Hallo zusammen,
gestern habe ich (mal wieder) meinen
ccleaner updaten wollen. Allerdings habe ich bei der Suche nach der .exe-datei etwa zu schnell durch die download-links geklickt, so das ich nun das dumpfe gefühl habe, dass dabei irgendwie spyware/adware mitinstalliert wurde.
Erstes Anzeichen war, dass sich auf dem desktop auf einmal zwei unseriöse link-verknüpfungen befanden (
goodgame-empire o.ä.).
Außerdem befand sich in meinem Browser ein Addon (glaube es hieß
pvsh oder so) - habe es aber direkt deinstalliert.
Darüber hinaus befindet sich unter C:\Program Files der Order PSHD-9.9. die uninstall.exe lässt sich nicht ausführen...
Für mich stinkt das ganze jedenfalls irgendwie. Nun habe ich die SuFu mal benutzt und bin auf diesen Thread von letzter woche gestoßen:
http://www.trojaner-board.de/153904-...g-win7-pc.html
Ich habe alle anweisungen bis einschl. zu diesem Schrit durchgeführt
Mittlerweile bin ich mir unsicher ob dieses Vorgehen überhaupt für meinen (Verdachts-)Fall angemessen ist. Daher habe ich hier erstmal aufgehört. hier sind die bisherigen Logs:
defogger_disable.log
Code:
Alles auswählen Aufklappen ATTFilter
Zitat:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 08:58 on 25/05/2014 (User)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt
Code:
Alles auswählen Aufklappen ATTFilter
Zitat:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:25-05-2014
Ran by User (administrator) on USER-PC on 25-05-2014 08:59:33
Running from C:\Users\User\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\sched.exe
(Acronis) C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
(Acronis) C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
( ) C:\Windows\System32\dlcxcoms.exe
() C:\Windows\System32\objsel32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
() C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
() C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe
(Acronis) C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
() C:\ProgramData\dlprotect.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe
(VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
() C:\Users\User\Desktop\Defogger.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [avgnt] => C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [689744 2014-03-17] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [dlcxmon.exe] => C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe [292336 2007-01-12] ()
HKLM\...\Run: [MemoryCardManager] => C:\Program Files\Dell Photo AIO Printer 926\memcard.exe [304008 2006-11-03] ()
HKLM\...\Run: [DLCXCATS] => C:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll [106496 2006-10-16] ()
HKLM\...\Run: [SAOB Monitor] => C:\Program Files\Acronis\TrueImageHome\OnlineBackupStandalone\TrueImageMonitor.exe [2571032 2011-09-22] (Acronis)
HKLM\...\Run: [TrueImageMonitor.exe] => C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [5587832 2011-09-22] (Acronis)
HKLM\...\Run: [Download Protect] => C:\ProgramData\dlprotect.exe [12800 2014-05-24] ()
HKU\S-1-5-21-2026598559-2449003554-1542008592-1000\...\Run: [NextLive] => C:\windows\system32\rundll32.exe "C:\Users\User\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
IFEO\ApnStub.exe: [Debugger] C:\windows\system32\svchost.exe
IFEO\ApnToolbarInstaller.exe: [Debugger] C:\windows\system32\svchost.exe
IFEO\avnotify.exe: [Debugger] C:\windows\system32\svchost.exe
IFEO\ipmgui.exe: [Debugger] C:\windows\system32\svchost.exe
Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.exe - Verknüpfung.lnk
ShortcutTarget: thunderbird.exe - Verknüpfung.lnk -> C:\Program Files\Mozilla Thunderbird\thunderbird.exe (Mozilla Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://home.microsoft.com/search/lobby/search.asp
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://home.microsoft.com/search/search.asp
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://home.microsoft.com/search/lobby/search.asp
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://aartemis.com/?type=sc&ts=1388427848&from=cor&uid=ST3250310AS_9RY1M7M9XXXX9RY1M7M9
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388427848&from=cor&uid=ST3250310AS_9RY1M7M9XXXX9RY1M7M9&q={searchTerms}
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.aartemis.com/web/?type=ds&ts=1388427848&from=cor&uid=ST3250310AS_9RY1M7M9XXXX9RY1M7M9&q={searchTerms}
SearchScopes: HKCU - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Winsock: Catalog9 01 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 02 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 03 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 04 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 05 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 06 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 07 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 08 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Winsock: Catalog9 19 C:\Program Files\Avira\AntiVir Desktop\avsda.dll [257608] (Avira Operations GmbH & Co. KG)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @staging.google.com/globalUpdate Update;version=10 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @staging.google.com/globalUpdate Update;version=4 - C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF user.js: detected! => C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\user.js
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\11-suche.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\crawlinet.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\dastelefonbuch.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\donnerwetter.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\englische-ergebnisse.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\enzyklo-de.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\gmx-suche.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\googlede-bildersuche.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\lastminute.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\webde-suche.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\wissende.xml
FF SearchPlugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\youtube-videosuche.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\ich@maltegoetz.de [2013-12-30]
FF Extension: My-Translator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\My-Translator@eugenche.com [2013-12-30]
FF Extension: Garmin Communicator - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-05-08]
FF Extension: Context Search RG - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\contextsearchRG@mozilla.org.xpi [2013-12-30]
FF Extension: Geocaching.com GPX Downloader - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\gpxdown@geocaching.com.xpi [2013-12-30]
FF Extension: InstantFox - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\searchy@searchy.xpi [2013-12-30]
FF Extension: Thumbnail Zoom Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\Extensions\thumbnailZoom@dadler.github.com.xpi [2014-01-11]
========================== Services (Whitelisted) =================
R2 AcrSch2Svc; C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe [805032 2011-09-22] (Acronis)
R2 afcdpsrv; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [3246040 2014-01-04] (Acronis)
R2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [440400 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 AntiVirWebService; C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE [1017424 2014-03-17] (Avira Operations GmbH & Co. KG)
R2 dlcx_device; C:\windows\system32\dlcxcoms.exe [532480 2006-10-11] ( )
S2 globalUpdate; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-24] (globalUpdate)
S3 globalUpdatem; C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [68608 2014-05-24] (globalUpdate)
R2 WerFauluSecure; C:\windows\system32\objsel32.exe [69632 2014-05-24] ()
==================== Drivers (Whitelisted) ====================
R2 avgntflt; C:\windows\System32\DRIVERS\avgntflt.sys [90400 2013-12-30] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\windows\System32\DRIVERS\avipbb.sys [135648 2013-12-30] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\windows\System32\DRIVERS\avkmgr.sys [37352 2013-12-30] (Avira Operations GmbH & Co. KG)
R0 BootDefragDriver; C:\windows\System32\drivers\BootDefragDriver.sys [16064 2014-05-14] (Glarysoft Ltd)
R3 e1express; C:\windows\System32\DRIVERS\e1e6232.sys [232312 2012-10-30] (Intel Corporation)
R0 GUBootStartup; C:\windows\System32\drivers\GUBootStartup.sys [17088 2014-05-24] (Glarysoft Ltd)
R1 ISODrive; C:\Program Files\UltraISO\drivers\ISODrive.sys [82320 2010-01-29] (EZB Systems, Inc.)
S3 pneteth; C:\windows\System32\DRIVERS\pneteth.sys [13440 2011-11-25] (June Fabrics Technology Inc.)
S3 pwdrvio; C:\windows\system32\pwdrvio.sys [15688 2013-09-30] ()
S3 pwdspio; C:\windows\system32\pwdspio.sys [10320 2013-09-30] ()
R1 ssmdrv; C:\windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH)
S3 ssudobex; C:\windows\System32\DRIVERS\ssudobex.sys [184192 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-25 08:59 - 2014-05-25 08:59 - 01055232 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-05-25 08:59 - 2014-05-25 08:59 - 00014064 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-25 08:59 - 2014-05-25 08:59 - 00000000 ____D () C:\FRST
2014-05-25 08:58 - 2014-05-25 08:58 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-25 08:58 - 2014-05-25 08:58 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-05-25 08:54 - 2014-05-25 08:54 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-24 12:46 - 2014-05-25 06:27 - 00000280 _____ () C:\windows\setupact.log
2014-05-24 12:46 - 2014-05-24 12:46 - 00005210 _____ () C:\windows\PFRO.log
2014-05-24 12:46 - 2014-05-24 12:46 - 00000000 _____ () C:\windows\setuperr.log
2014-05-24 12:30 - 2014-05-25 06:27 - 00000320 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2014-05-24 12:30 - 2014-05-24 12:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\DiskDefrag
2014-05-24 12:30 - 2014-05-24 12:42 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-05-24 12:30 - 2014-05-24 12:30 - 00017088 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys
2014-05-24 12:30 - 2014-05-24 12:30 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-24 12:30 - 2014-05-24 12:30 - 00001049 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-24 12:30 - 2014-05-24 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-24 12:30 - 2014-05-24 12:30 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-24 12:30 - 2014-05-14 10:39 - 00101664 _____ (Glarysoft Ltd) C:\windows\system32\BootDefrag.exe
2014-05-24 12:30 - 2014-05-14 09:02 - 00016064 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\BootDefragDriver.sys
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\dlg
2014-05-24 12:20 - 2014-05-24 12:20 - 00069632 _____ () C:\windows\system32\objsel32.exe
2014-05-24 12:20 - 2014-05-24 12:20 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-24 12:20 - 2014-05-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-24 12:18 - 2014-05-25 08:43 - 00000000 ____D () C:\Program Files\PSHD-9.9
2014-05-24 12:18 - 2014-05-25 06:27 - 00003430 _____ () C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-3.job
2014-05-24 12:18 - 2014-05-25 06:27 - 00002144 _____ () C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-4.job
2014-05-24 12:18 - 2014-05-25 06:27 - 00001440 _____ () C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5.job
2014-05-24 12:18 - 2014-05-25 06:27 - 00000896 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-24 12:18 - 2014-05-24 12:23 - 00000900 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-24 12:18 - 2014-05-24 12:18 - 00000000 ____D () C:\Users\User\AppData\Local\globalUpdate
2014-05-24 12:18 - 2014-05-24 12:18 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-24 08:59 - 2014-05-24 09:02 - 52280597 _____ () C:\Users\User\Downloads\Busty redhead bitch 4.mp4
2014-05-24 08:50 - 2014-05-24 09:02 - 113117728 _____ () C:\Users\User\Downloads\Big Nipples On BBW 3.mp4
2014-05-24 08:50 - 2014-05-24 08:59 - 93953114 _____ () C:\Users\User\Downloads\Doing.my.stepmom.2 part 3.mp4
2014-05-23 22:23 - 2014-05-23 22:25 - 36985769 _____ () C:\Users\User\Downloads\Resident Evil 5 - Badge of Honor Achievement_Trophy (All 30 BSAA Emblems)(360p_H.264-AAC).mp4
2014-05-23 20:41 - 2014-05-23 20:49 - 95194766 _____ () C:\Users\User\Downloads\caught-in-law mother-in-law for theft.mp4
2014-05-23 20:41 - 2014-05-23 20:46 - 45453306 _____ () C:\Users\User\Downloads\Mature blonde giving head.mp4
2014-05-22 18:32 - 2013-04-27 07:31 - 00000000 ____D () C:\Users\User\Downloads\Joel Mull - Tracks Of The Night EP (2013)
2014-05-22 07:28 - 2014-05-22 07:41 - 00000000 ____D () C:\Users\User\Downloads\Jesper Dahlback - Space Of Day EP
2014-05-22 07:27 - 2014-05-22 07:40 - 00000000 ____D () C:\Users\User\Downloads\Jesper Dahlback - Interpersonal Relationship (2011)
2014-05-22 07:26 - 2014-05-22 07:41 - 00000000 ____D () C:\Users\User\Downloads\Joel Mull - Sensory
2014-05-21 21:35 - 2014-05-22 06:43 - 23924447 _____ () C:\Users\User\Downloads\Perky butt Latina grinds on a hard cock.mp4
2014-05-21 05:53 - 2014-05-21 05:53 - 00000000 ____D () C:\Users\User\Downloads\Dustin_Zahn_and_Joel_Mull-Close_Your_Eyes_Remixes-(ENEMY013)-WEB-2010-XXW
2014-05-20 18:28 - 2014-05-20 18:33 - 12421977 _____ () C:\Users\User\Downloads\Blasenkatheter Frau(360p_H.264-AAC).mp4
2014-05-20 18:04 - 2014-05-20 18:04 - 00000000 ____D () C:\Users\User\Downloads\Dustin_Zahn_And_Joel_Mull_-_Close_Your_Eyes-(ENEMY012)-WEB-2010-HQEM
2014-05-20 06:02 - 2014-05-20 06:06 - 106110228 _____ () C:\Users\User\Desktop\Thunderbird_profil_April_2014.zip
2014-05-18 09:35 - 2014-05-18 09:35 - 43744930 _____ () C:\Users\User\Desktop\Firefox_profil_April_2014.zip
2014-05-18 09:29 - 2014-05-18 09:30 - 09623792 _____ () C:\Users\User\Downloads\[pro-apk.blogspot]gta3_14.APK.zip
2014-05-18 00:13 - 2014-05-18 06:59 - 448221459 _____ () C:\Users\User\Downloads\Busty.World.6.2206.mp4
2014-05-15 06:06 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-15 06:06 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-15 06:06 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-14 19:45 - 2014-05-17 07:18 - 00000000 ____D () C:\Users\User\Downloads\Jai Paul - Jai Paul (2013)
2014-05-14 16:20 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-14 16:20 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-14 16:20 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-14 16:20 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-14 16:20 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-14 16:20 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2014-05-14 16:20 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-14 16:20 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-14 16:20 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-14 16:20 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\windows\system32\ntkrnlpa.exe
2014-05-14 16:20 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-14 16:20 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-14 16:20 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\windows\system32\cngprovider.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\adprovider.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\windows\system32\capiprovider.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\windows\system32\dpapiprovider.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\windows\system32\wincredprovider.dll
2014-05-14 16:20 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-14 16:19 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-13 19:29 - 2014-05-13 19:29 - 00000000 ____D () C:\Users\User\Downloads\Buena Vista Social Club - Buena Vista Social Club (1997)
2014-05-13 19:28 - 2008-11-14 22:16 - 00000000 ____D () C:\Users\User\Downloads\Buena Vista Social Club - At Carnegie Hall
2014-05-13 19:21 - 2014-05-14 06:19 - 00000000 ____D () C:\Users\User\Downloads\VA - Buena Vista Social Club - Rhythms del Mundo (2006)
2014-05-13 19:19 - 2010-04-10 21:07 - 00000000 ____D () C:\Users\User\Downloads\Buena Vista Social Club - Rhythms del Mundo (2006)
2014-05-11 17:56 - 2014-05-11 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-08 18:18 - 2014-05-10 16:01 - 00000000 ____D () C:\Users\User\Downloads\The Feeling - Together We Were Made (2011)
2014-05-08 18:09 - 2014-05-10 16:01 - 00000000 ____D () C:\Users\User\Downloads\Róisín Murphy - Ruby Blue
2014-05-08 16:10 - 2014-05-08 16:11 - 00000000 ____D () C:\Users\User\Downloads\Bugz in the Attic - Got the Bugs 2
2014-05-06 21:31 - 2014-05-15 06:48 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-05 20:04 - 2014-05-05 20:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Garmin
2014-04-30 13:28 - 2014-04-30 13:28 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-04-30 13:28 - 2014-04-30 13:28 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-04-30 08:07 - 2014-04-30 17:09 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-29 09:13 - 2014-04-29 09:14 - 00000000 ____D () C:\Users\User\Downloads\Rusko & Cypress Hill- Cypress x Rusko (EP) (2012)
2014-04-28 05:28 - 2014-04-28 05:28 - 00000000 ____D () C:\Users\User\Downloads\L-Wiz - Ladda EP
2014-04-27 18:14 - 2009-06-23 06:45 - 00000000 ____D () C:\Users\User\Downloads\Rusko-Babylon_Vol_2-(SUBSOL006)-WEB-2009-wWs
2014-04-27 18:08 - 2014-05-07 17:32 - 00000000 ____D () C:\Users\User\Downloads\Caspa - Everybodys Talking Nobodys Listening (2009)
2014-04-27 17:58 - 2014-03-13 00:26 - 73400320 ___SH () C:\Users\User\Downloads\Thumbs.db
2014-04-26 09:01 - 2014-04-26 09:01 - 00004212 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-04-26 09:01 - 2014-04-26 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-26 09:01 - 2014-04-14 20:13 - 00094632 _____ (Oracle Corporation) C:\windows\system32\WindowsAccessBridge.dll
2014-04-26 09:01 - 2014-04-14 20:05 - 00264616 _____ (Oracle Corporation) C:\windows\system32\javaws.exe
2014-04-26 09:01 - 2014-04-14 20:05 - 00175528 _____ (Oracle Corporation) C:\windows\system32\javaw.exe
2014-04-26 09:01 - 2014-04-14 20:04 - 00175016 _____ (Oracle Corporation) C:\windows\system32\java.exe
==================== One Month Modified Files and Folders =======
2014-05-25 08:59 - 2014-05-25 08:59 - 01055232 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2014-05-25 08:59 - 2014-05-25 08:59 - 00014064 _____ () C:\Users\User\Desktop\FRST.txt
2014-05-25 08:59 - 2014-05-25 08:59 - 00000000 ____D () C:\FRST
2014-05-25 08:58 - 2014-05-25 08:58 - 00000470 _____ () C:\Users\User\Desktop\defogger_disable.log
2014-05-25 08:58 - 2014-05-25 08:58 - 00000000 _____ () C:\Users\User\defogger_reenable
2014-05-25 08:54 - 2014-05-25 08:54 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
2014-05-25 08:43 - 2014-05-24 12:18 - 00000000 ____D () C:\Program Files\PSHD-9.9
2014-05-25 08:27 - 2014-02-25 09:09 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-05-25 06:35 - 2009-07-14 06:34 - 00021664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-25 06:35 - 2009-07-14 06:34 - 00021664 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-25 06:33 - 2010-11-20 23:01 - 01618320 _____ () C:\windows\system32\PerfStringBackup.INI
2014-05-25 06:31 - 2010-11-20 22:58 - 01316119 _____ () C:\windows\WindowsUpdate.log
2014-05-25 06:27 - 2014-05-24 12:46 - 00000280 _____ () C:\windows\setupact.log
2014-05-25 06:27 - 2014-05-24 12:30 - 00000320 _____ () C:\windows\Tasks\GlaryInitialize 5.job
2014-05-25 06:27 - 2014-05-24 12:18 - 00003430 _____ () C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-3.job
2014-05-25 06:27 - 2014-05-24 12:18 - 00002144 _____ () C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-4.job
2014-05-25 06:27 - 2014-05-24 12:18 - 00001440 _____ () C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5.job
2014-05-25 06:27 - 2014-05-24 12:18 - 00000896 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
2014-05-25 06:27 - 2013-12-30 20:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\newnext.me
2014-05-25 06:27 - 2009-07-14 06:53 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-24 12:46 - 2014-05-24 12:46 - 00005210 _____ () C:\windows\PFRO.log
2014-05-24 12:46 - 2014-05-24 12:46 - 00000000 _____ () C:\windows\setuperr.log
2014-05-24 12:46 - 2014-05-24 12:30 - 00000000 ____D () C:\Users\User\AppData\Roaming\DiskDefrag
2014-05-24 12:42 - 2014-05-24 12:30 - 00000000 ____D () C:\Program Files\Glary Utilities 5
2014-05-24 12:40 - 2013-12-30 20:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-05-24 12:30 - 2014-05-24 12:30 - 00017088 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\GUBootStartup.sys
2014-05-24 12:30 - 2014-05-24 12:30 - 00001061 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-24 12:30 - 2014-05-24 12:30 - 00001049 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-24 12:30 - 2014-05-24 12:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-24 12:30 - 2014-05-24 12:30 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-24 12:30 - 2013-12-30 21:01 - 00000000 ____D () C:\Users\User\AppData\Roaming\GlarySoft
2014-05-24 12:30 - 2013-12-30 20:20 - 00000000 ____D () C:\Program Files\Glary Utilities
2014-05-24 12:23 - 2014-05-24 12:18 - 00000900 _____ () C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
2014-05-24 12:21 - 2014-05-24 12:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\dlg
2014-05-24 12:20 - 2014-05-24 12:20 - 00069632 _____ () C:\windows\system32\objsel32.exe
2014-05-24 12:20 - 2014-05-24 12:20 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-05-24 12:20 - 2014-05-24 12:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-05-24 12:20 - 2013-12-30 20:19 - 00000000 ____D () C:\Program Files\CCleaner
2014-05-24 12:18 - 2014-05-24 12:18 - 00000000 ____D () C:\Users\User\AppData\Local\globalUpdate
2014-05-24 12:18 - 2014-05-24 12:18 - 00000000 ____D () C:\Program Files\globalUpdate
2014-05-24 09:02 - 2014-05-24 08:59 - 52280597 _____ () C:\Users\User\Downloads\Busty redhead bitch 4.mp4
2014-05-24 09:02 - 2014-05-24 08:50 - 113117728 _____ () C:\Users\User\Downloads\Big Nipples On BBW 3.mp4
2014-05-24 08:59 - 2014-05-24 08:50 - 93953114 _____ () C:\Users\User\Downloads\Doing.my.stepmom.2 part 3.mp4
2014-05-24 08:22 - 2013-12-30 20:24 - 00000000 ____D () C:\Program Files\JDownloader
2014-05-23 22:25 - 2014-05-23 22:23 - 36985769 _____ () C:\Users\User\Downloads\Resident Evil 5 - Badge of Honor Achievement_Trophy (All 30 BSAA Emblems)(360p_H.264-AAC).mp4
2014-05-23 20:49 - 2014-05-23 20:41 - 95194766 _____ () C:\Users\User\Downloads\caught-in-law mother-in-law for theft.mp4
2014-05-23 20:46 - 2014-05-23 20:41 - 45453306 _____ () C:\Users\User\Downloads\Mature blonde giving head.mp4
2014-05-22 07:41 - 2014-05-22 07:28 - 00000000 ____D () C:\Users\User\Downloads\Jesper Dahlback - Space Of Day EP
2014-05-22 07:41 - 2014-05-22 07:26 - 00000000 ____D () C:\Users\User\Downloads\Joel Mull - Sensory
2014-05-22 07:40 - 2014-05-22 07:27 - 00000000 ____D () C:\Users\User\Downloads\Jesper Dahlback - Interpersonal Relationship (2011)
2014-05-22 06:43 - 2014-05-21 21:35 - 23924447 _____ () C:\Users\User\Downloads\Perky butt Latina grinds on a hard cock.mp4
2014-05-21 05:53 - 2014-05-21 05:53 - 00000000 ____D () C:\Users\User\Downloads\Dustin_Zahn_and_Joel_Mull-Close_Your_Eyes_Remixes-(ENEMY013)-WEB-2010-XXW
2014-05-20 18:33 - 2014-05-20 18:28 - 12421977 _____ () C:\Users\User\Downloads\Blasenkatheter Frau(360p_H.264-AAC).mp4
2014-05-20 18:04 - 2014-05-20 18:04 - 00000000 ____D () C:\Users\User\Downloads\Dustin_Zahn_And_Joel_Mull_-_Close_Your_Eyes-(ENEMY012)-WEB-2010-HQEM
2014-05-20 06:06 - 2014-05-20 06:02 - 106110228 _____ () C:\Users\User\Desktop\Thunderbird_profil_April_2014.zip
2014-05-18 09:35 - 2014-05-18 09:35 - 43744930 _____ () C:\Users\User\Desktop\Firefox_profil_April_2014.zip
2014-05-18 09:30 - 2014-05-18 09:29 - 09623792 _____ () C:\Users\User\Downloads\[pro-apk.blogspot]gta3_14.APK.zip
2014-05-18 06:59 - 2014-05-18 00:13 - 448221459 _____ () C:\Users\User\Downloads\Busty.World.6.2206.mp4
2014-05-17 07:18 - 2014-05-14 19:45 - 00000000 ____D () C:\Users\User\Downloads\Jai Paul - Jai Paul (2013)
2014-05-16 19:51 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\rescache
2014-05-16 19:33 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\Microsoft.NET
2014-05-15 06:48 - 2014-05-06 21:31 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-05-15 06:48 - 2009-07-14 04:37 - 00000000 ____D () C:\windows\system32\de-DE
2014-05-15 06:27 - 2013-12-19 17:32 - 00692400 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerApp.exe
2014-05-15 06:27 - 2013-12-19 17:32 - 00070832 _____ (Adobe Systems Incorporated) C:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-15 06:10 - 2013-12-30 18:59 - 00000000 ____D () C:\windows\system32\MRT
2014-05-15 06:09 - 2013-12-30 18:59 - 90547776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-14 10:39 - 2014-05-24 12:30 - 00101664 _____ (Glarysoft Ltd) C:\windows\system32\BootDefrag.exe
2014-05-14 09:02 - 2014-05-24 12:30 - 00016064 _____ (Glarysoft Ltd) C:\windows\system32\Drivers\BootDefragDriver.sys
2014-05-14 06:19 - 2014-05-13 19:21 - 00000000 ____D () C:\Users\User\Downloads\VA - Buena Vista Social Club - Rhythms del Mundo (2006)
2014-05-13 19:29 - 2014-05-13 19:29 - 00000000 ____D () C:\Users\User\Downloads\Buena Vista Social Club - Buena Vista Social Club (1997)
2014-05-12 06:25 - 2014-01-02 15:14 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-11 17:56 - 2014-05-11 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-10 16:01 - 2014-05-08 18:18 - 00000000 ____D () C:\Users\User\Downloads\The Feeling - Together We Were Made (2011)
2014-05-10 16:01 - 2014-05-08 18:09 - 00000000 ____D () C:\Users\User\Downloads\Róisín Murphy - Ruby Blue
2014-05-09 09:06 - 2014-05-14 16:20 - 00369664 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 16:20 - 00302592 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-05-08 16:11 - 2014-05-08 16:10 - 00000000 ____D () C:\Users\User\Downloads\Bugz in the Attic - Got the Bugs 2
2014-05-07 17:32 - 2014-04-27 18:08 - 00000000 ____D () C:\Users\User\Downloads\Caspa - Everybodys Talking Nobodys Listening (2009)
2014-05-06 05:25 - 2014-05-15 06:06 - 17382912 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 06:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 06:06 - 00069632 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:04 - 2014-05-05 20:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\Garmin
2014-05-05 07:44 - 2013-12-30 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-05-03 12:16 - 2009-07-14 06:53 - 00032640 _____ () C:\windows\Tasks\SCHEDLGU.TXT
2014-04-30 17:09 - 2014-04-30 08:07 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-30 13:28 - 2014-04-30 13:28 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-04-30 13:28 - 2014-04-30 13:28 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-04-29 09:14 - 2014-04-29 09:13 - 00000000 ____D () C:\Users\User\Downloads\Rusko & Cypress Hill- Cypress x Rusko (EP) (2012)
2014-04-28 16:05 - 2013-12-19 17:41 - 00182224 _____ () C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-28 16:05 - 2009-07-14 06:33 - 00528560 _____ () C:\windows\system32\FNTCACHE.DAT
2014-04-28 05:28 - 2014-04-28 05:28 - 00000000 ____D () C:\Users\User\Downloads\L-Wiz - Ladda EP
2014-04-26 09:01 - 2014-04-26 09:01 - 00004212 _____ () C:\windows\system32\jupdate-1.7.0_55-b14.log
2014-04-26 09:01 - 2014-04-26 09:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-04-26 09:01 - 2014-01-23 15:52 - 00000000 ____D () C:\ProgramData\Oracle
2014-04-26 09:01 - 2013-12-19 17:33 - 00000000 ____D () C:\Program Files\Java
Files to move or delete:
====================
C:\ProgramData\dlprotect.exe
Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\avgnt.exe
C:\Users\User\AppData\Local\Temp\ca_CD8B.tmp.dll
==================== Bamital & volsnap Check =================
C:\windows\explorer.exe => MD5 is legit
C:\windows\system32\winlogon.exe
[2014-05-14 16:20] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67
C:\windows\system32\wininit.exe => MD5 is legit
C:\windows\system32\svchost.exe => MD5 is legit
C:\windows\system32\services.exe => MD5 is legit
C:\windows\system32\User32.dll => MD5 is legit
C:\windows\system32\userinit.exe => MD5 is legit
C:\windows\system32\rpcss.dll => MD5 is legit
C:\windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-21 17:29
==================== End Of Log ============================
Addition.txt
Code:
Alles auswählen Aufklappen ATTFilter
Zitat:
Additional scan result of Farbar Recovery Scan Tool (x86) Version:25-05-2014
Ran by User at 2014-05-25 08:59:54
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
7-Zip 9.20 (HKLM\...\7-Zip) (Version: - )
Acronis*True*Image*Home 2011 (HKLM\...\{04A3A6B0-8E19-49BB-82FF-65C5A55F917D}) (Version: 14.0.6942 - Acronis)
Adobe Flash Player 13 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Advanced Renamer (HKLM\...\Advanced Renamer_is1) (Version: 3.60 - Hulubulu Software)
Ashampoo Burning Studio 2013 v.11.0.6 (HKLM\...\{91B33C97-0FBA-74AE-E802-D782F5C8AA89}_is1) (Version: 11.0.6 - Ashampoo GmbH & Co. KG)
Audiograbber 1.83 SE (HKLM\...\Audiograbber) (Version: 1.83 SE - Audiograbber Deutschland)
Audiograbber MP3-Plugin (HKLM\...\Audiograbber-Lame) (Version: 1.0 - AG)
Avira Free Antivirus (HKLM\...\Avira AntiVir Desktop) (Version: 14.0.3.350 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.14 - Piriform)
Compatibility Pack für 2007 Office System (HKLM\...\{90120000-0020-0407-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Dell Photo AIO Printer 926 (HKLM\...\Dell Photo AIO Printer 926) (Version: - Dell, Inc.)
Dir-It! (HKLM\...\{E3ED49BB-0544-4844-B296-6A0CB28E7BE3}) (Version: 4.02.0000 - Wirth IT Design)
ElsterFormular (HKLM\...\ElsterFormular) (Version: 15.0.13587 - Landesfinanzdirektion Thüringen)
Foxit Reader (HKLM\...\Foxit Reader_is1) (Version: 6.1.2.1224 - Foxit Corporation)
Glary Utilities 5.0 (HKLM\...\Glary Utilities 5) (Version: 5.0.0.1 - Glarysoft Ltd)
Google Update Helper (Version: 1.3.25.0 - Google Inc.) Hidden
Java 7 Update 55 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Lenovo Patch Utility (HKLM\...\{6E6E7725-C7BC-4C39-8B3F-14B67331A120}) (Version: 1.3.0.9 - Lenovo Group Limited)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft-Maus- und Tastatur-Center (Version: 2.2.173.0 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
PhonerLite 2.14 (HKLM\...\PhonerLite_is1) (Version: 2.14 - Heiko Sommerfeldt)
UltraISO Premium V9.52 (HKLM\...\UltraISO_is1) (Version: - )
VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows-Treiberpaket - Intel (e1express) Net (10/30/2012 9.16.10.0) (HKLM\...\5E259EAF5A9B16AA8E09AB2699AEAB55104108BB) (Version: 10/30/2012 9.16.10.0 - Intel)
Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) (HKLM\...\5E90ABBAF1CF9FE23A9EE674FDDE5E1DEC23246B) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel hdc (10/05/2012 9.1.9.1002) (HKLM\...\7463A29CBD793917BEEB1D1EDFCECFF7A54FDA34) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\1AF5F143058CA8C5C954BD408C48232FAF21A69F) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\2528966896853AC8DEC09D148A501604155972BD) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel System (10/05/2012 9.1.9.1002) (HKLM\...\8A2EF7D7A858B40014EB296EFBEA8CA1CB929923) (Version: 10/05/2012 9.1.9.1002 - Intel)
Windows-Treiberpaket - Intel USB (10/05/2012 9.1.9.1002) (HKLM\...\48EC18D43DCBA26BDC1D4FFB660F86792AB475D2) (Version: 10/05/2012 9.1.9.1002 - Intel)
WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
==================== Restore Points =========================
26-04-2014 07:00:42 Installed Java 7 Update 55
04-05-2014 16:56:13 Windows Update
06-05-2014 19:30:52 Windows Update
15-05-2014 04:05:53 Windows Update
22-05-2014 05:14:56 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {03971848-30B5-4013-B50B-526D667DA1E7} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {13B12D6C-47DE-4D91-B52B-1C8A9D3E2E1A} - System32\Tasks\Adobe Flash Player Updater => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-15] (Adobe Systems Incorporated)
Task: {21784AE3-CDE5-4D32-B0EE-16CA513477A9} - System32\Tasks\GlaryInitialize 5 => C:\Program Files\Glary Utilities 5\Initialize.exe [2014-05-14] (Glarysoft Ltd)
Task: {331865A0-934C-4D97-B83F-DAF5A2DEC1D3} - System32\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5 => C:\Program Files\PSHD-9.9\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5.exe [2014-05-24] (PlusVHD)
Task: {5EAF44F8-5B30-4FF4-BAF8-C6959F22920D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {689E4DD1-5ACA-4999-BC0A-72FFEB9D2DFF} - System32\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-4 => C:\Program Files\PSHD-9.9\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-4.exe
Task: {765D02F0-31D3-405F-9813-6259D6FC522F} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {784819B2-73A1-4BE8-BC12-B10357BDEA36} - System32\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-3 => C:\Program Files\PSHD-9.9\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-3.exe
Task: {89C99468-C213-435B-A5BB-C8C3405A98F7} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {9FC2ACB0-139E-43BA-A4C6-888B5816412A} - System32\Tasks\GU5SkipUAC => C:\Program Files\Glary Utilities 5\Integrator.exe [2014-05-14] (Glarysoft Ltd)
Task: {A45F0150-BF7D-453D-95F1-DEF6951FDD76} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {B28D1B16-F8BB-4FF4-9DEA-ABD00311F833} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-05-20] (Piriform Ltd)
Task: {B67F1876-8C78-4E25-B6E6-560508522B13} - System32\Tasks\globalUpdateUpdateTaskMachineCore => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-24] (globalUpdate) <==== ATTENTION
Task: {CEA7AA0E-F682-4FE8-9C77-0A1B0DC1A76E} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {E2F35939-61AC-436C-9C47-2997EFD35DCE} - System32\Tasks\globalUpdateUpdateTaskMachineUA => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe [2014-05-24] (globalUpdate) <==== ATTENTION
Task: C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-3.job => C:\Program Files\PSHD-9.9\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-3.exe
Task: C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-4.job => C:\Program Files\PSHD-9.9\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-4.exe
Task: C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5.job => C:\Program Files\PSHD-9.9\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GlaryInitialize 5.job => C:\Program Files\Glary Utilities 5\Initialize.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job => C:\Program Files\globalUpdate\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-12-31 16:42 - 2006-10-20 01:33 - 00117760 _____ () C:\windows\system32\spool\PRTPROCS\W32X86\dlcxdrpp.dll
2013-12-19 17:35 - 2013-07-31 21:54 - 00394824 _____ () C:\Program Files\Avira\AntiVir Desktop\sqlite3.dll
2006-08-08 16:58 - 2006-08-08 16:58 - 00692224 _____ () C:\windows\system32\dlcxdrs.dll
2006-09-06 07:13 - 2006-09-06 07:13 - 00073728 _____ () C:\windows\system32\dlcxcfg.dll
2006-09-22 08:42 - 2006-09-22 08:42 - 00065536 _____ () C:\windows\system32\dlcxcaps.dll
2006-03-19 20:03 - 2006-03-19 20:03 - 00061440 _____ () C:\windows\system32\dlcxcnv4.dll
2014-05-24 12:20 - 2014-05-24 12:20 - 00069632 _____ () C:\windows\system32\objsel32.exe
2013-12-30 22:24 - 2005-10-07 16:05 - 00125440 _____ () C:\Program Files\WinRAR\rarext.dll
2013-12-31 16:42 - 2007-01-12 12:57 - 00292336 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
2013-12-31 16:42 - 2006-08-08 15:54 - 00278528 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxscw.dll
2013-12-31 16:42 - 2006-09-06 06:13 - 00073728 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxcfg.dll
2013-12-31 16:42 - 2006-03-14 17:38 - 00143360 _____ () C:\Program Files\Dell Photo AIO Printer 926\dlcxdrec.dll
2013-12-31 16:42 - 2006-11-03 18:04 - 00304008 _____ () C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
2013-12-31 16:42 - 2006-08-10 10:15 - 00139264 _____ () C:\Program Files\Dell Photo AIO Printer 926\memcard.dll
2011-09-22 23:20 - 2011-09-22 23:20 - 11233136 _____ () C:\Program Files\Acronis\TrueImageHome\Common\ti_managers.dll
2014-05-24 12:20 - 2014-05-24 12:20 - 00012800 _____ () C:\ProgramData\dlprotect.exe
2014-04-30 08:07 - 2014-04-30 08:07 - 03019888 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-04-30 08:07 - 2014-04-30 08:07 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-04-30 08:07 - 2014-04-30 08:07 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2013-12-30 20:01 - 2012-11-21 07:26 - 00008704 _____ () C:\Users\User\AppData\Roaming\Thunderbird\Profiles\f33bp6nj.default\extensions\mintrayr@tn123.ath.cx\lib\tray_x86-msvc.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00113171 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 02396179 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00268307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00066579 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00046611 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libaudioscrobbler_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 02021395 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00100371 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00240659 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00076307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00045587 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00060947 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00531475 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00708627 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00114195 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00040467 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00133139 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01512467 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00296979 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01248787 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00054291 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 11148307 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00036371 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00383507 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00118803 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00189971 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00091667 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00067603 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libasf_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00077331 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libflacsys_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libes_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00336403 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00016403 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\librawvideo_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00146451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00733203 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00015891 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_flac_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00030739 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_dirac_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mlp_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00063507 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4audio_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00036883 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_vc1_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libsvcdsub_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpeg4video_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00024595 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_mpegvideo_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcvdsub_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00064531 _____ () C:\Program Files\VideoLAN\VLC\plugins\packetizer\libpacketizer_h264_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00291859 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 01280019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00344595 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00198675 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00027155 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 01371667 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 00013843 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00130579 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00168979 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00058899 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01496083 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00013331 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00116755 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_http_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00072211 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_mms_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00074259 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpc_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00016403 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libtta_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnuv_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00021523 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libwav_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00929299 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsid_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00144403 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libogg_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 01194003 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdirac_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00675347 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblive555_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libsmf_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libpva_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libxa_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libaiff_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libvoc_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00015891 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libau_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00417811 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libgme_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\librawvid_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00023059 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libimage_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnsv_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00524819 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmod_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00127507 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libts_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00037907 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libps_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00034835 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libty_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmjpeg_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00016403 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\librawdv_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00050195 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libnsc_plugin.dll
2014-02-05 03:31 - 2014-02-05 03:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libdemux_cdg_plugin.dll
2014-02-05 03:32 - 2014-02-05 03:32 - 10396179 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
2014-05-11 17:56 - 2014-05-11 17:56 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-15 06:27 - 2014-05-15 06:27 - 16361136 _____ () C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll
2014-05-25 08:54 - 2014-05-25 08:54 - 00050477 _____ () C:\Users\User\Desktop\Defogger.exe
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files\Glary Utilities 5\StartupManager.exe" -delayrun
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/25/2014 06:28:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 08:33:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 00:47:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: Der Index kann nicht initialisiert werden.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Die Anwendung kann nicht initialisiert werden.
Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Das Gatherer-Objekt kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.TripoliIndexer> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Error: (05/24/2014 00:47:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Plug-In in <Search.JetPropStore> kann nicht initialisiert werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Die Eigenschaftenspeicherdaten können von Windows Search nicht geladen werden.
Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/24/2014 00:47:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: Windows Search wird aufgrund eines Problems bei der Indizierung The catalog is corrupt beendet.
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
System errors:
=============
Error: (05/25/2014 06:27:02 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/25/2014 06:27:02 AM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/25/2014 00:17:45 AM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/24/2014 08:31:43 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/24/2014 08:31:43 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/24/2014 00:47:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (05/24/2014 00:47:19 PM) (Source: Service Control Manager) (EventID: 7024) (User: )
Description: Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem Fehler beendet: %%-1073473535.
Error: (05/24/2014 00:46:36 PM) (Source: atikmdag) (EventID: 10261) (User: )
Description: Display is not active
Error: (05/24/2014 00:46:36 PM) (Source: atikmdag) (EventID: 19468) (User: )
Description: CPLIB :: General - Invalid Parameter
Error: (05/24/2014 00:26:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Update raving reyven" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 5000 Millisekunden durchgeführt: Neustart des Diensts.
Microsoft Office Sessions:
=========================
Error: (05/25/2014 06:28:52 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 08:33:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 00:47:39 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: Kontext: Windows Anwendung
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Error: (05/24/2014 00:47:19 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Element nicht gefunden. (HRESULT : 0x80070490) (0x80070490)
Search.TripoliIndexer
Error: (05/24/2014 00:47:18 PM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
Search.JetPropStore
Error: (05/24/2014 00:47:18 PM) (Source: Windows Search Service) (EventID: 9002) (User: )
Description: Kontext: Windows Anwendung, SystemIndex Katalog
Details:
Die Inhaltsindexdatenbank ist fehlerhaft. (HRESULT : 0xc0041800) (0xc0041800)
Error: (05/24/2014 00:47:18 PM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description:
Details:
Der Inhaltsindexkatalog ist fehlerhaft. (HRESULT : 0xc0041801) (0xc0041801)
The catalog is corrupt
==================== Memory info ===========================
Percentage of memory in use: 42%
Total physical RAM: 3045.3 MB
Available physical RAM: 1761.42 MB
Total Pagefile: 6088.89 MB
Available Pagefile: 4633.34 MB
Total Virtual: 2047.88 MB
Available Virtual: 1883.36 MB
==================== Drives ================================
Drive c: (WINDOWS) (Fixed) (Total:232.88 GB) (Free:199.64 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (Volume) (Fixed) (Total:465.76 GB) (Free:311.07 GB) NTFS
Drive j: (MUSIK DRIVE) (Fixed) (Total:465.76 GB) (Free:9.39 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: A87AF079)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: 72577C73)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
========================================================
Disk: 3 (Size: 466 GB) (Disk ID: 1EC4F116)
Partition 1: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Gmer.log
Code:
Alles auswählen Aufklappen ATTFilter
Zitat:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-25 09:45:10
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-2 ST3250310AS rev.3.AAB 232,89GB
Running: Gmer-19357.exe; Driver: C:\Users\User\AppData\Local\Temp\kxtdapob.sys
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 142D 82C56A15 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C90212 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\windows\system32\DRIVERS\atikmdag.sys section is writeable [0x90A14000, 0x2D5378, 0xE8000020]
---- Devices - GMER 2.1 ----
Device Ntfs.sys
AttachedDevice tdrpm273.sys
Device fastfat.SYS
Device volmgr.sys
AttachedDevice fltmgr.sys
Device usbhub.sys
Device usbccgp.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update@NextDetectionTime 2014-05-25 07:24:03
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Detect@LastError 0
Reg HKLM\SOFTWARE\Microsoft\Windows Media Player NSS\3.0\Servers\A575E07C-DC0D-4F3D-95DF-E408C9D852FA@IPAddress 127.0.0.1
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{F248E3B7-68BF-11E3-AC5B-806E6F6E6963} 1070291472
Reg HKLM\SOFTWARE\Microsoft\Windows Search\UsnNotifier\Windows\Catalogs\SystemIndex@{5F2B0E28-7A12-11E3-8FAE-806E6F6E6963} 27300504
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
AdwCleaner[S0].txt
Code:
Alles auswählen Aufklappen ATTFilter
Zitat:
# AdwCleaner v3.210 - Bericht erstellt am 25/05/2014 um 10:25:18
# Aktualisiert 19/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : User - USER-PC
# Gestartet von : C:\Users\User\Desktop\adwcleaner_3.210.exe
# Option : Löschen
***** [ Dienste ] *****
[#] Dienst Gelöscht : globalUpdate
[#] Dienst Gelöscht : globalUpdatem
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\Local\genienext
Ordner Gelöscht : C:\Users\User\AppData\Local\globalUpdate
Ordner Gelöscht : C:\Users\User\AppData\Local\Mobogenie
Datei Gelöscht : C:\Users\User\daemonprocess.txt
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\invalidprefs.js
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\searchplugins\11-suche.xml
Datei Gelöscht : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\user.js
Datei Gelöscht : C:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
Datei Gelöscht : C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineCore
Datei Gelöscht : C:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
Datei Gelöscht : C:\windows\System32\Tasks\globalUpdateUpdateTaskMachineUA
Datei Gelöscht : C:\windows\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5.job
Datei Gelöscht : C:\windows\System32\Tasks\12eaeb93-a8d7-4dbb-a171-bdc6ec0c44ba-5
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B67F1876-8C78-4E25-B6E6-560508522B13}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B67F1876-8C78-4E25-B6E6-560508522B13}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E2F35939-61AC-436C-9C47-2997EFD35DCE}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E2F35939-61AC-436C-9C47-2997EFD35DCE}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{331865A0-934C-4D97-B83F-DAF5A2DEC1D3}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{331865A0-934C-4D97-B83F-DAF5A2DEC1D3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\aartemisSoftware
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\installedbrowserextensions
Schlüssel Gelöscht : HKLM\Software\supWPM
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\7wjypu23.default\prefs.js ]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "1462dbfad9db1a286104a201f5fee8ec");
Zeile gelöscht : user_pref("extensions.facemoods.aflt", "_#ddrnw");
Zeile gelöscht : user_pref("extensions.facemoods.firstRun", false);
Zeile gelöscht : user_pref("extensions.facemoods.lastActv", "24");
Zeile gelöscht : user_pref("extensions.likethepage.addit.remoteInstallItems", "{ \"software\": {\"78\": {\"id\": \"78\",\"title\": \"Ciuvo\",\"type\": \"XPI\",\"url\": \"hxxps://addons.mozilla.org/firefox/downloads/la[...]
Zeile gelöscht : user_pref("extensions.wrc.SearchRules.rambler.ru.style", ".WRCN {display:none} .search-results .title + .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");
*************************
AdwCleaner[R0].txt - [4123 octets] - [25/05/2014 10:21:50]
AdwCleaner[R1].txt - [4183 octets] - [25/05/2014 10:23:29]
AdwCleaner[S0].txt - [4136 octets] - [25/05/2014 10:25:18]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4196 octets] ##########
JRT.txt
Code:
Alles auswählen Aufklappen ATTFilter
Zitat:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.3 (03.23.2014:1)
OS: Windows 7 Home Premium x86
Ran by User on 25.05.2014 at 10:33:55,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\7wjypu23.default\extensions\searchy@searchy.xpi
Emptied folder: C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\7wjypu23.default\minidumps [520 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25.05.2014 at 10:36:14,72
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Der Order PSHD-9.9 ist mittlerweile scheinbar verschwunden. Nachdem ich die o.g. Tools ausgeführt habe, hat sich die benutzerfläche meines browser optisch verändert.
Woher weiß ich nun ob mein System nun frei von Spy- bzw. Adware ist?
25.05.2014, 09:50
Malwarebytes Anti-Malware 
AdwCleaner auf deinen Desktop.
SecurityCheck und:
WARNUNG an die MITLESER: 
Linear-Darstellung
