____C (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2014-04-14 20:05 - 2014-04-19 15:16 - 00264616 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe 2014-04-14 20:05 - 2014-04-19 15:16 - 00175528 ____C (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe 2014-04-14 20:04 - 2014-04-19 15:16 - 00175016 ____C (Oracle Corporation) C:\Windows\SysWOW64\java.exe 2014-04-10 19:33 - 2014-04-10 19:33 - 00106272 ____C (G Data Software) C:\Windows\system32\Drivers\GRD.sys 2014-04-10 19:33 - 2014-04-10 19:33 - 00019016 ____C (G Data Software) C:\Windows\system32\Drivers\GdPhyMem.sys 2014-04-09 23:17 - 2014-04-09 15:42 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys 2014-04-09 23:17 - 2014-04-09 15:42 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys 2014-04-09 23:17 - 2014-04-09 15:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll 2014-04-09 23:17 - 2014-04-09 15:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll 2014-04-09 23:17 - 2013-08-11 10:17 - 00000000 ___DC () C:\Windows\system32\MRT 2014-04-09 23:13 - 2014-04-09 15:42 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2014-04-09 23:13 - 2014-04-09 15:42 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2014-04-09 23:13 - 2014-04-09 15:42 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2014-04-09 23:13 - 2014-04-09 15:42 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2014-04-09 23:13 - 2012-07-11 17:03 - 90655440 ____C (Microsoft Corporation) C:\Windows\system32\MRT.exe 2014-04-09 23:12 - 2014-04-09 15:42 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys Some content of TEMP: ==================== C:\Users\admin\AppData\Local\Temp\abelssoft.setup.exe C:\Users\admin\AppData\Local\Temp\AskSLib.dll C:\Users\admin\AppData\Local\Temp\AutoRun.exe C:\Users\admin\AppData\Local\Temp\AutoRunGUI.dll C:\Users\admin\AppData\Local\Temp\Browser_Helper_Companion_DE.exe C:\Users\admin\AppData\Local\Temp\drm_dialogs.dll C:\Users\admin\AppData\Local\Temp\drm_dyndata_7390004.dll C:\Users\admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp3nav7d.dll C:\Users\admin\AppData\Local\Temp\First15.exe C:\Users\admin\AppData\Local\Temp\IMsetup.exe C:\Users\admin\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\jre-6u37-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\jre-6u39-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\jre-7u15-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\jre-7u55-windows-i586-iftw.exe C:\Users\admin\AppData\Local\Temp\mconduitinstaller.exe C:\Users\admin\AppData\Local\Temp\mgsqlite3.dll C:\Users\admin\AppData\Local\Temp\mism.exe C:\Users\admin\AppData\Local\Temp\nitro_reader3_64.exe C:\Users\admin\AppData\Local\Temp\Quarantine.exe C:\Users\admin\AppData\Local\Temp\SCC.dll C:\Users\admin\AppData\Local\Temp\SkypeSetup.exe C:\Users\admin\AppData\Local\Temp\sqlite3.dll C:\Users\admin\AppData\Local\Temp\TubeBoxSetup.exe C:\Users\admin\AppData\Local\Temp\VP6Install.exe C:\Users\admin\AppData\Local\Temp\VP6VFW.dll C:\Users\admin\AppData\Local\Temp\{415CB889-DB93-4371-AF25-073E3E4E4CEC}-28.0.1500.72_28.0.1500.71_chrome_updater.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-04-29 17:59 ==================== End Of Log ============================ |
|
09.05.2014, 15:59
| #6 |
| /// the machine /// TB-Ausbilder | MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus?ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? |
|
| Themen zu MegaBrowse.BrowserAdapter.exe vermehrt bei Virenscan aufgetreten: Virus? |
| andere, community, datei, dateien, eingefangen, gefangen, gen, häufiger, inter, interne, internet, kurze, leiten, liebe, lieben, megabrowse, namens, quarantäne, reich, scan, starke, vermehrt, virenscan, virus, virus?, werbung, wissen |
Linear-Darstellung
