|
Log-Analyse und Auswertung: Supra Savings im FirefoxWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
05.07.2014, 21:36 | #1 |
| Supra Savings im Firefox und sehr lahme Ladezeiten von z.B. Wetter-Seiten. Aber auch insgesamt sind auf dem Laptop alle Programmstarts sehr langsam. Wie in anderne Foren angegeben habe ich das Programm Supra Savings zwar in WIN8 deinstalliert, aber das hat gar nichts geändert. Im Gegenteil habe ich den Eindruck, da seien Programme dazu gekommen. Ich bin auf Eure Seite gekommen, weil ich zur Behebung des Supra Savings das Programm STOPzilla empfohlen bekam, was mir Laien aber unüberschaubar reagierte und beim ersten Start eine Bedrohung durch eine xmkysecqun64.exe erkannte. Dadurch habe ich einen Eurer tollen Beratungsthreads gefunden!! Also jetzt habe ich STOPzilla wieder deinstalliert und dafür defogger und frst ausgführt (siehe Anhänge). Aber GMER funktionierte nicht, da es wohl von einer WIN8 App abgegriffen wurde, die eine Bedrohung erkannte und automatisch den PC herunterfuhr :-((((( Leute, ich hoffe, Ihr könnt mir aus diesem Schlamassel heraushelfen ....!! Gruß Kim P.S. ich bin nicht sehr erfahren im Abarbeiten der ganzen Vorbereitungen, hoffe aber alle erforderlichen Informationen bereitgestellt zu haben. Ansonsten bitte um Mitteilung, was fehlt und ggfls. wie ich das liefern kann... Hier addition.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by ### (administrator) on ###### on 05-07-2014 20:59:16 Running from C:\Users\###\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Thermaltake) C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.) HKLM-x32\...\Run: [Tt eSPORTS BLACK Gaming Mouse] => C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe [105864 2012-08-10] (Thermaltake) HKLM-x32\...\Run: [AVMFBoxMonitor] => C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Lite\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3410272128-3850883635-1020607561-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () BootExecute: autocheck autochk * sdnclean64.exe GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - DefaultScope {9B62A7FA-C373-4BF4-BCA6-12C03F49BB1A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {9B62A7FA-C373-4BF4-BCA6-12C03F49BB1A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M3D6AB86D-DF50-4066-8CD4-43434B9052EF&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPB7CBB68B-550A-4643-AF69-91C9F7CA5C79 FF Homepage: leer FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF SearchPlugin: C:\Users\#####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\######\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\googlemaps.xml FF SearchPlugin: C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\ixquick-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23] FF Extension: Flashblock - C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-09-23] FF Extension: DownloadHelper - C:\Users\#####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: AutoGroup - C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\akimkin_denis@mail.ru.xpi [2014-04-21] FF Extension: FlashStopper - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\flashstopper@byo.co.il.xpi [2014-04-21] FF Extension: Image and Flash Blocker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\imgflashblocker@shimon.chohen.xpi [2013-09-23] FF Extension: media menu - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid0-X4tVYTsgT60azyHVye1faT8MjIA@jetpack.xpi [2014-04-21] FF Extension: YouTube Control Center - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid1-CikLKKPVkw6ipw@jetpack.xpi [2014-04-21] FF Extension: Media Sniffer - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\MediaSniffer@hiyoko.info.xpi [2014-04-21] FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\multirevenue@googlemail.com.xpi [2014-04-21] FF Extension: SmartVideo For YouTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\mytube@ashishmishra.in.xpi [2014-04-21] FF Extension: Niederschlagsradar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\niederschlagsradar@sensiva.net.xpi [2014-06-10] FF Extension: S3.Download Statusbar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\s3download@statusbar.xpi [2014-02-13] FF Extension: Search Tab - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\searchtab@pratikpoddar.xpi [2013-12-13] FF Extension: Secure Login - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\secureLogin@blueimp.net.xpi [2013-09-21] FF Extension: StopTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\stoptube@kashiif.com.xpi [2013-09-23] FF Extension: SuperStop - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\superstop@gavinsharp.com.xpi [2013-09-23] FF Extension: Todoist - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\support@todoist.com.xpi [2013-10-15] FF Extension: Session Manager - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-21] FF Extension: ScrapBook - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-01-04] FF Extension: Web Marker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{5755466A-DB04-11DA-A2DD-0E545D5EE2F7}.xpi [2014-03-09] FF Extension: NoScript - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-21] FF Extension: Flash Block - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2013-09-23] FF Extension: Adblock Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21] FF Extension: Tab Mix Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-12-26] ==================== Services (Whitelisted) ================= R2 CVPND; C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 TipCtrl; C:\Program Files (x86)\uTIPu\TipCtrl.exe [314504 2009-02-03] (Utipu inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) S2 SupraSavingsService64; C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe [X] S2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=19A6D51C-2D35-44DB-B412-0B01BF8D2D62 [X] ==================== Drivers (Whitelisted) ==================== S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-03-20] (Disc Soft Ltd) R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [110472 2010-07-29] () [File not signed] R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-20] (Duplex Secure Ltd.) S3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-05 20:59 - 2014-07-05 21:00 - 00022100 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-05 20:59 - 2014-07-05 20:59 - 00000000 ____D () C:\FRST 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-04 22:08 - 2014-07-05 20:16 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-04 22:07 - 2014-07-04 22:22 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-07-03 10:56 - 2014-06-06 11:33 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140703-105625.backup 2014-07-03 10:02 - 2014-07-03 10:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:52 - 2014-07-03 09:52 - 00002184 _____ () C:\Users\###\Desktop\ Malwarebytes Anti-Malware - Malware Scanner - CHIP Downloader.lnk 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\WIN######4 - Verknüpfung.lnk 2014-06-26 22:15 - 2014-07-04 22:22 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_-_1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:40 - 2014-06-23 12:00 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:37 - 2014-06-23 08:43 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_-_Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:24 - 2014-03-19 03:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2014-06-21 14:24 - 2014-03-19 03:27 - 00109056 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2014-06-21 13:50 - 2014-06-21 14:23 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:32 - 2014-06-21 13:54 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:32 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll 2014-06-21 13:30 - 2014-06-21 13:31 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:26 - 2014-06-21 13:27 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:57 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_-_Palais_Omnisport_Paris_-_Full.flv 2014-06-20 23:41 - 2014-06-21 00:07 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-16 10:39 - 2014-06-16 10:43 - 00000000 ____D () C:\Users\###\Documents\_Gedä KreKo Kreativit- 2014-06-11 21:05 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-11 21:05 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-11 21:05 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-11 21:05 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-11 21:05 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-11 21:05 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-11 21:05 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-11 21:04 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-11 21:04 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-11 21:04 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-11 21:04 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-06-11 21:04 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-11 21:04 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-11 21:04 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 21:03 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-06-11 21:03 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-06-11 21:03 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-11 21:03 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-11 21:03 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-11 21:03 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-11 21:03 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-11 21:03 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-11 21:03 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-11 21:03 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-11 21:03 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-11 21:03 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-11 21:03 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-11 21:03 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-11 21:03 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-11 21:03 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 09:08 - 2014-06-13 22:41 - 00000000 ____D () C:\Users\###\Documents\_mi####r ==================== One Month Modified Files and Folders ======= 2014-07-05 21:00 - 2014-07-05 20:59 - 00022100 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-05 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-05 20:59 - 2014-07-05 20:59 - 00000000 ____D () C:\FRST 2014-07-05 20:56 - 2013-09-21 14:35 - 00000000 ____D () C:\Users\###\Documents\Youcam 2014-07-05 20:55 - 2013-09-24 18:17 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-05 20:54 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-05 20:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:53 - 2014-02-17 10:50 - 00000000 ____D () C:\Users\### 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-05 20:43 - 2014-02-17 11:09 - 01099006 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-05 20:19 - 2014-02-18 09:25 - 00000000 ____D () C:\Users\###\Documents\_WIN-PC 2014-07-05 20:16 - 2014-07-04 22:08 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-05 20:03 - 2013-12-20 08:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-05 20:01 - 2013-09-24 18:18 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-05 18:45 - 2014-04-01 19:13 - 00000000 ____D () C:\Program Files\003 2014-07-04 22:22 - 2014-07-04 22:07 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:22 - 2014-06-26 22:15 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-07-04 22:15 - 2014-06-02 16:32 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-04 22:11 - 2013-09-21 14:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3410272128-3850883635-1020607561-1001 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-04 12:58 - 2013-11-03 09:28 - 00125952 ___SH () C:\Users\###\Desktop\Thumbs.db 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-03 11:30 - 2013-11-14 00:18 - 00009156 _____ () C:\WINDOWS\PFRO.log 2014-07-03 11:10 - 2014-01-03 10:34 - 00000135 _____ () C:\WINDOWS\wininit.ini 2014-07-03 10:52 - 2013-11-03 11:00 - 00000000 ____D () C:\Users\###\AppData\Roaming\vlc 2014-07-03 10:03 - 2014-07-03 10:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:52 - 2014-07-03 09:52 - 00002184 _____ () C:\Users\###\Desktop\ Malwarebytes Anti-Malware - Malware Scanner - CHIP Downloader.lnk 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-07-02 19:35 - 2014-02-25 19:13 - 00000000 ____D () C:\Users\###\Documents\_##### 2014-07-01 14:53 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-01 14:53 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-01 14:53 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-01 08:46 - 2013-10-23 13:56 - 00000000 ____D () C:\Users\###\Documents\###a 2014-06-30 16:29 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\###\Documents\___Tests 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\### - Verknüpfung.lnk 2014-06-30 07:29 - 2013-12-25 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\FileAdvisor 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-25 19:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-25 13:51 - 2014-01-27 21:27 - 00000000 ____D () C:\D-EVERYTHINGSEARCH 2014-06-25 13:51 - 2014-01-27 21:25 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_-_1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:54 - 2014-03-30 18:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 12:00 - 2014-06-23 11:40 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-06-23 11:00 - 2013-08-22 16:46 - 00305858 _____ () C:\WINDOWS\setupact.log 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:43 - 2014-06-23 08:37 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_-_Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:23 - 2014-06-21 13:50 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:54 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:33 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2012-11-05 19:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-21 13:31 - 2014-06-21 13:30 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:27 - 2014-06-21 13:26 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:58 - 2014-06-21 07:57 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_-_Palais_Omnisport_Paris_-_Full.flv 2014-06-21 00:20 - 2014-03-22 01:03 - 00000000 ____D () C:\Users\###\AppData\Local\Windows Live 2014-06-21 00:07 - 2014-06-20 23:41 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-18 17:56 - 2013-09-24 18:18 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-18 17:56 - 2013-09-24 18:17 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 18:29 - 2013-09-22 22:02 - 00006234 _____ () C:\WirelessDiagLog.csv 2014-06-16 10:43 - 2014-06-16 10:39 - 00000000 ____D () C:\Users\###\Documents\_Gedä KreKo Kreativit- 2014-06-13 22:41 - 2014-06-11 09:08 - 00000000 ____D () C:\Users\###\Documents\####r 2014-06-12 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-12 07:37 - 2013-10-14 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-06-11 21:45 - 2013-09-22 14:37 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-11 21:43 - 2012-11-05 19:14 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 12:25 - 2014-05-02 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-08 21:44 - 2013-12-24 08:55 - 00000000 ____D () C:\Users\###\Documents\### 2014-06-06 12:15 - 2014-03-19 08:46 - 00000000 ____D () C:\Users\###\Documents\##### 2014-06-06 11:33 - 2014-07-03 10:56 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140703-105625.backup 2014-06-05 05:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness Files to move or delete: ==================== C:\Users\###\AppData\Roaming\CamLayout.ini C:\Users\###\AppData\Roaming\CamShapes.ini C:\Users\###\AppData\Roaming\CamStudio.Producer.Data.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-03 18:49 ==================== End Of Log ============================ und FRST.txt FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by ### (administrator) on ###### on 05-07-2014 20:59:16 Running from C:\Users\###\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Thermaltake) C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.) HKLM-x32\...\Run: [Tt eSPORTS BLACK Gaming Mouse] => C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe [105864 2012-08-10] (Thermaltake) HKLM-x32\...\Run: [AVMFBoxMonitor] => C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Lite\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3410272128-3850883635-1020607561-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () BootExecute: autocheck autochk * sdnclean64.exe GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKCU - DefaultScope {9B62A7FA-C373-4BF4-BCA6-12C03F49BB1A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS SearchScopes: HKCU - {9B62A7FA-C373-4BF4-BCA6-12C03F49BB1A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default FF NewTab: hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M3D6AB86D-DF50-4066-8CD4-43434B9052EF&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPB7CBB68B-550A-4643-AF69-91C9F7CA5C79 FF Homepage: leer FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF SearchPlugin: C:\Users\#####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\######\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\googlemaps.xml FF SearchPlugin: C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\ixquick-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23] FF Extension: Flashblock - C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-09-23] FF Extension: DownloadHelper - C:\Users\#####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: AutoGroup - C:\Users\####\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\akimkin_denis@mail.ru.xpi [2014-04-21] FF Extension: FlashStopper - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\flashstopper@byo.co.il.xpi [2014-04-21] FF Extension: Image and Flash Blocker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\imgflashblocker@shimon.chohen.xpi [2013-09-23] FF Extension: media menu - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid0-X4tVYTsgT60azyHVye1faT8MjIA@jetpack.xpi [2014-04-21] FF Extension: YouTube Control Center - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid1-CikLKKPVkw6ipw@jetpack.xpi [2014-04-21] FF Extension: Media Sniffer - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\MediaSniffer@hiyoko.info.xpi [2014-04-21] FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\multirevenue@googlemail.com.xpi [2014-04-21] FF Extension: SmartVideo For YouTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\mytube@ashishmishra.in.xpi [2014-04-21] FF Extension: Niederschlagsradar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\niederschlagsradar@sensiva.net.xpi [2014-06-10] FF Extension: S3.Download Statusbar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\s3download@statusbar.xpi [2014-02-13] FF Extension: Search Tab - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\searchtab@pratikpoddar.xpi [2013-12-13] FF Extension: Secure Login - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\secureLogin@blueimp.net.xpi [2013-09-21] FF Extension: StopTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\stoptube@kashiif.com.xpi [2013-09-23] FF Extension: SuperStop - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\superstop@gavinsharp.com.xpi [2013-09-23] FF Extension: Todoist - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\support@todoist.com.xpi [2013-10-15] FF Extension: Session Manager - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-21] FF Extension: ScrapBook - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-01-04] FF Extension: Web Marker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{5755466A-DB04-11DA-A2DD-0E545D5EE2F7}.xpi [2014-03-09] FF Extension: NoScript - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-21] FF Extension: Flash Block - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2013-09-23] FF Extension: Adblock Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21] FF Extension: Tab Mix Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-12-26] ==================== Services (Whitelisted) ================= R2 CVPND; C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 TipCtrl; C:\Program Files (x86)\uTIPu\TipCtrl.exe [314504 2009-02-03] (Utipu inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.) R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) S2 SupraSavingsService64; C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62\SupraSavingsService64.exe [X] S2 xmkysecqun64; C:\Program Files\003\xmkysecqun64.exe run options=01110010030000000000000000000000 sourceguid=19A6D51C-2D35-44DB-B412-0B01BF8D2D62 [X] ==================== Drivers (Whitelisted) ==================== S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-03-20] (Disc Soft Ltd) R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [110472 2010-07-29] () [File not signed] R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-20] (Duplex Secure Ltd.) S3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-05 20:59 - 2014-07-05 21:00 - 00022100 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-05 20:59 - 2014-07-05 20:59 - 00000000 ____D () C:\FRST 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-04 22:08 - 2014-07-05 20:16 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-04 22:07 - 2014-07-04 22:22 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-07-03 10:56 - 2014-06-06 11:33 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140703-105625.backup 2014-07-03 10:02 - 2014-07-03 10:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:52 - 2014-07-03 09:52 - 00002184 _____ () C:\Users\###\Desktop\ Malwarebytes Anti-Malware - Malware Scanner - CHIP Downloader.lnk 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\WIN######4 - Verknüpfung.lnk 2014-06-26 22:15 - 2014-07-04 22:22 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_-_1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:40 - 2014-06-23 12:00 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:37 - 2014-06-23 08:43 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_-_Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:24 - 2014-03-19 03:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2014-06-21 14:24 - 2014-03-19 03:27 - 00109056 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2014-06-21 13:50 - 2014-06-21 14:23 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:32 - 2014-06-21 13:54 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:32 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll 2014-06-21 13:30 - 2014-06-21 13:31 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:26 - 2014-06-21 13:27 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:57 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_-_Palais_Omnisport_Paris_-_Full.flv 2014-06-20 23:41 - 2014-06-21 00:07 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-16 10:39 - 2014-06-16 10:43 - 00000000 ____D () C:\Users\###\Documents\_Gedä KreKo Kreativit- 2014-06-11 21:05 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-11 21:05 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-11 21:05 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-11 21:05 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-11 21:05 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-11 21:05 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-11 21:05 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-11 21:04 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-11 21:04 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-11 21:04 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-11 21:04 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-06-11 21:04 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-11 21:04 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-11 21:04 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 21:03 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-06-11 21:03 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-06-11 21:03 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-11 21:03 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-11 21:03 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-11 21:03 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-11 21:03 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-11 21:03 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-11 21:03 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-11 21:03 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-11 21:03 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-11 21:03 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-11 21:03 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-11 21:03 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-11 21:03 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-11 21:03 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 09:08 - 2014-06-13 22:41 - 00000000 ____D () C:\Users\###\Documents\_mi####r ==================== One Month Modified Files and Folders ======= 2014-07-05 21:00 - 2014-07-05 20:59 - 00022100 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-05 21:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-05 20:59 - 2014-07-05 20:59 - 00000000 ____D () C:\FRST 2014-07-05 20:56 - 2013-09-21 14:35 - 00000000 ____D () C:\Users\###\Documents\Youcam 2014-07-05 20:55 - 2013-09-24 18:17 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-05 20:54 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-05 20:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:53 - 2014-02-17 10:50 - 00000000 ____D () C:\Users\### 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-05 20:43 - 2014-02-17 11:09 - 01099006 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-05 20:19 - 2014-02-18 09:25 - 00000000 ____D () C:\Users\###\Documents\_WIN-PC 2014-07-05 20:16 - 2014-07-04 22:08 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-05 20:03 - 2013-12-20 08:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-05 20:01 - 2013-09-24 18:18 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-05 18:45 - 2014-04-01 19:13 - 00000000 ____D () C:\Program Files\003 2014-07-04 22:22 - 2014-07-04 22:07 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:22 - 2014-06-26 22:15 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-07-04 22:15 - 2014-06-02 16:32 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-04 22:11 - 2013-09-21 14:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3410272128-3850883635-1020607561-1001 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-04 12:58 - 2013-11-03 09:28 - 00125952 ___SH () C:\Users\###\Desktop\Thumbs.db 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-03 11:30 - 2013-11-14 00:18 - 00009156 _____ () C:\WINDOWS\PFRO.log 2014-07-03 11:10 - 2014-01-03 10:34 - 00000135 _____ () C:\WINDOWS\wininit.ini 2014-07-03 10:52 - 2013-11-03 11:00 - 00000000 ____D () C:\Users\###\AppData\Roaming\vlc 2014-07-03 10:03 - 2014-07-03 10:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:52 - 2014-07-03 09:52 - 00002184 _____ () C:\Users\###\Desktop\ Malwarebytes Anti-Malware - Malware Scanner - CHIP Downloader.lnk 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-07-02 19:35 - 2014-02-25 19:13 - 00000000 ____D () C:\Users\###\Documents\_##### 2014-07-01 14:53 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-01 14:53 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-01 14:53 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-01 08:46 - 2013-10-23 13:56 - 00000000 ____D () C:\Users\###\Documents\###a 2014-06-30 16:29 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\###\Documents\___Tests 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\### - Verknüpfung.lnk 2014-06-30 07:29 - 2013-12-25 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\FileAdvisor 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-25 19:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-25 13:51 - 2014-01-27 21:27 - 00000000 ____D () C:\D-EVERYTHINGSEARCH 2014-06-25 13:51 - 2014-01-27 21:25 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_-_1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:54 - 2014-03-30 18:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 12:00 - 2014-06-23 11:40 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-06-23 11:00 - 2013-08-22 16:46 - 00305858 _____ () C:\WINDOWS\setupact.log 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:43 - 2014-06-23 08:37 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_-_Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:23 - 2014-06-21 13:50 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:54 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:33 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2012-11-05 19:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-21 13:31 - 2014-06-21 13:30 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:27 - 2014-06-21 13:26 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:58 - 2014-06-21 07:57 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_-_Palais_Omnisport_Paris_-_Full.flv 2014-06-21 00:20 - 2014-03-22 01:03 - 00000000 ____D () C:\Users\###\AppData\Local\Windows Live 2014-06-21 00:07 - 2014-06-20 23:41 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-18 17:56 - 2013-09-24 18:18 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-18 17:56 - 2013-09-24 18:17 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 18:29 - 2013-09-22 22:02 - 00006234 _____ () C:\WirelessDiagLog.csv 2014-06-16 10:43 - 2014-06-16 10:39 - 00000000 ____D () C:\Users\###\Documents\_Gedä KreKo Kreativit- 2014-06-13 22:41 - 2014-06-11 09:08 - 00000000 ____D () C:\Users\###\Documents\####r 2014-06-12 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-12 07:37 - 2013-10-14 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-06-11 21:45 - 2013-09-22 14:37 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-11 21:43 - 2012-11-05 19:14 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 12:25 - 2014-05-02 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-08 21:44 - 2013-12-24 08:55 - 00000000 ____D () C:\Users\###\Documents\### 2014-06-06 12:15 - 2014-03-19 08:46 - 00000000 ____D () C:\Users\###\Documents\##### 2014-06-06 11:33 - 2014-07-03 10:56 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140703-105625.backup 2014-06-05 05:43 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness Files to move or delete: ==================== C:\Users\###\AppData\Roaming\CamLayout.ini C:\Users\###\AppData\Roaming\CamShapes.ini C:\Users\###\AppData\Roaming\CamStudio.Producer.Data.ini ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-03 18:49 ==================== End Of Log ============================ Search+Destroy-Code kommt noch. Der benötigt immer sehr lange! |
05.07.2014, 22:10 | #2 |
/// the machine /// TB-Ausbilder | Supra Savings im Firefox hi,
__________________Addition.txt fehlt noch.
__________________ |
05.07.2014, 22:12 | #3 |
| Supra Savings im Firefox Oh, sorry, ja ich hatte den anderen doppelt :-((((
__________________Mann, hast Du schnell geantwortet !!! Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-07-2014 01 Ran by ###### at 2014-07-05 21:01:06 Running from C:\Users\###\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0} ==================== Installed Programs ====================== 1&1 SmartFax (HKLM-x32\...\1&1 SmartFax) (Version: 2.00.231 - 1&1 Internet AG) 1&1 Upload-Manager (HKLM-x32\...\1&1 Upload-Manager) (Version: 2.0.676 - 1&1 Internet AG) 7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov) Adobe Flash Player 13 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated) Anvil Studio (HKLM-x32\...\{DAC80967-02DF-4292-B5E2-5E3959A4E2F1}) (Version: 13.10.03 - Willow Software) Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Ashampoo Photo Commander 10 v.10.2.1 (HKLM-x32\...\{C92AB6F1-4B66-808A-D77C-25EF81C0176A}_is1) (Version: 10.2.1 - Ashampoo GmbH & Co. KG) Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team) AVM FRITZ!Box Monitor (HKLM-x32\...\AVMFBoxMonitor) (Version: - AVM Berlin) Bing Maps 3D (HKLM\...\{6ACE7F46-FACE-4125-AE86-672F4F2A6A28}) (Version: 4.0.903.16005 - Microsoft Corporation) Blender (HKLM\...\Blender) (Version: 2.70a - Blender Foundation) CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source) Canon MP Navigator EX 2.0 (HKLM-x32\...\MP Navigator EX 2.0) (Version: - ) Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version: - ) CanoScan LiDE 200 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4807) (Version: - ) Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.) CRoadX (HKLM-x32\...\{8BFBC2E1-A22C-49B7-A946-A22247AC2B1C}) (Version: 1.0.4 - Arnold Laffrenzen) CyberLink LabelPrint 2.5 (x32 Version: 2.5.5415 - CyberLink Corp.) Hidden CyberLink MediaEspresso 6.5 (x32 Version: 6.5.3111_44883 - CyberLink Corp.) Hidden CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3124 - CyberLink Corp.) CyberLink PhotoDirector 3 (x32 Version: 3.0.3124 - CyberLink Corp.) Hidden CyberLink PhotoNow (HKLM-x32\...\InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}) (Version: 1.1.7717 - CyberLink Corp.) CyberLink PhotoNow (x32 Version: 1.1.7717 - CyberLink Corp.) Hidden CyberLink Power2Go 8 (x32 Version: 8.0.0.1920 - CyberLink Corp.) Hidden CyberLink PowerDirector (Version: 9.0.0.3815c - CyberLink Corp.) Hidden CyberLink PowerDVD 10 (x32 Version: 10.0.4125.02 - CyberLink Corp.) Hidden CyberLink PowerDVD Copy 1.5 (x32 Version: 1.5.2715b - CyberLink Corp.) Hidden CyberLink PowerRecover (HKLM-x32\...\InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}) (Version: 5.7.0.0913 - CyberLink Corp.) CyberLink PowerRecover (Version: 5.7.0.0913 - CyberLink Corp.) Hidden CyberLink YouCam 5 (x32 Version: 5.0.1930 - CyberLink Corp.) Hidden D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd) DivX-Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.22 - DivX, LLC) Dolby Advanced Audio v2 (HKLM-x32\...\{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}) (Version: 7.2.8000.17 - Dolby Laboratories Inc) Dragon NaturallySpeaking 11 (HKLM-x32\...\{EFFA53BC-8C04-2E21-3D90-A13B1697B0CA}) (Version: 11.50.100 - Nuance Communications Inc.) DriveOnWeb Client Version 11.00.67 2014.01.14 (HKLM\...\DriveOnWeb Client_is1) (Version: - abilis GmbH) eLicenser Control (HKLM-x32\...\eLicenser Control) (Version: - Steinberg Media Technologies GmbH) Everything 1.2.1.371 (HKLM-x32\...\Everything) (Version: - ) FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version: - ) FileLocator Lite x64 (HKLM\...\{62BE2E9E-73AD-4E91-A654-3650A4F0F31C}) (Version: 7.0.820.1 - Mythicsoft Ltd) FormatFactory 3.3.3.0 (HKLM-x32\...\FormatFactory) (Version: 3.3.3.0 - Format Factory) Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalerija (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotogalleri (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Fotogalleriet (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotoğraf Galerisi (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Fotótár (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.2.75.126 - Foxit Corporation) Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.4.217 - Foxit Corporation) Free M4a to MP3 Converter 8.1 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version: - ManiacTools.com) Free Screen To Video V 2.0 (HKLM-x32\...\Free Screen To Video_is1) (Version: 2.0.0.0 - Koyote Soft) Free Screen Video Recorder version 2.5.31.1022 (HKLM-x32\...\Free Screen Video Recorder_is1) (Version: 2.5.31.1022 - DVDVideoSoft Ltd.) Freemake Video Converter Version 4.1.3 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.3 - Ellora Assets Corporation) Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galeria fotografii (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden GNU Privacy Guard (HKLM-x32\...\GnuPG) (Version: 1.4.9 - Free Software Foundation) Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden GPL Ghostscript 8.56 (HKLM-x32\...\GPL Ghostscript 8.56) (Version: - ) GPL Ghostscript Fonts (HKLM-x32\...\GPL Ghostscript Fonts) (Version: - ) HeavyLoad V3.3 (64 bit) (HKLM\...\HeavyLoad_is1) (Version: 3.3 - JAM Software) Helium (HKLM-x32\...\{9A781940-AC41-4D5E-8E1E-76A04B916FB9}) (Version: 1.0.0 - ClockworkMod) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.5.1210.30) (Version: 3.5.1210.30 - Solveig Multimedia) HyperCam 3 (HKLM-x32\...\HyperCam 3 3.6.1311.20) (Version: 3.6.1311.20 - Solveig Multimedia) Intel PROSet Wireless (Version: - ) Hidden Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation) Intel(R) My WiFi Dashboard (HKLM\...\{1E741267-F54B-4b3a-A7B6-1D1A156E385E}) (Version: 15.05.5000.0219 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation) Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed (HKLM\...\{89478C31-5CE8-461A-9084-9A0AF059F84F}) (Version: 15.5.0.0344 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation) Intel® PROSet/Wireless WiFi Software (HKLM\...\{99FDAE3B-6905-45A6-8F73-595363AAD3D1}) (Version: 15.05.1000.1411 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.24.388.1 - Intel Corporation) Hidden IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.36 - Irfan Skiljan) Jing (HKLM-x32\...\{22800204-9E53-45C7-B6F3-5BB0F1C1A147}) (Version: 2.8.13007.1 - TechSmith Corporation) KeePass Password Safe 2.25 (HKLM-x32\...\KeePassPasswordSafe2_is1) (Version: 2.25 - Dominik Reichl) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Launch Manager (HKLM-x32\...\{D0846526-66DD-4DC9-A02C-98F9A2806812}) (Version: 1.5.1.8 - Wistron Corp.) LibreOffice 4.1 Help Pack (German) (HKLM-x32\...\{5BF97A3C-24C0-489F-8CB9-90A051C0B7B1}) (Version: 4.1.6.2 - The Document Foundation) LibreOffice 4.1.6.2 (HKLM-x32\...\{146232A9-AB53-48A7-A102-56624D92C80D}) (Version: 4.1.6.2 - The Document Foundation) LightZone 4.0.0 (HKLM-x32\...\3263-1164-2624-0047) (Version: 4.0.0 - LightZone Project) LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere) Live-Styler 15 (HKLM-x32\...\Live-Styler_is1) (Version: - Norbert Stellberg) Mediathek (HKLM-x32\...\{EFFED0C0-5299-422E-AFE6-8B8066D18A2A}) (Version: 1.4.0 - Medion) Medion Home Cinema 10 (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.) Medion Home Cinema 10 (x32 Version: 10.1924 - CyberLink Corp.) Hidden Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0 - Mozilla) Mozilla Thunderbird 24.6.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.6.0 (x86 de)) (Version: 24.6.0 - Mozilla) MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden MuseScore 1.3 (HKLM-x32\...\MuseScore) (Version: 1.3.0 - Werner Schweer and Others) MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.5 - F.J. Wechselberger) Neuratron AudioScore Lite (HKLM-x32\...\Neuratron AudioScore Lite) (Version: 6.0.0 - Neuratron Limited) Neuratron PhotoScore Lite (HKLM-x32\...\Neuratron PhotoScore Lite) (Version: 6.0.0 - Neuratron Limited) Opera Stable 22.0.1471.70 (HKLM-x32\...\Opera 22.0.1471.70) (Version: 22.0.1471.70 - Opera Software ASA) PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd) PDF-XChange Editor (HKLM-x32\...\{2eef0fe2-cc4a-47d6-959c-de2d5c2cc40b}) (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.) PDF-XChange Editor (Version: 3.0.307.2 - Tracker Software Products (Canada) Ltd.) Hidden Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Podstawowe programy Windows Live (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Prezi (HKLM-x32\...\{63B8F931-2BF3-4D5D-9C28-E2EF88D83DFD}) (Version: 5.2.0 - Ihr Firmenname) QT Lite 4.1.0 (HKLM-x32\...\quicktime_lite_is1) (Version: 4.1.0 - ) QuickLaunch (HKLM-x32\...\{A802F1E3-34C8-4C84-9948-C1C4E37D0FA9}) (Version: 1.00.0019 - Lenovo Group Limited) QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.) Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6680 - Realtek Semiconductor Corp.) Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.) Rebeat (HKLM-x32\...\Rebeat_is1) (Version: 1.313.1 - Rebeat) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.14055.3 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.40.0 - SAMSUNG Electronics Co., Ltd.) Screenshot Captor 4.7.2 (HKLM-x32\...\ScreenshotCaptor_is1) (Version: - ) Sibelius 6.1.0.14 (HKLM-x32\...\Sibelius 6_is1) (Version: - ) Sibelius Scorch (all browsers) (HKLM-x32\...\{F533A90F-4E9E-4A17-A085-BD285B6AA57A}) (Version: 6.1.0 - Sibelius Software) Sibelius Sounds Essentials for Sibelius 6 (HKLM-x32\...\{F0EB3969-C007-4ABE-9245-990C5E021A8F}_is1) (Version: 1.1.0 - Sibelius Software, a division of Avid Technology, Inc.) Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.) Snagit 11 (HKLM-x32\...\{D0CC22F6-A67A-4083-A043-E0640CB7A4DF}) (Version: 11.2.1 - TechSmith Corporation) Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.) Steinberg Cubase 6 64bit (HKLM\...\{C6651CD0-4892-4465-96AC-C9864A695FF9}) (Version: 6.0.0 - Steinberg Media Technologies GmbH) Steinberg Drum Loop Expansion 01 (HKLM-x32\...\{490BF87E-1F75-4453-BF55-9F540543A3CA}) (Version: 2.0.0.0 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Content (HKLM-x32\...\{BD86F1AC-B594-46E4-85DC-1258AC9E2232}) (Version: 1.0.0.003 - Steinberg Media Technologies GmbH) Steinberg Groove Agent ONE Vintage Beatboxes (HKLM-x32\...\{DBF4BC99-53F1-4C97-84C3-7557D103E182}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE 64bit (HKLM\...\{B99C316B-C135-43B5-8E77-2BC5E241F964}) (Version: 1.5.0 - Steinberg Media Technologies GmbH) Steinberg HALion Sonic SE Content (HKLM-x32\...\{A5051ABF-A497-4C3C-85EA-F7A4D5C19B82}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg HALionOne (HKLM-x32\...\{E70E7159-93B1-470D-9FBD-D8E9EF34B538}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne 64bit (HKLM\...\{743C5D75-6BC8-4881-BF7D-E7DF29F155F4}) (Version: 1.1.0.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Expression Set (HKLM-x32\...\{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}) (Version: 1.0.1.0 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Drum Set (HKLM-x32\...\{AC997F93-0757-4ED4-A701-F40C2D654D09}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne GM Set (HKLM-x32\...\{F057965A-D974-4C64-ADB1-4381CD4B8956}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Pro Set (HKLM-x32\...\{D82CDA0D-C182-42C8-8FF2-5649C98D6003}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Drum Set (HKLM-x32\...\{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg HALionOne Studio Set (HKLM-x32\...\{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}) (Version: 1.0.1.457 - Steinberg Media Technologies GmbH) Steinberg LoopMash Content (HKLM-x32\...\{4D454CF8-12FD-464D-B57B-B46FE27B78BB}) (Version: 2.0.0.000 - Steinberg Media Technologies GmbH) Steinberg LoopMash Content 2 (HKLM-x32\...\{88C337F0-4CF2-4098-BDC0-D94859ECA2B4}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Steinberg REVerence Content 01 (HKLM-x32\...\{532B917B-8235-4FA5-BE36-643A8BB053A5}) (Version: 2.0.1.000 - Steinberg Media Technologies GmbH) Steinberg VST Amp Rack Content 01 (HKLM-x32\...\{8CBA7E47-48DA-47DC-8E98-6984BA830295}) (Version: 1.0.0.000 - Steinberg Media Technologies GmbH) Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.9.6 - Synaptics Incorporated) TipCam 2.2 (HKLM-x32\...\TipCam) (Version: 2.2 - UTIPU, Inc.) TreeSize Free V2.7 (HKLM-x32\...\TreeSize Free_is1) (Version: 2.7 - JAM Software) Tt eSPORTS BLACK (HKLM-x32\...\{17885341-8A1D-4C6E-8F90-366B227D30C8}) (Version: 0.0.1 - Tt eSPORTS) UltraSearch V1.8 (64 bit) (HKLM\...\UltraSearch_is1) (Version: 1.8 - JAM Software) VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden Visual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64) (HKLM\...\{4A5A427F-BA39-4BF0-7777-9A47FBE60C9F}) (Version: 11.0.200 - Nuance Communications Inc.) VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live Temel Parçalar (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden X Codec Pack (HKLM\...\X Codec Pack) (Version: 2.6.3 - X Codec Pack team) XMedia Recode Version 3.1.7.9 (HKLM-x32\...\{DDA3C325-47B2-4730-9672-BF3771C08799}_is1) (Version: 3.1.7.9 - XMedia Recode) xrecode II 1.0.0.209 (HKLM-x32\...\{AFE83615-88BE-47F6-B3E4-A3FEF8B7B57F}_is1) (Version: - ) Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) Συλλογή φωτογραφιών (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden ==================== Restore Points ========================= 17-06-2014 17:52:31 Geplanter Prüfpunkt 21-06-2014 11:31:54 Installed Samsung Kies3 25-06-2014 17:45:09 Windows Update 03-07-2014 16:50:24 Geplanter Prüfpunkt 04-07-2014 20:05:23 Installed STOPzilla ==================== Hosts content: ========================== 2013-08-22 15:25 - 2014-07-04 22:06 - 00000860 ___RA C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {02C2D867-CD63-405B-AE3A-DADDE267D33C} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1361CCD7-6CC2-44D5-802D-4798B26CCF39} - System32\Tasks\IntelBootstrapCCDashServer => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [2012-07-13] (Intel® Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {41A8B047-57D7-4489-A351-799E90180FA0} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics Task: {45E625E3-E0BC-46A5-A943-BA8A4899551C} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {562E1AFC-B0A6-4472-8F35-C706C0C71125} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation Task: {5E686F86-CC21-45DD-AB01-A7EC568CAD6A} - System32\Tasks\Dolby Selector => C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.) Task: {69939A04-DA7C-4B31-B200-C83FC3940815} - System32\Tasks\Opera scheduled Autoupdate 1396198660 => C:\Program Files (x86)\Opera\launcher.exe [2014-06-16] (Opera Software) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73AAF2B4-6661-40DD-A7D6-A6EED1EB2F04} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation) Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {86858ECC-3FF8-41D3-AB6E-7E6C3551288D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {A1CE7AFA-DE07-4287-B08D-DC557B88010C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.) Task: {BE142EAD-7813-4258-886D-F5EF4637CE4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-24] (Google Inc.) Task: {C31E3E89-709B-4E60-98A9-C6617211BC6C} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E3AC4C68-6A4B-4D97-963D-0AB686E2F6E0} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated) Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: {F57220E6-02D7-40F0-8ADB-A3DC56C43AC6} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv Task: {FDA40FEF-BC7E-4A33-86FE-B6EB78DB7573} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2012-12-18 13:08 - 2010-08-19 19:43 - 00386344 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe 2014-03-20 12:53 - 2011-01-20 17:26 - 00095744 _____ () C:\WINDOWS\system32\easycnp.dll 2014-03-20 12:53 - 2009-08-03 16:32 - 00078848 _____ () C:\Program Files\DriveOnWeb Client\DOWSpdup.dll 2014-03-20 12:53 - 2009-07-27 14:20 - 00016896 _____ () C:\Program Files\DriveOnWeb Client\DOWCommon64.dll 2014-03-20 12:53 - 2012-08-23 14:36 - 00142336 _____ () C:\Program Files\DriveOnWeb Client\easyClientExt.dll 2013-12-21 01:02 - 2013-12-21 01:02 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll 2014-01-10 07:26 - 2014-01-10 07:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe 2010-03-23 14:26 - 2010-03-23 14:26 - 00201512 _____ () C:\Program Files (x86)\Cisco SystemsVPN Client\vpnapi.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 03852912 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2014-07-03 11:34 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl 2014-07-03 11:34 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl 2014-07-03 11:34 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl 2014-07-03 11:34 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll 2014-07-03 11:34 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll 2012-12-18 13:06 - 2012-06-08 05:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll 2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll 2014-01-10 07:28 - 2014-01-10 07:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll 2012-12-18 12:19 - 2012-06-25 19:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\###\Downloads\wubi1210.exe:BDU AlternateDataStreams: C:\ProgramData\Temp:0FF263E8 ==================== Safe Mode (whitelisted) =================== ==================== EXE Association (whitelisted) ============= HKU\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Classes\.exe: exefile => <===== ATTENTION! HKU\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Classes\exefile: <===== ATTENTION! ==================== MSCONFIG/TASK MANAGER disabled items ========= HKLM\...\StartupApproved\Run32: => "AVMFBoxMonitor" ==================== Faulty Device Manager Devices ============= Name: USB-IF xHCI USB Host Controller Description: USB-IF xHCI USB Host Controller Class Guid: {8a2edc79-c759-46f2-88af-9d4efe3b5eee} Manufacturer: Intel Corporation Service: XHCIPort Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver ==================== Event log errors: ========================= Application errors: ================== Error: (07/05/2014 06:39:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: xmkysecqun64.exe, Version: 0.0.0.0, Zeitstempel: 0x532dfc16 Name des fehlerhaften Moduls: xmkysecqun64.exe, Version: 0.0.0.0, Zeitstempel: 0x532dfc16 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000000534b9 ID des fehlerhaften Prozesses: 0x6f8 Startzeit der fehlerhaften Anwendung: 0xxmkysecqun64.exe0 Pfad der fehlerhaften Anwendung: xmkysecqun64.exe1 Pfad des fehlerhaften Moduls: xmkysecqun64.exe2 Berichtskennung: xmkysecqun64.exe3 Vollständiger Name des fehlerhaften Pakets: xmkysecqun64.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: xmkysecqun64.exe5 Error: (07/04/2014 04:20:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x8c Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (07/04/2014 11:52:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x1640 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (07/03/2014 09:25:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x71d8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (06/27/2014 04:21:42 PM) (Source: SupraSavingsService64) (EventID: 1) (User: ) Description: SupraSavingsService64In SvcInstall, CreateService failed (1073) failed with 1073 Error: (06/26/2014 02:12:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xbbc Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (06/25/2014 04:06:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0xb64 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (06/23/2014 06:55:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x31b8 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (06/21/2014 02:25:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x2a04 Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 Error: (06/21/2014 08:04:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Name der fehlerhaften Anwendung: plugin-container.exe, Version: 30.0.0.5269, Zeitstempel: 0x53914233 Name des fehlerhaften Moduls: mozalloc.dll, Version: 30.0.0.5269, Zeitstempel: 0x53911393 Ausnahmecode: 0x80000003 Fehleroffset: 0x0000141b ID des fehlerhaften Prozesses: 0x2a2c Startzeit der fehlerhaften Anwendung: 0xplugin-container.exe0 Pfad der fehlerhaften Anwendung: plugin-container.exe1 Pfad des fehlerhaften Moduls: plugin-container.exe2 Berichtskennung: plugin-container.exe3 Vollständiger Name des fehlerhaften Pakets: plugin-container.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: plugin-container.exe5 System errors: ============= Error: (07/05/2014 08:55:33 PM) (Source: DCOM) (EventID: 10016) (User: #####) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}a#####k8S-1-5-21-3410272128-3850883635-1020607561-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/05/2014 08:55:33 PM) (Source: DCOM) (EventID: 10016) (User: ###) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}######S-1-5-21-3410272128-3850883635-1020607561-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/05/2014 08:55:33 PM) (Source: DCOM) (EventID: 10016) (User: ###) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}######S-1-5-21-3410272128-3850883635-1020607561-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/05/2014 08:55:33 PM) (Source: DCOM) (EventID: 10016) (User: ###) Description: AnwendungsspezifischLokalStart{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}######S-1-5-21-3410272128-3850883635-1020607561-1001LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (07/05/2014 08:55:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Cisco Systems Inc. IPSec Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error: (07/05/2014 08:55:32 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Cisco Systems Inc. IPSec Driver" wurde aufgrund folgenden Fehlers nicht gestartet: %%31 Error: (07/05/2014 08:55:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "xmkysecqun64" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/05/2014 08:55:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "SupraSavingsService64" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error: (07/05/2014 08:55:23 PM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053 Error: (07/05/2014 08:55:23 PM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Spybot-S&D 2 Scanner Service erreicht. Microsoft Office Sessions: ========================= Error: (07/05/2014 06:39:50 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: xmkysecqun64.exe0.0.0.0532dfc16xmkysecqun64.exe0.0.0.0532dfc16c000000500000000000534b96f801cf96a181ec2eacC:\Program Files\003\xmkysecqun64.exeC:\Program Files\003\xmkysecqun64.exefb47dcb8-0462-11e4-bee5-00262dcc4d37 Error: (07/04/2014 04:20:24 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b8c01cf9792e422259aC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll56527dde-0386-11e4-bee5-00262dcc4d37 Error: (07/04/2014 11:52:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b164001cf976db3d510c4C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllfa58bdf4-0360-11e4-bee5-00262dcc4d37 Error: (07/03/2014 09:25:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b71d801cf968fefc71496C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll40af9e3d-0283-11e4-bee4-00262dcc4d37 Error: (06/27/2014 04:21:42 PM) (Source: SupraSavingsService64) (EventID: 1) (User: ) Description: SupraSavingsService64In SvcInstall, CreateService failed (1073) failed with 1073 Error: (06/26/2014 02:12:14 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bbbc01cf9129c099199cC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll1b42c4d4-fd2b-11e3-bee2-685d43f0a037 Error: (06/25/2014 04:06:11 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141bb6401cf8eedb716adc6C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldc345f46-fc71-11e3-bee1-00262dcc4d37 Error: (06/23/2014 06:55:54 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b31b801cf8d4c07e0d8adC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlla7b95a94-fa92-11e3-bede-00262dcc4d37 Error: (06/21/2014 02:25:33 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b2a0401cf8d16b8778dccC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2370fda1-f93f-11e3-bede-00262dcc4d37 Error: (06/21/2014 08:04:15 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: plugin-container.exe30.0.0.526953914233mozalloc.dll30.0.0.526953911393800000030000141b2a2c01cf8c5f6f201b82C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dlldefea857-f909-11e3-bede-00262dcc4d37 ==================== Memory info =========================== Percentage of memory in use: 31% Total physical RAM: 8056.22 MB Available physical RAM: 5479.82 MB Total Pagefile: 9336.22 MB Available Pagefile: 6605.53 MB Total Virtual: 131072 MB Available Virtual: 131071.79 MB ==================== Drives ================================ Drive c: (Boot) (Fixed) (Total:879.46 GB) (Free:667.44 GB) NTFS Drive d: (Recover) (Fixed) (Total:50 GB) (Free:29.5 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 932 GB) (Disk ID: 00000000) Partition: GPT Partition Type. ==================== End Of Log ============================ Und hier gerade der Serach+Detsroy Code:
ATTFilter Search results from Spybot - Search & Destroy 05.07.2014 23:12:56 Scan took 00:51:24. 41 items found. DownloadSponsor: [SBI $CC437C6B] Settings (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\OCS\lastPID DownloadSponsor: [SBI $980DE8E4] Settings (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\OCS\PID Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\cdn.flashtalking.com\ftLocalComms.sol Properties.size=61 Properties.md5=DEB168CBF71E13562EC9A0D7CE266359 Properties.filedate=1402560237 Properties.filedatetext=2014-06-12 10:03:57 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\cdn.flashtalking.com\FT_cookie.sol Properties.size=43 Properties.md5=5BD98BB813EEDA3C606E3671EE84AA76 Properties.filedate=1403106503 Properties.filedatetext=2014-06-18 17:48:22 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\evs-hosted-151cb31da3f450.s3.amazonaws.com\com.jeroenwijering.sol Properties.size=50 Properties.md5=DB3C5E2C9300CCA4A8B3A96EE763579C Properties.filedate=1402483630 Properties.filedatetext=2014-06-11 12:47:10 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\images-na.ssl-images-amazon.com\mercury.sol Properties.size=69 Properties.md5=E35584B243A182D3D1498EBDBCC78982 Properties.filedate=1402565202 Properties.filedatetext=2014-06-12 11:26:41 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\is1.myvideo.de\com.conviva.livePass.sol Properties.size=228 Properties.md5=78782ADC93C3913B3068AA966CE853F0 Properties.filedate=1402948720 Properties.filedatetext=2014-06-16 21:58:39 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\is2.myvideo.de\com.conviva.livePass.sol Properties.size=228 Properties.md5=81E194265822BC433F4026333ABCDD69 Properties.filedate=1403685869 Properties.filedatetext=2014-06-25 10:44:29 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\is3.myvideo.de\com.conviva.livePass.sol Properties.size=228 Properties.md5=8116A6A1E69C313AE88F07DA283FA1A3 Properties.filedate=1402693873 Properties.filedatetext=2014-06-13 23:11:13 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\is5.myvideo.de\com.conviva.livePass.sol Properties.size=222 Properties.md5=1DDD97D7690C7ACEE36193BA18830F00 Properties.filedate=1403720534 Properties.filedatetext=2014-06-25 20:22:13 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\static1.dmcdn.net\com.dm.player.sol Properties.size=281 Properties.md5=BE410E5C95B8D1E999EC1B2FFE33E2EB Properties.filedate=1402696961 Properties.filedatetext=2014-06-14 00:02:41 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\www.tripadvisor.co.uk\TA.sol Properties.size=62 Properties.md5=79376BCB45AFBB298862D9999CBF24CD Properties.filedate=1402923308 Properties.filedatetext=2014-06-16 14:55:08 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\www.tripadvisor.de\TA.sol Properties.size=62 Properties.md5=79376BCB45AFBB298862D9999CBF24CD Properties.filedate=1402923315 Properties.filedatetext=2014-06-16 14:55:14 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\www.ultimedia.com\analytics.sol Properties.size=431 Properties.md5=F0E77095B6DC6AC7AC708615FEEDEA01 Properties.filedate=1402696354 Properties.filedatetext=2014-06-13 23:52:33 Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\www.ultimedia.com\com.jeroenwijering.sol Properties.size=54 Properties.md5=899A5266D14DEFCCC086768D486C1175 Properties.filedate=1402693990 Properties.filedatetext=2014-06-13 23:13:10 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\aa.online-metrix.net\fpc.swf\session.sol Properties.size=76 Properties.md5=8F340EFB34F889936029C2BD40815876 Properties.filedate=1402384993 Properties.filedatetext=2014-06-10 09:23:13 Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\www.ajaxcdn.org\swf.swf\dm_cookie.sol Properties.size=415 Properties.md5=584FBD156FD8EA6AAE168EDA95DC901D Properties.filedate=1404143705 Properties.filedatetext=2014-06-30 17:55:05 Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done) C:\Users\###\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\UVWWJTZ7\play.snacktv.de\player\videoplayer.swf\SnackTV.sol Properties.size=79 Properties.md5=C8594173BD51C8B70DF38A256A90E88B Properties.filedate=1403685292 Properties.filedatetext=2014-06-25 10:34:52 Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Microsoft\Microsoft Management Console\Recent File List MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1007\Software\Microsoft\MediaPlayer\Player\Settings\Client ID MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows: [SBI $1E4E2003] Drivers installation paths (Registry Change, nothing done) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Setup\Installation Sources Windows.OpenWith: [SBI $C92C6763] Open with list - .BUP extension (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BUP\OpenWithList Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1007\Software\Microsoft\Windows Media\WMSDK\General\ComputerName Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1007\Software\Microsoft\Windows Media\WMSDK\General\UniqueID Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done) HKEY_USERS\S-1-5-21-3410272128-3850883635-1020607561-1007\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber Cookie: [SBI $49804B54] Browser: Cookie (11) (Browser: Cookie, nothing done) Cache: [SBI $49804B54] Browser: Cache (78) (Browser: Cache, nothing done) Verlauf: [SBI $49804B54] Browser: History (102) (Browser: History, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (52) (Browser: Cookie, nothing done) Cookie: [SBI $49804B54] Browser: Cookie (1) (Browser: Cookie, nothing done) --- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) --- 2014-06-24 blindman.exe (2.4.40.151) 2014-06-24 explorer.exe (2.4.40.181) 2014-06-24 SDBootCD.exe (2.4.40.109) 2014-06-24 SDCleaner.exe (2.4.40.110) 2014-06-24 SDDelFile.exe (2.4.40.94) 2013-06-18 SDDisableProxy.exe 2014-06-24 SDFiles.exe (2.4.40.135) 2014-06-24 SDFileScanHelper.exe (2.4.40.1) 2014-06-24 SDFSSvc.exe (2.4.40.217) 2014-06-24 SDHelp.exe (2.4.40.1) 2014-04-25 SDHookHelper.exe (2.3.39.2) 2014-04-25 SDHookInst32.exe (2.3.39.2) 2014-04-25 SDHookInst64.exe (2.3.39.2) 2014-06-24 SDImmunize.exe (2.4.40.130) 2014-06-24 SDLogReport.exe (2.4.40.107) 2014-06-24 SDOnAccess.exe (2.4.40.11) 2014-06-24 SDPESetup.exe (2.4.40.3) 2014-06-24 SDPEStart.exe (2.4.40.86) 2014-06-24 SDPhoneScan.exe (2.4.40.28) 2014-06-24 SDPRE.exe (2.4.40.22) 2014-06-24 SDPrepPos.exe (2.4.40.15) 2014-06-24 SDQuarantine.exe (2.4.40.103) 2014-06-24 SDRootAlyzer.exe (2.4.40.116) 2014-06-24 SDSBIEdit.exe (2.4.40.39) 2014-06-24 SDScan.exe (2.4.40.181) 2014-06-24 SDScript.exe (2.4.40.54) 2014-06-24 SDSettings.exe (2.4.40.139) 2014-06-24 SDShell.exe (2.4.40.2) 2014-06-24 SDShred.exe (2.4.40.108) 2014-06-24 SDSysRepair.exe (2.4.40.102) 2014-06-24 SDTools.exe (2.4.40.157) 2014-06-24 SDTray.exe (2.4.40.129) 2014-06-27 SDUpdate.exe (2.4.40.94) 2014-06-27 SDUpdSvc.exe (2.4.40.77) 2014-06-24 SDWelcome.exe (2.4.40.130) 2014-04-25 SDWSCSvc.exe (2.3.39.2) 2014-05-20 spybotsd2-install-bdcore-update.exe (2.3.39.0) 2013-06-19 spybotsd2-translation-frx.exe 2014-07-03 unins000.exe (51.1052.0.0) 1999-12-02 xcacls.exe 2012-08-23 borlndmm.dll (10.0.2288.42451) 2012-09-05 DelZip190.dll (1.9.0.107) 2012-09-10 libeay32.dll (1.0.0.4) 2012-09-10 libssl32.dll (1.0.0.4) 2014-04-25 NotificationSpreader.dll 2014-06-24 SDAdvancedCheckLibrary.dll (2.4.40.98) 2014-04-25 SDAV.dll 2014-06-24 SDECon32.dll (2.4.40.114) 2014-06-24 SDECon64.dll (2.3.39.113) 2014-06-24 SDEvents.dll (2.4.40.2) 2014-06-24 SDFileScanLibrary.dll (2.4.40.14) 2014-04-25 SDHook32.dll (2.3.39.2) 2014-04-25 SDHook64.dll (2.3.39.2) 2014-06-24 SDImmunizeLibrary.dll (2.4.40.2) 2014-06-24 SDLicense.dll (2.4.40.0) 2014-06-24 SDLists.dll (2.4.40.4) 2014-06-24 SDResources.dll (2.4.40.7) 2014-06-24 SDScanLibrary.dll (2.4.40.131) 2014-06-24 SDTasks.dll (2.4.40.15) 2014-06-24 SDWinLogon.dll (2.4.40.0) 2012-08-23 sqlite3.dll 2012-09-10 ssleay32.dll (1.0.0.4) 2014-06-24 Tools.dll (2.4.40.36) 2014-03-05 Includes\Adware-000.sbi (*) 2014-01-08 Includes\Adware-001.sbi (*) 2014-07-02 Includes\Adware-C.sbi (*) 2014-01-13 Includes\Adware.sbi (*) 2014-01-13 Includes\AdwareC.sbi (*) 2010-08-13 Includes\Cookies.sbi (*) 2014-01-08 Includes\Dialer-000.sbi (*) 2014-01-08 Includes\Dialer-001.sbi (*) 2014-01-08 Includes\Dialer-C.sbi (*) 2014-01-13 Includes\Dialer.sbi (*) 2014-01-13 Includes\DialerC.sbi (*) 2014-01-09 Includes\Fraud-000.sbi (*) 2014-01-09 Includes\Fraud-001.sbi (*) 2014-03-31 Includes\Fraud-002.sbi (*) 2014-01-09 Includes\Fraud-003.sbi (*) 2012-11-14 Includes\HeavyDuty.sbi (*) 2014-01-08 Includes\Hijackers-000.sbi (*) 2014-01-08 Includes\Hijackers-001.sbi (*) 2014-01-08 Includes\Hijackers-C.sbi (*) 2014-01-13 Includes\Hijackers.sbi (*) 2014-01-13 Includes\HijackersC.sbi (*) 2014-01-08 Includes\iPhone-000.sbi (*) 2014-01-08 Includes\iPhone.sbi (*) 2014-01-08 Includes\Keyloggers-000.sbi (*) 2014-03-19 Includes\Keyloggers-C.sbi (*) 2014-01-13 Includes\Keyloggers.sbi (*) 2014-01-13 Includes\KeyloggersC.sbi (*) 2014-01-09 Includes\Malware-001.sbi (*) 2014-01-09 Includes\Malware-002.sbi (*) 2014-02-05 Includes\Malware-003.sbi (*) 2014-01-28 Includes\Malware-004.sbi (*) 2014-04-15 Includes\Malware-005.sbi (*) 2014-02-26 Includes\Malware-006.sbi (*) 2014-01-09 Includes\Malware-007.sbi (*) 2014-07-02 Includes\Malware-C.sbi (*) 2014-01-13 Includes\Malware.sbi (*) 2013-12-23 Includes\MalwareC.sbi (*) 2014-01-15 Includes\PUPS-000.sbi (*) 2014-01-15 Includes\PUPS-001.sbi (*) 2014-01-15 Includes\PUPS-002.sbi (*) 2014-07-02 Includes\PUPS-C.sbi (*) 2012-11-14 Includes\PUPS.sbi (*) 2014-01-07 Includes\PUPSC.sbi (*) 2014-01-08 Includes\Security-000.sbi (*) 2014-01-08 Includes\Security-C.sbi (*) 2014-01-21 Includes\Security.sbi (*) 2014-01-21 Includes\SecurityC.sbi (*) 2014-01-08 Includes\Spyware-000.sbi (*) 2014-01-08 Includes\Spyware-001.sbi (*) 2014-01-08 Includes\Spyware-C.sbi (*) 2014-01-21 Includes\Spyware.sbi (*) 2014-01-21 Includes\SpywareC.sbi (*) 2011-06-07 Includes\Tracks.sbi (*) 2012-11-19 Includes\Tracks.uti (*) 2014-01-15 Includes\Trojans-000.sbi (*) 2014-01-15 Includes\Trojans-001.sbi (*) 2014-01-15 Includes\Trojans-002.sbi (*) 2014-01-15 Includes\Trojans-003.sbi (*) 2014-01-15 Includes\Trojans-004.sbi (*) 2014-03-19 Includes\Trojans-005.sbi (*) 2014-01-15 Includes\Trojans-006.sbi (*) 2014-01-15 Includes\Trojans-007.sbi (*) 2014-01-15 Includes\Trojans-008.sbi (*) 2014-01-15 Includes\Trojans-009.sbi (*) 2014-07-02 Includes\Trojans-C.sbi (*) 2014-01-15 Includes\Trojans-OG-000.sbi (*) 2014-01-15 Includes\Trojans-TD-000.sbi (*) 2014-01-15 Includes\Trojans-VM-000.sbi (*) 2014-01-15 Includes\Trojans-VM-001.sbi (*) 2014-01-15 Includes\Trojans-VM-002.sbi (*) 2014-01-15 Includes\Trojans-VM-003.sbi (*) 2014-01-15 Includes\Trojans-VM-004.sbi (*) 2014-01-15 Includes\Trojans-VM-005.sbi (*) 2014-01-15 Includes\Trojans-VM-006.sbi (*) 2014-01-15 Includes\Trojans-VM-007.sbi (*) 2014-01-15 Includes\Trojans-VM-008.sbi (*) 2014-01-15 Includes\Trojans-VM-009.sbi (*) 2014-01-15 Includes\Trojans-VM-010.sbi (*) 2014-01-15 Includes\Trojans-VM-011.sbi (*) 2014-01-15 Includes\Trojans-VM-012.sbi (*) 2014-01-15 Includes\Trojans-VM-013.sbi (*) 2014-01-15 Includes\Trojans-VM-014.sbi (*) 2014-01-15 Includes\Trojans-VM-015.sbi (*) 2014-01-15 Includes\Trojans-VM-016.sbi (*) 2014-01-15 Includes\Trojans-VM-017.sbi (*) 2014-01-15 Includes\Trojans-VM-018.sbi (*) 2014-01-15 Includes\Trojans-VM-019.sbi (*) 2014-01-15 Includes\Trojans-VM-020.sbi (*) 2014-01-15 Includes\Trojans-VM-021.sbi (*) 2014-01-15 Includes\Trojans-VM-022.sbi (*) 2014-01-15 Includes\Trojans-VM-023.sbi (*) 2014-01-15 Includes\Trojans-VM-024.sbi (*) 2014-01-15 Includes\Trojans-ZB-000.sbi (*) 2014-01-15 Includes\Trojans-ZL-000.sbi (*) 2014-01-09 Includes\Trojans.sbi (*) 2014-01-16 Includes\TrojansC-01.sbi (*) 2014-01-16 Includes\TrojansC-02.sbi (*) 2014-01-16 Includes\TrojansC-03.sbi (*) 2014-01-16 Includes\TrojansC-04.sbi (*) 2014-01-16 Includes\TrojansC-05.sbi (*) 2014-01-09 Includes\TrojansC.sbi (*) |
06.07.2014, 11:36 | #4 |
/// the machine /// TB-Ausbilder | Supra Savings im Firefox Downloade Dir bitte Malwarebytes Anti-Malware
Downloade Dir bitte AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
07.07.2014, 12:46 | #5 |
| Supra Savings im Firefox P.S. ich hoffe, alles ist gut formatiert, da ich gerade keien Vorschau finde :-(( Moin Schrauber, ich sitze jetzt hier schon über 4 Stunden dran, hatte das Anschreiben an Dich fast fertig, da ging alles wieder verloren, weil ich angeblich nicht mehr angemeldet war , ärger ... Also auf ein Neues: Ich danke Dir erstmal für die schnelle Hilfe! NAch den dirversen Durchläufen habe ich durch Logfiles-Lesen den Eindruck, einen krebsgeschwürbelasteten Laptop zu haben, obwohl ich immer sehr vorsichtig installiere :-((((( zuerst mbam1 Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.07.2014 Suchlauf-Zeit: 08:01:38 Logdatei: mbam1.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.07.01 Rootkit Datenbank: v2014.07.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ### Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 320062 Verstrichene Zeit: 16 Min, 6 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 8 PUP.Optional.AdPeak.A, HKLM\SOFTWARE\LevelQualityWatcher, In Quarantäne, [d8d59903cface05638427c39a45eef11], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\Supra Savings, In Quarantäne, [317c36664734e94dedaef9bb43bfbe42], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, In Quarantäne, [3a735a42e19aae889bd56b6008faed13], PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, In Quarantäne, [ebc24e4e3b407fb7fe72b6151fe39967], PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SupraSavingsService64, In Quarantäne, [d6d74458e99263d30995fa15be4616ea], PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\xmkysecqun64, In Quarantäne, [3e6f574563185bdbe2579a2c0ff39769], PUP.Optional.SupraSavings.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [535a128a3e3d1c1a82e8f0dab151de22], PUP.Optional.SupraSavings.A, HKU\S-1-5-21-3410272128-3850883635-1020607561-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, In Quarantäne, [2588128abebde551ef7b9e2ccc364ab6], Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 10 RiskWare.Tool.CK, C:\$Recycle.Bin\S-1-5-21-3410272128-3850883635-1020607561-1001\$RLO0K8K.exe, In Quarantäne, [d8d5bae2e19af343867408e6946d05fb], Spyware.Zbot.VXGen, C:\$Recycle.Bin\S-1-5-21-3410272128-3850883635-1020607561-1001\$RNC1LHF.zip, In Quarantäne, [397497054239eb4b8b72ed827e8343bd], PUP.Optional.AppsInstaller, C:\$Recycle.Bin\S-1-5-21-3410272128-3850883635-1020607561-1001\$RSDDS2L.exe, In Quarantäne, [baf32a72fd7eb383680f90ee42c2e51b], PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, In Quarantäne, [317c8a1228533ef8e9a0ec517c84b64a], PUP.Optional.SupraSavings.A, C:\temp\t.msi, In Quarantäne, [d2db0a922f4c2d0968599ede50b49c64], PUP.Optional.Koyote.A, C:\Users\###\Downloads\FreeScreenToVideoSetup-r0-n-bf.exe, In Quarantäne, [c7e6a0fc1863cc6aa4c9291dd82913ed], PUP.Optional.OpenCandy, C:\Users\###\Downloads\FreemakeVideoConverterSetup_4.1.3.14.exe, In Quarantäne, [228b17854d2e48ee868c7e9638c97c84], PUP.Optional.OpenCandy, C:\Users\###\Downloads\MediaInfo_GUI_0.7.67_Windows.exe, In Quarantäne, [ebc2831929527bbb95473c7d5ba9e818], PUP.Optional.OpenCandy, C:\Users\###\Downloads\DTLite4491-0356.exe, In Quarantäne, [dad30f8dbfbc40f6defebbfef21256aa], PUP.Optional.Conduit.A, C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M3D6AB86D-DF50-4066-8CD4-43434B9052EF&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPB7CBB68B-550A-4643-AF69-91C9F7CA5C79");), Ersetzt,[5c51504cc5b6aa8cf97171538f75c43c] Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 07.07.2014 Suchlauf-Zeit: 09:46:42 Logdatei: mbam2.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.07.07.01 Rootkit Datenbank: v2014.07.03.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 8.1 CPU: x64 Dateisystem: NTFS Benutzer: ### Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 319861 Verstrichene Zeit: 16 Min, 22 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 1 PUP.Optional.Conduit.A, C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\prefs.js, Gut: (), Schlecht: (user_pref ("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M3D6AB86D-DF50-4066-8CD4- 43434B9052EF&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPB7CBB68B-550A-4643-AF69-91C9F7CA5C79");), Ersetzt, [f1bc7c2012690e282446269e0bf9da26] Physische Sektoren: 0 (No malicious items detected) Code:
ATTFilter # AdwCleaner v3.214 - Bericht erstellt am 07/07/2014 um 10:14:54 # Aktualisiert 29/06/2014 von Xplode # Betriebssystem : Windows 8.1 (64 bits) # Benutzername : ### -####### # Gestartet von : C:\Users\###\Downloads\adwcleaner_3.214.exe # Option : Löschen ***** [ Dienste ] ***** ***** [ Dateien / Ordner ] ***** Ordner Gelöscht : C:\Program Files\003 ***** [ Verknüpfungen ] ***** ***** [ Registrierungsdatenbank ] ***** Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE} Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\OCS Schlüssel Gelöscht : HKLM\Software\Conduit ***** [ Browser ] ***** -\\ Internet Explorer v0.0.0.0 -\\ Mozilla Firefox v30.0 (de) [ Datei : C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\prefs.js ] Zeile gelöscht : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?gd=&ctid=CT3315513&octid=EB_ORIGINAL_CTID&ISID=M3D6AB86D-DF50 -4066-8CD4-43434B9052EF&SearchSource=69&CUI=&SSPV=&Lay=1&UM=5&UP=SPB7CBB68B-550[...] Zeile gelöscht : user_pref("extensions.betterff.surfcanyon.ramp.start_time", "1"); ************************* AdwCleaner[R0].txt - [2297 octets] - [07/07/2014 10:13:11] AdwCleaner[S0].txt - [2114 octets] - [07/07/2014 10:14:54] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2174 octets] ########## Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.1.4 (04.06.2014:1) OS: Windows 8.1 x64 Ran by ### on 07.07.2014 at 12:08:31,55 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\###\appdata\locallow\boost_interprocess" ~~~ FireFox Emptied folder: C:\Users\###\AppData\Roaming\mozilla\firefox\profiles\ewe9a0lr.default\minidumps [25 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07.07.2014 at 12:14:57,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by ### (administrator) on ###### on 07-07-2014 12:19:51 Running from C:\Users\###\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Thermaltake) C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.) HKLM-x32\...\Run: [Tt eSPORTS BLACK Gaming Mouse] => C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe [105864 2012-08-10] (Thermaltake) HKLM-x32\...\Run: [AVMFBoxMonitor] => C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Lite\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3410272128-3850883635-1020607561-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () BootExecute: autocheck autochk * sdnclean64.exe GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {9B62A7FA-C373-4BF4-BCA6-12C03F49BB1A} URL = hxxp://www.bing.com/search?q={searchTerms} &form=IE10TR&src=IE10TR&pc=MALNJS Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default FF Homepage: leer FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer \npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor \npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer \Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader \plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader \plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT \npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor \npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer \Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF SearchPlugin: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\googlemaps.xml FF SearchPlugin: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\ixquick-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: YouTube Unblocker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions \youtubeunblocker@unblocker.yt [2014-01-23] FF Extension: Flashblock - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{3d7eb24f-2740-49df-8937- 200b1cc08f8a} [2013-09-23] FF Extension: DownloadHelper - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{b9db16a4-6edc-47ec-a1f4- b86292ed211d} [2014-03-26] FF Extension: AutoGroup - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\akimkin_denis@mail.ru.xpi [2014-04-21] FF Extension: FlashStopper - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\flashstopper@byo.co.il.xpi [2014-04-21] FF Extension: Image and Flash Blocker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions \imgflashblocker@shimon.chohen.xpi [2013-09-23] FF Extension: media menu - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid0- X4tVYTsgT60azyHVye1faT8MjIA@jetpack.xpi [2014-04-21] FF Extension: YouTube Control Center - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid1- CikLKKPVkw6ipw@jetpack.xpi [2014-04-21] FF Extension: Media Sniffer - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions \MediaSniffer@hiyoko.info.xpi [2014-04-21] FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles \ewe9a0lr.default\Extensions\multirevenue@googlemail.com.xpi [2014-04-21] FF Extension: SmartVideo For YouTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions \mytube@ashishmishra.in.xpi [2014-04-21] FF Extension: Niederschlagsradar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions \niederschlagsradar@sensiva.net.xpi [2014-06-10] FF Extension: S3.Download Statusbar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions \s3download@statusbar.xpi [2014-02-13] FF Extension: Search Tab - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\searchtab@pratikpoddar.xpi [2013-12-13] FF Extension: Secure Login - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\secureLogin@blueimp.net.xpi [2013-09-21] FF Extension: StopTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\stoptube@kashiif.com.xpi [2013- 09-23] FF Extension: SuperStop - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\superstop@gavinsharp.com.xpi [2013-09-23] FF Extension: Todoist - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\support@todoist.com.xpi [2013-10 -15] FF Extension: Session Manager - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{1280606b-2510-4fe0- 97ef-9b5a22eafe30}.xpi [2013-09-21] FF Extension: ScrapBook - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{53A03D43-5363-4669-8190- 99061B2DEBA5}.xpi [2014-01-04] FF Extension: Web Marker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{5755466A-DB04-11DA-A2DD- 0E545D5EE2F7}.xpi [2014-03-09] FF Extension: NoScript - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{73a6fe31-595d-460b-a920- fcc0f8843232}.xpi [2014-04-21] FF Extension: Flash Block - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{95ab36d4-fb6f-47b0-8b8d- e5f3bd547953}.xpi [2013-09-23] FF Extension: Adblock Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2- 2b9879e08c5d}.xpi [2013-09-21] FF Extension: Tab Mix Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{dc572301-7619-498c-a57d- 39143191b318}.xpi [2013-12-26] ==================== Services (Whitelisted) ================= R2 CVPND; C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07- 18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 TipCtrl; C:\Program Files (x86)\uTIPu\TipCtrl.exe [314504 2009-02-03] (Utipu inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-03-20] (Disc Soft Ltd) R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [110472 2010-07-29] () [File not signed] R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-20] (Duplex Secure Ltd.) S3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-07 12:14 - 2014-07-07 12:14 - 00000961 _____ () C:\Users\###\Desktop\JRT.txt 2014-07-07 12:08 - 2014-07-07 12:08 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-07 12:07 - 2014-07-07 12:07 - 01016261 _____ (Thisisu) C:\Users\###\Downloads\JRT.exe 2014-07-07 10:13 - 2014-07-07 10:14 - 00000000 ____D () C:\AdwCleaner 2014-07-07 10:11 - 2014-07-07 10:11 - 01346519 _____ () C:\Users\###\Downloads\adwcleaner_3.214.exe 2014-07-07 07:59 - 2014-07-07 09:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 07:58 - 2014-07-07 10:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-07 07:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-07 07:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-07 07:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-07-07 07:56 - 2014-07-07 07:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\###\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-05 21:38 - 2014-07-05 21:38 - 00043048 _____ () C:\Users\###\Downloads\Addition-korr.txt 2014-07-05 21:33 - 2014-07-05 21:33 - 00049154 _____ () C:\Users\###\Downloads\FRSTkorr.txt 2014-07-05 21:07 - 2014-07-05 21:07 - 517430305 _____ () C:\WINDOWS\MEMORY.DMP 2014-07-05 21:07 - 2014-07-05 21:07 - 00288536 _____ () C:\WINDOWS\Minidump\070514-21531-01.dmp 2014-07-05 21:03 - 2014-07-05 21:03 - 00380416 _____ () C:\Users\###\Downloads\4knde644.exe 2014-07-05 21:01 - 2014-07-05 21:02 - 00043065 _____ () C:\Users\###\Downloads\Addition.txt 2014-07-05 20:59 - 2014-07-07 12:19 - 00021589 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-05 20:59 - 2014-07-07 12:19 - 00000000 ____D () C:\FRST 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-04 22:08 - 2014-07-05 20:16 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-04 22:07 - 2014-07-04 22:22 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-07-03 10:56 - 2014-06-06 11:33 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140703-105625.backup 2014-07-03 10:02 - 2014-07-03 10:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:52 - 2014-07-03 09:52 - 00002184 _____ () C:\Users\###\Desktop\ Malwarebytes Anti-Malware - Malware Scanner - CHIP Downloader.lnk 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\WIN7 - EA2014 - Verknüpfung.lnk 2014-06-26 22:15 - 2014-07-04 22:22 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_- _1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:40 - 2014-06-23 12:00 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:37 - 2014-06-23 08:43 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_- _Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:24 - 2014-03-19 03:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2014-06-21 14:24 - 2014-03-19 03:27 - 00109056 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2014-06-21 13:50 - 2014-06-21 14:23 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:32 - 2014-06-21 13:54 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:32 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll 2014-06-21 13:30 - 2014-06-21 13:31 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:26 - 2014-06-21 13:27 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:57 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_- _Palais_Omnisport_Paris_-_Full.flv 2014-06-20 23:41 - 2014-06-21 00:07 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-16 10:39 - 2014-06-16 10:43 - 00000000 ____D () C:\Users\###\Documents\_Gedä KreKo Kreativit- 2014-06-11 21:05 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-11 21:05 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-11 21:05 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-11 21:05 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-11 21:05 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-11 21:05 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-11 21:05 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-11 21:04 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-11 21:04 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-11 21:04 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-11 21:04 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS \system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS \SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-06-11 21:04 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-11 21:04 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-11 21:04 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 21:03 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-06-11 21:03 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-06-11 21:03 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-11 21:03 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-11 21:03 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-11 21:03 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-11 21:03 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-11 21:03 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-11 21:03 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-11 21:03 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-11 21:03 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-11 21:03 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-11 21:03 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-11 21:03 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-11 21:03 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-11 21:03 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 09:08 - 2014-06-13 22:41 - 00000000 ____D () C:\Users\###\Documents\_mixed-dur ==================== One Month Modified Files and Folders ======= 2014-07-07 12:20 - 2014-07-05 20:59 - 00021589 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-07 12:19 - 2014-07-05 20:59 - 00000000 ____D () C:\FRST 2014-07-07 12:16 - 2013-09-21 14:40 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3410272128- 3850883635-1020607561-1001 2014-07-07 12:14 - 2014-07-07 12:14 - 00000961 _____ () C:\Users\###\Desktop\JRT.txt 2014-07-07 12:08 - 2014-07-07 12:08 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-07 12:07 - 2014-07-07 12:07 - 01016261 _____ (Thisisu) C:\Users\###\Downloads\JRT.exe 2014-07-07 12:03 - 2013-12-20 08:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-07 12:02 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-07 12:01 - 2013-09-24 18:18 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-07 11:07 - 2013-09-24 18:17 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-07 11:07 - 2013-09-21 14:35 - 00000000 ____D () C:\Users\###\Documents\Youcam 2014-07-07 11:05 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-07 10:16 - 2013-11-14 00:18 - 00012014 _____ () C:\WINDOWS\PFRO.log 2014-07-07 10:14 - 2014-07-07 10:13 - 00000000 ____D () C:\AdwCleaner 2014-07-07 10:11 - 2014-07-07 10:11 - 01346519 _____ () C:\Users\###\Downloads\adwcleaner_3.214.exe 2014-07-07 10:05 - 2014-07-07 07:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-07 09:50 - 2014-02-17 11:09 - 01216079 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-07 09:41 - 2014-07-07 07:59 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 09:34 - 2014-05-16 21:58 - 00000000 ____D () C:\WINDOWS\fr 2014-07-07 09:34 - 2014-04-01 19:14 - 00000000 ____D () C:\temp 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-07 07:57 - 2014-07-07 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\###\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-05 21:38 - 2014-07-05 21:38 - 00043048 _____ () C:\Users\###\Downloads\Addition-korr.txt 2014-07-05 21:33 - 2014-07-05 21:33 - 00049154 _____ () C:\Users\###\Downloads\FRSTkorr.txt 2014-07-05 21:14 - 2014-02-17 10:50 - 00000000 ____D () C:\Users\### 2014-07-05 21:07 - 2014-07-05 21:07 - 517430305 _____ () C:\WINDOWS\MEMORY.DMP 2014-07-05 21:07 - 2014-07-05 21:07 - 00288536 _____ () C:\WINDOWS\Minidump\070514-21531-01.dmp 2014-07-05 21:07 - 2014-06-02 16:32 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-05 21:03 - 2014-07-05 21:03 - 00380416 _____ () C:\Users\###\Downloads\4knde644.exe 2014-07-05 21:02 - 2014-07-05 21:01 - 00043065 _____ () C:\Users\###\Downloads\Addition.txt 2014-07-05 20:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-05 20:19 - 2014-02-18 09:25 - 00000000 ____D () C:\Users\###\Documents\_WIN-PC 2014-07-05 20:16 - 2014-07-04 22:08 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-04 22:22 - 2014-07-04 22:07 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:22 - 2014-06-26 22:15 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-04 12:58 - 2013-11-03 09:28 - 00125952 ___SH () C:\Users\###\Desktop\Thumbs.db 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-03 11:10 - 2014-01-03 10:34 - 00000135 _____ () C:\WINDOWS\wininit.ini 2014-07-03 10:52 - 2013-11-03 11:00 - 00000000 ____D () C:\Users\###\AppData\Roaming\vlc 2014-07-03 10:03 - 2014-07-03 10:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:52 - 2014-07-03 09:52 - 00002184 _____ () C:\Users\###\Desktop\ Malwarebytes Anti-Malware - Malware Scanner - CHIP Downloader.lnk 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-07-02 19:35 - 2014-02-25 19:13 - 00000000 ____D () C:\Users\###\Documents\####### 2014-07-01 14:53 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-01 14:53 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-01 14:53 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-01 08:46 - 2013-10-23 13:56 - 00000000 ____D () C:\Users\###\Documents\####### 2014-06-30 16:29 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\###\Documents\___Tests 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\W######4 - Verknüpfung.lnk 2014-06-30 07:29 - 2013-12-25 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\FileAdvisor 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-25 19:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-25 13:51 - 2014-01-27 21:27 - 00000000 ____D () C:\D-EVERYTHINGSEARCH 2014-06-25 13:51 - 2014-01-27 21:25 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_- _1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:54 - 2014-03-30 18:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 12:00 - 2014-06-23 11:40 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-06-23 11:00 - 2013-08-22 16:46 - 00305858 _____ () C:\WINDOWS\setupact.log 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:43 - 2014-06-23 08:37 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_- _Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:23 - 2014-06-21 13:50 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:54 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:33 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2012-11-05 19:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-21 13:31 - 2014-06-21 13:30 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:27 - 2014-06-21 13:26 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:58 - 2014-06-21 07:57 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_- _Palais_Omnisport_Paris_-_Full.flv 2014-06-21 00:20 - 2014-03-22 01:03 - 00000000 ____D () C:\Users\###\AppData\Local\Windows Live 2014-06-21 00:07 - 2014-06-20 23:41 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-18 17:56 - 2013-09-24 18:18 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-18 17:56 - 2013-09-24 18:17 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 18:29 - 2013-09-22 22:02 - 00006234 _____ () C:\WirelessDiagLog.csv 2014-06-16 10:43 - 2014-06-16 10:39 - 00000000 ____D () C:\Users\###\Documents\##- 2014-06-13 22:41 - 2014-06-11 09:08 - 00000000 ____D () C:\Users\###\Documents\###### 2014-06-12 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-12 07:37 - 2013-10-14 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-06-11 21:45 - 2013-09-22 14:37 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-11 21:43 - 2012-11-05 19:14 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 12:25 - 2014-05-02 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-08 21:44 - 2013-12-24 08:55 - 00000000 ____D () C:\Users\###\Documents\#### Files to move or delete: ==================== C:\Users\###\AppData\Roaming\CamLayout.ini C:\Users\###\AppData\Roaming\CamShapes.ini C:\Users\###\AppData\Roaming\CamStudio.Producer.Data.ini Some content of TEMP: ==================== C:\Users\###\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\###\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-07 10:39 ==================== End Of Log ============================ So, ich hoffe, nun geht alles gut - und ich würde mich freuen, wenn Du mir grünes Licht geben könntest (hoffnung, hoffnung) Gruß Kim |
08.07.2014, 06:24 | #6 |
/// the machine /// TB-Ausbilder | Supra Savings im FirefoxESET Online Scanner
Downloade Dir bitte SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ --> Supra Savings im Firefox |
08.07.2014, 17:54 | #7 |
| Supra Savings im Firefox Moin Schrauber, der Download der Signaturen springt immer ab 51% direkt auf 100 und endet mit der Meldung "Unerwarteter Fehler 2002". Ich habe es 4 mal probiert. Hast Du eine Lösung? bis dann Kim ER LÄUFT, nach 10 Versuchn steigerte sich die Download-Menge bis 94% - und voila .... ... und wieder ich ;-)) also erst einmal das ESET-file Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.7587 # api_version=3.0.2 # EOSSerial=9162c2ab909ab94f97f37bbbec9a2c67 # engine=19070 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2014-07-08 12:48:53 # local_time=2014-07-08 02:48:53 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1031 # osver=6.2.9200 NT # compatibility_mode_1='' # compatibility_mode=5893 16776574 100 94 4560205 29705026 0 0 # scanned=321082 # found=129 # cleaned=0 # scan_time=19281 sh=E5A3C100D2D0FD94482783AF2B2FF94CDFC9923F ft=1 fh=a0ddd0619a504a2e vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\FormatFactory\FFModules\Package\BaiDu\hao123inst.exe" sh=E776EFD5C63FC5557E555C280F8839701B9488FC ft=1 fh=2d4cc13ab442d6a0 vn="Variante von Win32/Toolbar.SearchSuite.P evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\Free Screen To Video\Helper.dll" sh=57056BD290F94AE4D6D357BAD744906724BEC681 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\DetectorMentiras.apk" sh=9062DF9A6E7BEEB142CDDEE9ED7340BE573D0EA2 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\Frauenfernbedienung.apk" sh=9062DF9A6E7BEEB142CDDEE9ED7340BE573D0EA2 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\Frauenfernbedienung_1.3.apk" sh=15CB79C631CE41CCE6F12D2188771A11E85FE3A2 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\Kundalini Yoga NEW_1.03.apk" sh=D53CBCBD701A88B9705EBD96239301D5543A3F9E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\Kundalini Yoga_1.0.apk" sh=B61E9476316B2E182183095F55E148A467321E21 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\kundalin_1.0.apk" sh=9D3242D58C816A30F02670DDFFCD137B293C0641 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\Love Calculator Deluxe.apk" sh=2922F7832BF6DD23644E35C3E74790813B38EA8F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\_installieren\AdBlock Plus Installations Anleitung.apk" sh=2922F7832BF6DD23644E35C3E74790813B38EA8F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\_nochmLlleaufeinmal\AdBlock Plus Installations Anleitung_2.3.apk" sh=57056BD290F94AE4D6D357BAD744906724BEC681 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\_nochmLlleaufeinmal\DetectorMentiras_8.0.apk" sh=9062DF9A6E7BEEB142CDDEE9ED7340BE573D0EA2 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\_nochmLlleaufeinmal\Frauenfernbedienung_1.3.apk" sh=9D3242D58C816A30F02670DDFFCD137B293C0641 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\samsung\Kies3\backup\GT-I9505\GT-I9505_\GT-I9505_20140621141150\Others\Download\_nochmLlleaufeinmal\Love Calculator Deluxe_1.0.apk" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\###ar____\A####X\Download\SuperOneClickv2.2-ShortFuse-1.zip" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_###___\##X\Download\SuperOneClickv2.2-ShortFuse.zip" sh=C01D6DC7001C1D502D70E39C23B025D52E60F522 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\####r____\#X\droidbackupdir\1354109582870\NoteMaster 2.5.apk" sh=AA87536D5936D1B0D2F10DEE576846097AFA1F88 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\#____\A###\droidbackupdir\1354109582870\WiFi Mouse 7.9.apk" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\mnt\extSdCard\Download\SuperOneClickv2.2-ShortFuse-1.zip" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\mnt\extSdCard\Download\SuperOneClickv2.2-ShortFuse.zip" sh=C01D6DC7001C1D502D70E39C23B025D52E60F522 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\mnt\extSdCard\droidbackupdir\1354109582870\NoteMaster 2.5.apk" sh=AA87536D5936D1B0D2F10DEE576846097AFA1F88 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\mnt\extSdCard\droidbackupdir\1354109582870\WiFi Mouse 7.9.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.bestappsforphone.projectmanagementcoursestrainingsteps3-1\pkg.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.mp3.mp3pro-1\pkg.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.PaoloOast.HowToPlaySaxophone-1\pkg.apk" sh=A0C570E5B72B8FE43BD9142D0BE2A61BED44FE6D ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.reviveapps.translator.all3-1\pkg.apk" sh=469F144AC1931082EBA816385FE0F67D69A4F2A5 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.reviveapps.translator.all4-1\pkg.apk" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.stoik.lnscan_free-1\pkg.apk" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\phone\mnt\asec\com.tenorsaxmp.android-1\pkg.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\alps SP-140 [355685022868912]\Cache\sdcard\appmonster2\backup\com.bestappsforphone.projectmanagementcoursestrainingsteps3\rev\2.apk" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\mnt\extSdCard\Download\SuperOneClickv2.2-ShortFuse-1.zip" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\mnt\extSdCard\Download\SuperOneClickv2.2-ShortFuse.zip" sh=C01D6DC7001C1D502D70E39C23B025D52E60F522 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\mnt\extSdCard\droidbackupdir\1354109582870\NoteMaster 2.5.apk" sh=AA87536D5936D1B0D2F10DEE576846097AFA1F88 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\mnt\extSdCard\droidbackupdir\1354109582870\WiFi Mouse 7.9.apk" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\storage\extSdCard\Download\SuperOneClickv2.2-ShortFuse-1.zip" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\storage\extSdCard\Download\SuperOneClickv2.2-ShortFuse.zip" sh=C01D6DC7001C1D502D70E39C23B025D52E60F522 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\storage\extSdCard\droidbackupdir\1354109582870\NoteMaster 2.5.apk" sh=AA87536D5936D1B0D2F10DEE576846097AFA1F88 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\MyPhoneExplorer\samsung GT-I9505 [358904058406852]\Cache\phone\storage\extSdCard\droidbackupdir\1354109582870\WiFi Mouse 7.9.apk" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\storage\extSdCard\Download\SuperOneClickv2.2-ShortFuse-1.zip" sh=62C7EB02B5D9515B82087390D4F55F5BC9204E73 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\storage\extSdCard\Download\SuperOneClickv2.2-ShortFuse.zip" sh=C01D6DC7001C1D502D70E39C23B025D52E60F522 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\storage\extSdCard\droidbackupdir\1354109582870\NoteMaster 2.5.apk" sh=AA87536D5936D1B0D2F10DEE576846097AFA1F88 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\storage\extSdCard\droidbackupdir\1354109582870\WiFi Mouse 7.9.apk" sh=2922F7832BF6DD23644E35C3E74790813B38EA8F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\AdBlock Plus Installations Anleitung.apk" sh=57056BD290F94AE4D6D357BAD744906724BEC681 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\DetectorMentiras.apk" sh=9062DF9A6E7BEEB142CDDEE9ED7340BE573D0EA2 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\Frauenfernbedienung.apk" sh=9D3242D58C816A30F02670DDFFCD137B293C0641 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\Love Calculator Deluxe.apk" sh=2922F7832BF6DD23644E35C3E74790813B38EA8F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\_nochmLlleaufeinmal\AdBlock Plus Installations Anleitung_2.3.apk" sh=57056BD290F94AE4D6D357BAD744906724BEC681 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\_nochmLlleaufeinmal\DetectorMentiras_8.0.apk" sh=9062DF9A6E7BEEB142CDDEE9ED7340BE573D0EA2 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\_nochmLlleaufeinmal\Frauenfernbedienung_1.3.apk" sh=9D3242D58C816A30F02670DDFFCD137B293C0641 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYback\_alleAnwendungen\_nochmLlleaufeinmal\r Deluxe_1.0.apk" sh=9062DF9A6E7BEEB142CDDEE9ED7340BE573D0EA2 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYbackKundalinimix\Frauenfernbedienung_1.3.apk" sh=15CB79C631CE41CCE6F12D2188771A11E85FE3A2 ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYbackKundalinimix\Kundalini Yoga NEW_1.03.apk" sh=D53CBCBD701A88B9705EBD96239301D5543A3F9E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYbackKundalinimix\Kundalini Yoga_1.0.apk" sh=B61E9476316B2E182183095F55E148A467321E21 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-GALAXYbackKundalinimix\kundalin_1.0.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\Android MP3 Pro_6.0.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\How To Play Saxophone_2.2.apk" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\Lectures Scanner Free_1.1.0.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\Project Management Courses Pro_2.apk" sh=A0C570E5B72B8FE43BD9142D0BE2A61BED44FE6D ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\Talking Translator - 2rd version_1.8.apk" sh=469F144AC1931082EBA816385FE0F67D69A4F2A5 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\Talking Translator-Blue Theme_1.70.apk" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140back\Tenor Sax MP_1.1.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Speicherkarte\appmonster2\backup\com.bestappsforphone.projectmanagementcoursestrainingsteps3\rev\2.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.bestappsforphone.projectmanagementcoursestrainingsteps3-1\pkg.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.mp3.mp3pro-1\pkg.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.PaoloOast.HowToPlaySaxophone-1\pkg.apk" sh=A0C570E5B72B8FE43BD9142D0BE2A61BED44FE6D ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.reviveapps.translator.all3-1\pkg.apk" sh=469F144AC1931082EBA816385FE0F67D69A4F2A5 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.reviveapps.translator.all4-1\pkg.apk" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.stoik.lnscan_free-1\pkg.apk" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien\Systemspeicher\mnt\asec\com.tenorsaxmp.android-1\pkg.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.bestappsforphone.projectmanagementcoursestrainingsteps3-1\pkg.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.mp3.mp3pro-1\pkg.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.PaoloOast.HowToPlaySaxophone-1\pkg.apk" sh=A0C570E5B72B8FE43BD9142D0BE2A61BED44FE6D ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.reviveapps.translator.all3-1\pkg.apk" sh=469F144AC1931082EBA816385FE0F67D69A4F2A5 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.reviveapps.translator.all4-1\pkg.apk" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.stoik.lnscan_free-1\pkg.apk" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien2\Systemspeicher\mnt\asec\com.tenorsaxmp.android-1\pkg.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Speicherkarte\appmonster2\backup\com.bestappsforphone.projectmanagementcoursestrainingsteps3\rev\2.apk" sh=3E6ADC000FA4C0BBF5E5AFDC2904F8F7D65B92CE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.RevMob.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.bestappsforphone.projectmanagementcoursestrainingsteps3-1\pkg.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.mp3.mp3pro-1\pkg.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.PaoloOast.HowToPlaySaxophone-1\pkg.apk" sh=A0C570E5B72B8FE43BD9142D0BE2A61BED44FE6D ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.J evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.reviveapps.translator.all3-1\pkg.apk" sh=469F144AC1931082EBA816385FE0F67D69A4F2A5 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.reviveapps.translator.all4-1\pkg.apk" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.stoik.lnscan_free-1\pkg.apk" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\###\Documents\_MyPhoneExpl-SP140dateien3\Systemspeicher\mnt\asec\com.tenorsaxmp.android-1\pkg.apk" sh=31048732171730E332CF83C59A1E9C8F87FE9D9B ft=1 fh=69d728c96126b483 vn="Win32/Toolbar.Conduit evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\ashampoo_photo_optimizer_4_4.0.3_12123.exe" sh=711F45D1BE06209A95606D7F176AB5438CF99E48 ft=1 fh=800047b729412605 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\bvasetup-Downloader.exe" sh=4721E50B2F43A75EC5CEA290A4E2D5CB922055C0 ft=1 fh=80abae93db0e6516 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\DaminionSetup-01-Downloader.exe" sh=19EF385CBC9D7FB4DEAD3510691E7966A0C123F5 ft=1 fh=88e1f55ddb0e6516 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\dbSThumb5Setup-Downloader.exe" sh=3AD341693C85B5C4D4003D80A107E1BD38EE9D1E ft=1 fh=42c5a3c829412605 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\defaultaspx-Downloader.exe" sh=9F5922424C4E6D114F26978CB09D5B4DD1E856CF ft=1 fh=563f50792626ef96 vn="Variante von Win32/Hao123.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\FFSetup3.3.3.0.exe" sh=50E112812573A31FE043C9813099705698BBCA5F ft=1 fh=7487981a60e34864 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\getpfind-Downloader.exe" sh=C9D104B7FD3806C658C774155E40CD7A844692CA ft=1 fh=7b1c5982db0e6516 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\JPhotoTagger-setup-Downloader.exe" sh=D61F8013A949CC6219B691FD0FC513F9968A33FD ft=1 fh=3b7ff362cfab4f82 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\LightZone-Installer-4.0.0-Downloader.exe" sh=9DF97B417C53958902D1876867B1B5233E107868 ft=1 fh=b6fea5969f17fc17 vn="Win32/Somoto.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\m4a-to-mp3-converter.exe" sh=CBBD2B5EA101E3EEFB60DBB3B13FFB1D2AAB84F5 ft=1 fh=8334592d4f2b518c vn="Variante von Win32/DownloadSponsor.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe" sh=EAE2784C9115FE9CFA44A116B74E72C1BCCFA7F6 ft=1 fh=2e79e77116fe19c4 vn="Win32/DownWare.L evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\MyPhoneExplorer_Setup_1.8.5.exe" sh=2A84729B74A521D8B149DA3566148849D2C3D367 ft=1 fh=c822ce9dc2448ea4 vn="Variante von MSIL/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\###\Downloads\zps15_de_free-Downloader.exe" sh=80466BABFA2CC67DC970D6DD9F21A429CA7D7F5D ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.altosaxmp.android\rev\2.apk.44979.gzquar" sh=DE66EA8D2BAB9989AD1D1035CCA6C9DD5E3C5315 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.androidlab.gpsfix\rev\130317.apk" sh=0E2B481AB8E8E97E3CE262FDDD8C12247960D83E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.androidlab.gpsfix\rev\130330.apk" sh=A578FADB243EF8E2A546C722352289D716D6F73F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.aniXification.copypaste\rev\10.apk" sh=2058DA4D5093A9CCAE4DC51B846AE4A8195B303C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.caynax.widget.battery.dashboard\rev\40001.apk" sh=EAE5FD42A8C90A83729F50FE0B3DFF85BE8A2439 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.gokhanyavas\rev\10.apk.61420.gzquar" sh=EB9F5BBDB85D11FFE103C46610FF805F4BF48DCD ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.GreatDBB4\rev\1.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.mp3.mp3pro\rev\600.apk" sh=DF634897414A46EB5E0F982AD4EDDA59CF1250D6 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Android/AdDisplay.Youmi.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.outfit7.talkingben\rev\8.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.PaoloOast.HowToPlaySaxophone\rev\2.apk.76233.gzquar" sh=1319B6088A7799CE6DD8A7BA4DC314477A4378A9 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.saxophonereeds.android\rev\3.apk.61379.gzquar" sh=049234C6F6ED3406462AAEBEC2A51160E7AF0EA3 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.smartdroid.solutions.task_finder\rev\14.apk" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.stoik.lnscan_free\rev\10.apk" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.tenorsaxmp.android\rev\2.apk.158924.gzquar" sh=45B56F41B715C3AE8CFD640914962AD811818AA0 ft=0 fh=0000000000000000 vn="Android/Gappusin.A Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.utooo.android.compass\rev\10004.apk" sh=8A7AE768D17762CE5913C1523E39C9DD14224564 ft=0 fh=0000000000000000 vn="Variante von Android/Domob.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.xuecs.AudioRecorder\rev\38.apk" sh=E1464607BB0BAE82A4765C184636F82AB9DB0962 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\com.y_y_full.photo_dailer\rev\32.apk" sh=29DF70EABC2807F186EFC4529217D3D110F9C5E3 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\jp.somethinggoodsoft.easyvoicenotepad\rev\11.apk" sh=0FE5F902516C67CA6FDBBE268B233422D7829E56 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.Cauly.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\net.sonien.calendo\rev\17.apk" sh=D37EE454E5B0537CE5D43BFB73121EC54A40F40C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\backup\pl.thalion.mobile.battery\rev\20.apk" sh=BD69A52D80805166692A7BE23A077DA040C0291F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Android MP3 Pro 6.0.apk" sh=D37EE454E5B0537CE5D43BFB73121EC54A40F40C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Battery Disc 2.2.2 - Re.apk" sh=2058DA4D5093A9CCAE4DC51B846AE4A8195B303C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.B evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Caynax Dashboard Battery Widget 4.0.1.apk" sh=A578FADB243EF8E2A546C722352289D716D6F73F ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Copy Paste 2.0.1.apk" sh=6292FFEAD670C6E7C08AAA21ED05858B89F0DAE2 ft=0 fh=0000000000000000 vn="möglicherweise Variante von Android/AdDisplay.SKplanet.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Cymera 1.3.8.apk" sh=45B56F41B715C3AE8CFD640914962AD811818AA0 ft=0 fh=0000000000000000 vn="Android/Gappusin.A Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\GPS Compass 1.0.4.apk" sh=0E2B481AB8E8E97E3CE262FDDD8C12247960D83E ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\GpsFix 1.18.2.apk" sh=25FA768DB7BF88430E413CBEE38BA7005AC2322C ft=0 fh=0000000000000000 vn="Variante von Android/Leadbolt.E evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\how to play saxophone 2.2.apk.60060.gzquar" sh=5C5B0DE8A3B98263F2658C29F3AFD6BE00491DCE ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Lectures Scanner Free 1.1.0.apk" sh=E1464607BB0BAE82A4765C184636F82AB9DB0962 ft=0 fh=0000000000000000 vn="Variante von Android/AdDisplay.AirPush.K evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\Photo Dialer 3.2.apk" sh=EAE5FD42A8C90A83729F50FE0B3DFF85BE8A2439 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\sprechen schreiben 3.3.2.apk.61413.gzquar" sh=ED9D62B11145ECB1285A326F8262ABCB5912D992 ft=0 fh=0000000000000000 vn="Variante von Android/Plankton.I Trojaner" ac=I fn="C:\Users\Public\Roaming\###\appmonster2\old_style_backup\tenor sax mp 1.1.apk.62109.gzquar" (ich habe win8) Code:
ATTFilter UNSUPPORTED OPERATING SYSTEM! ABORTED! und dann wieder ein FRST.txt FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-07-2014 01 Ran by ### (administrator) on ### on 08-07-2014 15:39:09 Running from C:\Users\###\Downloads Platform: Windows 8.1 (X64) OS Language: Deutsch (Deutschland) Internet Explorer Version 11 Boot Mode: Normal ==================== Processes (Whitelisted) ================= (Microsoft Corporation) C:\Windows\System32\wlanext.exe (Cisco Systems, Inc.) C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe (Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe (Microsoft Corporation) C:\Windows\System32\dasHost.exe (Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe (Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe () C:\Program Files\CyberLink\Shared files\RichVideo64.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe (Intel Corporation) C:\Windows\System32\hkcmd.exe (Intel Corporation) C:\Windows\System32\igfxsrvc.exe (Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe (Intel Corporation) C:\Windows\System32\igfxpers.exe (Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Wistron) C:\Program Files (x86)\Launch Manager\HotkeyApp.exe (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\OSD.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WButton.exe (Wistron Corp.) C:\Program Files (x86)\Launch Manager\WisLMSvc.exe (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe (Thermaltake) C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe () C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Reader.exe () C:\Users\###\Downloads\SecurityCheck.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12921488 2012-07-02] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor) HKLM\...\Run: [IntelMyWiFiDashboard] => C:\Program Files\Intel\CCDashboard\bin\CCDashServer.exe [5010224 2012-07-13] (Intel® Corporation) HKLM\...\Run: [BTMTrayAgent] => C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll [11554688 2012-08-08] (Motorola Solutions, Inc.) HKLM\...\Run: [CanonSolutionMenu] => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-16] (Synaptics Incorporated) HKLM-x32\...\Run: [HotkeyApp] => C:\Program Files (x86)\Launch Manager\HotkeyApp.exe [320824 2012-08-16] (Wistron) HKLM-x32\...\Run: [LMgrVolOSD] => C:\Program Files (x86)\Launch Manager\OSD.exe [348960 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [Wbutton] => C:\Program Files (x86)\Launch Manager\Wbutton.exe [388408 2012-08-13] (Wistron Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-20] (CyberLink Corp.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.) HKLM-x32\...\Run: [YouCam Service] => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [258576 2012-07-30] (CyberLink Corp.) HKLM-x32\...\Run: [Tt eSPORTS BLACK Gaming Mouse] => C:\Program Files (x86)\Mouse Tt eSPORTS BLACK\BlackMonitor.exe [105864 2012-08-10] (Thermaltake) HKLM-x32\...\Run: [AVMFBoxMonitor] => C:\Program Files (x86)\FRITZ!Box Monitor\FRITZBoxMonitor.exe [1503232 2009-07-06] (AVM Berlin) HKLM-x32\...\Run: [DNS7reminder] => C:\Program Files (x86)\Nuance\NaturallySpeaking11\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.) HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [450560 2014-04-03] (DivX, LLC) HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] () HKLM-x32\...\Run: [KeePass 2 PreLoad] => C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe [2092032 2014-02-03] (Dominik Reichl) HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.) HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime Lite\QTTask.exe [421888 2014-01-17] (Apple Inc.) HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.) Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation) Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X] HKLM\...\Policies\Explorer: [ConfirmFileDelete] 1 HKU\S-1-5-21-3410272128-3850883635-1020607561-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\vpngui.exe.lnk ShortcutTarget: vpngui.exe.lnk -> C:\Windows\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A851.exe () BootExecute: autocheck autochk * sdnclean64.exe GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1004\User: Group Policy restriction detected <======= ATTENTION GroupPolicyUsers\S-1-5-21-3410272128-3850883635-1020607561-1001\User: Group Policy restriction detected <======= ATTENTION ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank SearchScopes: HKLM-x32 - DefaultScope value is missing. SearchScopes: HKCU - {9B62A7FA-C373-4BF4-BCA6-12C03F49BB1A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 FireFox: ======== FF ProfilePath: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default FF Homepage: leer FF NetworkProxy: "type", 0 FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll () FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x64.dll (Tracker Software Products (Canada) Ltd.) FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin: @videolan.org/vlc,version=2.1.4 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll () FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC) FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/VirtualEarth3D,version=4.0 - C:\Program Files (x86)\Virtual Earth 3D\ () FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.) FF Plugin-x32: @tracker-software.com/PDF-XChange Editor Plugin,version=1.0,application/pdf - C:\Program Files\Tracker Software\PDF Editor\npPDFXEditPlugin.x86.dll (Tracker Software Products (Canada) Ltd.) FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf - C:\Program Files\PDF-ExchangeViewer\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPSibelius.dll () FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\PDFNetC.dll (PDFTron Systems Inc.) FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ScorchPDFWrapper.dll () FF SearchPlugin: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\duckduckgo.xml FF SearchPlugin: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\googlemaps.xml FF SearchPlugin: C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\searchplugins\ixquick-https.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml FF Extension: No Name - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\staged [2014-07-08] FF Extension: YouTube Unblocker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\youtubeunblocker@unblocker.yt [2014-01-23] FF Extension: Flashblock - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a} [2013-09-23] FF Extension: DownloadHelper - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26] FF Extension: AutoGroup - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\akimkin_denis@mail.ru.xpi [2014-04-21] FF Extension: FlashStopper - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\flashstopper@byo.co.il.xpi [2014-04-21] FF Extension: Image and Flash Blocker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\imgflashblocker@shimon.chohen.xpi [2013-09-23] FF Extension: media menu - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid0-X4tVYTsgT60azyHVye1faT8MjIA@jetpack.xpi [2014-04-21] FF Extension: YouTube Control Center - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\jid1-CikLKKPVkw6ipw@jetpack.xpi [2014-04-21] FF Extension: Media Sniffer - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\MediaSniffer@hiyoko.info.xpi [2014-04-21] FF Extension: betterFox - Make your browsing experience 15% faster. - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\multirevenue@googlemail.com.xpi [2014-04-21] FF Extension: SmartVideo For YouTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\mytube@ashishmishra.in.xpi [2014-04-21] FF Extension: Niederschlagsradar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\niederschlagsradar@sensiva.net.xpi [2014-06-10] FF Extension: S3.Download Statusbar - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\s3download@statusbar.xpi [2014-02-13] FF Extension: Search Tab - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\searchtab@pratikpoddar.xpi [2013-12-13] FF Extension: Secure Login - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\secureLogin@blueimp.net.xpi [2013-09-21] FF Extension: StopTube - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\stoptube@kashiif.com.xpi [2013-09-23] FF Extension: SuperStop - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\superstop@gavinsharp.com.xpi [2013-09-23] FF Extension: Todoist - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\support@todoist.com.xpi [2013-10-15] FF Extension: Session Manager - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2013-09-21] FF Extension: ScrapBook - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{53A03D43-5363-4669-8190-99061B2DEBA5}.xpi [2014-01-04] FF Extension: Web Marker - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{5755466A-DB04-11DA-A2DD-0E545D5EE2F7}.xpi [2014-03-09] FF Extension: NoScript - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-04-21] FF Extension: Flash Block - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{95ab36d4-fb6f-47b0-8b8d-e5f3bd547953}.xpi [2013-09-23] FF Extension: Adblock Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-21] FF Extension: Tab Mix Plus - C:\Users\###\AppData\Roaming\Mozilla\Firefox\Profiles\ewe9a0lr.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2013-12-26] ==================== Services (Whitelisted) ================= R2 CVPND; C:\Program Files (x86)\Cisco SystemsVPN Client\cvpnd.exe [1528616 2010-03-23] (Cisco Systems, Inc.) R2 CyberLink PowerDVD 10 MS Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe [70952 2011-04-13] (CyberLink) R2 CyberLink PowerDVD 10 MS Service; C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe [312616 2011-04-13] (CyberLink) R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-07-18] () R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [386344 2010-08-19] () R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.) R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.) R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.) S3 TipCtrl; C:\Program Files (x86)\uTIPu\TipCtrl.exe [314504 2009-02-03] (Utipu inc.) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) R3 WisLMSvc; C:\Program Files (x86)\Launch Manager\WisLMSvc.exe [118560 2012-08-13] (Wistron Corp.) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2699568 2012-07-18] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== S3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] () U3 dtscsidrv; C:\Windows\System32\Drivers\dtscsidrv.sys [309248 2014-03-20] (Disc Soft Ltd) R2 easycvfs; C:\WINDOWS\system32\drivers\easycvfs.sys [110472 2010-07-29] () [File not signed] R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-09-04] (Intel Corporation) S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-16] (Synaptics Incorporated) R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-16] (Synaptics Incorporated) S4 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-20] (Duplex Secure Ltd.) S3 synusb64; C:\Windows\System32\drivers\synusb64.sys [30352 2010-09-17] (Steinberg Media Technologies GmbH) R1 ui11rdr; C:\Windows\System32\DRIVERS\ui11rdr.sys [199752 2011-11-21] (1&1 Internet AG) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation) S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider) S2 sbapifs; system32\DRIVERS\sbapifs.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-07-08 15:35 - 2014-07-08 15:35 - 00854390 _____ () C:\Users\###\Downloads\SecurityCheck(1).exe 2014-07-08 15:11 - 2014-07-08 15:11 - 00854390 _____ () C:\Users\###\Downloads\SecurityCheck.exe 2014-07-08 08:22 - 2014-07-08 08:22 - 02347384 _____ (ESET) C:\Users\###\Downloads\esetsmartinstaller_deu.exe 2014-07-07 13:41 - 2014-07-07 13:41 - 00052050 _____ () C:\Users\###\Downloads\FRST2korr.txt 2014-07-07 12:08 - 2014-07-07 12:08 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-07 12:07 - 2014-07-07 12:07 - 01016261 _____ (Thisisu) C:\Users\###\Downloads\JRT.exe 2014-07-07 10:13 - 2014-07-07 13:13 - 00000000 ____D () C:\AdwCleaner 2014-07-07 10:11 - 2014-07-07 10:11 - 01346519 _____ () C:\Users\###\Downloads\adwcleaner_3.214.exe 2014-07-07 07:59 - 2014-07-07 09:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 07:58 - 2014-07-07 10:05 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-07 07:58 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2014-07-07 07:58 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys 2014-07-07 07:58 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys 2014-07-07 07:56 - 2014-07-07 07:57 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\###\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-05 21:38 - 2014-07-05 21:38 - 00043048 _____ () C:\Users\###\Downloads\Addition-korr.txt 2014-07-05 21:33 - 2014-07-05 21:33 - 00049154 _____ () C:\Users\###\Downloads\FRSTkorr.txt 2014-07-05 21:07 - 2014-07-05 21:07 - 517430305 _____ () C:\WINDOWS\MEMORY.DMP 2014-07-05 21:07 - 2014-07-05 21:07 - 00288536 _____ () C:\WINDOWS\Minidump\070514-21531-01.dmp 2014-07-05 21:03 - 2014-07-05 21:03 - 00380416 _____ () C:\Users\###\Downloads\4knde644.exe 2014-07-05 21:01 - 2014-07-05 21:02 - 00043065 _____ () C:\Users\###\Downloads\Addition.txt 2014-07-05 20:59 - 2014-07-08 15:39 - 00021540 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-05 20:59 - 2014-07-08 15:39 - 00000000 ____D () C:\FRST 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-04 22:08 - 2014-07-05 20:16 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-04 22:07 - 2014-07-04 22:22 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe 2014-07-03 10:56 - 2014-06-06 11:33 - 00000824 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.20140703-105625.backup 2014-07-03 10:02 - 2014-07-03 10:03 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\WIN7 - EA2014 - Verknüpfung.lnk 2014-06-26 22:15 - 2014-07-04 22:22 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_-_1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:40 - 2014-06-23 12:00 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:37 - 2014-06-23 08:43 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_-_Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:24 - 2014-03-19 03:27 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys 2014-06-21 14:24 - 2014-03-19 03:27 - 00109056 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys 2014-06-21 13:50 - 2014-06-21 14:23 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:32 - 2014-06-21 13:54 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:32 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2014-05-07 17:42 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll 2014-06-21 13:30 - 2014-06-21 13:31 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:26 - 2014-06-21 13:27 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:57 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_-_Palais_Omnisport_Paris_-_Full.flv 2014-06-20 23:41 - 2014-06-21 00:07 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-16 10:39 - 2014-06-16 10:43 - 00000000 ____D () C:\Users\###\Documents\_Gedä KreKo Kreativit- 2014-06-11 21:05 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2014-06-11 21:05 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2014-06-11 21:05 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2014-06-11 21:05 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2014-06-11 21:05 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll 2014-06-11 21:05 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2014-06-11 21:05 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2014-06-11 21:05 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll 2014-06-11 21:05 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2014-06-11 21:05 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2014-06-11 21:05 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2014-06-11 21:05 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2014-06-11 21:05 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2014-06-11 21:05 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2014-06-11 21:05 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2014-06-11 21:05 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2014-06-11 21:05 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2014-06-11 21:04 - 2014-05-10 05:46 - 02151424 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2014-06-11 21:04 - 2014-05-10 05:22 - 01312256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2014-06-11 21:04 - 2014-05-03 09:14 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe 2014-06-11 21:04 - 2014-05-03 06:21 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 06:07 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2014-06-11 21:04 - 2014-05-03 05:41 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll 2014-06-11 21:04 - 2014-05-03 05:38 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll 2014-06-11 21:04 - 2014-04-03 09:59 - 02518872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2014-06-11 21:04 - 2014-04-03 09:59 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 21:03 - 2014-05-19 08:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe 2014-06-11 21:03 - 2014-05-19 08:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe 2014-06-11 21:03 - 2014-05-19 07:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe 2014-06-11 21:03 - 2014-05-09 01:06 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys 2014-06-11 21:03 - 2014-05-05 06:02 - 03360256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2014-06-11 21:03 - 2014-05-01 15:31 - 03048904 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe 2014-06-11 21:03 - 2014-05-01 15:31 - 00055328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys 2014-06-11 21:03 - 2014-05-01 09:14 - 03118080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wpc.dll 2014-06-11 21:03 - 2014-05-01 09:05 - 02861056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebSync.dll 2014-06-11 21:03 - 2014-05-01 08:51 - 02344448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wpc.dll 2014-06-11 21:03 - 2014-05-01 07:24 - 02834944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll 2014-06-11 21:03 - 2014-04-30 13:16 - 01336648 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2014-06-11 21:03 - 2014-04-30 06:43 - 01975296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2014-06-11 21:03 - 2014-04-30 06:26 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2014-06-11 21:03 - 2014-04-30 05:51 - 01064448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2014-06-11 21:03 - 2014-04-30 05:47 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 09:08 - 2014-06-13 22:41 - 00000000 ____D () C:\Users\###\Documents\####r ==================== One Month Modified Files and Folders ======= 2014-07-08 15:39 - 2014-07-05 20:59 - 00021540 _____ () C:\Users\###\Downloads\FRST.txt 2014-07-08 15:39 - 2014-07-05 20:59 - 00000000 ____D () C:\FRST 2014-07-08 15:35 - 2014-07-08 15:35 - 00854390 _____ () C:\Users\###\Downloads\SecurityCheck(1).exe 2014-07-08 15:11 - 2014-07-08 15:11 - 00854390 _____ () C:\Users\###\Downloads\SecurityCheck.exe 2014-07-08 15:07 - 2014-02-18 09:25 - 00000000 ____D () C:\Users\###\Documents\#### 2014-07-08 15:03 - 2013-12-20 08:45 - 00000884 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2014-07-08 15:01 - 2013-09-24 18:18 - 00001118 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2014-07-08 15:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru 2014-07-08 09:14 - 2014-02-17 11:09 - 01323383 _____ () C:\WINDOWS\WindowsUpdate.log 2014-07-08 08:22 - 2014-07-08 08:22 - 02347384 _____ (ESET) C:\Users\###\Downloads\esetsmartinstaller_deu.exe 2014-07-08 08:22 - 2013-11-14 09:27 - 01780340 _____ () C:\WINDOWS\system32\PerfStringBackup.INI 2014-07-08 08:22 - 2013-11-14 09:11 - 00766620 _____ () C:\WINDOWS\system32\perfh007.dat 2014-07-08 08:22 - 2013-11-14 09:11 - 00159902 _____ () C:\WINDOWS\system32\perfc007.dat 2014-07-08 08:21 - 2013-08-22 16:46 - 00306655 _____ () C:\WINDOWS\setupact.log 2014-07-07 13:41 - 2014-07-07 13:41 - 00052050 _____ () C:\Users\###\Downloads\FRST2korr.txt 2014-07-07 13:13 - 2014-07-07 10:13 - 00000000 ____D () C:\AdwCleaner 2014-07-07 12:25 - 2013-09-21 14:40 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3410272128-3850883635-1020607561-1001 2014-07-07 12:08 - 2014-07-07 12:08 - 00000000 ____D () C:\WINDOWS\ERUNT 2014-07-07 12:07 - 2014-07-07 12:07 - 01016261 _____ (Thisisu) C:\Users\###\Downloads\JRT.exe 2014-07-07 11:07 - 2013-09-24 18:17 - 00001114 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2014-07-07 11:07 - 2013-09-21 14:35 - 00000000 ____D () C:\Users\###\Documents\Youcam 2014-07-07 11:05 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT 2014-07-07 10:16 - 2013-11-14 00:18 - 00012014 _____ () C:\WINDOWS\PFRO.log 2014-07-07 10:11 - 2014-07-07 10:11 - 01346519 _____ () C:\Users\###\Downloads\adwcleaner_3.214.exe 2014-07-07 10:05 - 2014-07-07 07:58 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware 2014-07-07 09:41 - 2014-07-07 07:59 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2014-07-07 09:35 - 2014-05-16 21:58 - 00000000 ____D () C:\WINDOWS\fr 2014-07-07 09:34 - 2014-04-01 19:14 - 00000000 ____D () C:\temp 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 2014-07-07 07:58 - 2014-07-07 07:58 - 00000000 ____D () C:\ProgramData\Malwarebytes 2014-07-07 07:57 - 2014-07-07 07:56 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\###\Downloads\mbam-setup-2.0.2.1012.exe 2014-07-05 21:38 - 2014-07-05 21:38 - 00043048 _____ () C:\Users\###\Downloads\Addition-korr.txt 2014-07-05 21:33 - 2014-07-05 21:33 - 00049154 _____ () C:\Users\###\Downloads\FRSTkorr.txt 2014-07-05 21:14 - 2014-02-17 10:50 - 00000000 ____D () C:\Users\### 2014-07-05 21:07 - 2014-07-05 21:07 - 517430305 _____ () C:\WINDOWS\MEMORY.DMP 2014-07-05 21:07 - 2014-07-05 21:07 - 00288536 _____ () C:\WINDOWS\Minidump\070514-21531-01.dmp 2014-07-05 21:07 - 2014-06-02 16:32 - 00000000 ____D () C:\WINDOWS\Minidump 2014-07-05 21:03 - 2014-07-05 21:03 - 00380416 _____ () C:\Users\###\Downloads\4knde644.exe 2014-07-05 21:02 - 2014-07-05 21:01 - 00043065 _____ () C:\Users\###\Downloads\Addition.txt 2014-07-05 20:54 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI 2014-07-05 20:53 - 2014-07-05 20:53 - 00000578 _____ () C:\Users\###\Downloads\defogger_disable.log 2014-07-05 20:53 - 2014-07-05 20:53 - 00000020 _____ () C:\Users\###\defogger_reenable 2014-07-05 20:52 - 2014-07-05 20:52 - 00050477 _____ () C:\Users\###\Downloads\Defogger.exe 2014-07-05 20:45 - 2014-07-05 20:45 - 02084352 _____ (Farbar) C:\Users\###\Downloads\FRST64.exe 2014-07-05 20:16 - 2014-07-04 22:08 - 00000664 _____ () C:\WINDOWS\SysWOW64\Drivers\kgpfr2.cfg 2014-07-04 22:22 - 2014-07-04 22:07 - 00002496 _____ () C:\WINDOWS\system32\Drivers\kgpcpy.cfg 2014-07-04 22:22 - 2014-06-26 22:15 - 00000000 ____D () C:\Program Files (x86)\19A6D51C-2D35-44DB-B412-0B01BF8D2D62 2014-07-04 22:03 - 2014-07-04 22:03 - 00707664 _____ (iS3, Inc.) C:\Users\###\Downloads\SZSetup_AID10121_AV.exe 2014-07-04 12:58 - 2013-11-03 09:28 - 00125952 ___SH () C:\Users\###\Desktop\Thumbs.db 2014-07-03 11:34 - 2014-07-03 11:34 - 00001411 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00001399 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk 2014-07-03 11:34 - 2014-07-03 11:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy 2014-07-03 11:34 - 2014-01-03 10:31 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2 2014-07-03 11:10 - 2014-01-03 10:34 - 00000135 _____ () C:\WINDOWS\wininit.ini 2014-07-03 10:52 - 2013-11-03 11:00 - 00000000 ____D () C:\Users\###\AppData\Roaming\vlc 2014-07-03 10:03 - 2014-07-03 10:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\###\Downloads\spybot-2.4.exe 2014-07-03 09:43 - 2014-07-03 09:43 - 00961360 _____ (Chip Digital GmbH) C:\Users\###\Downloads\Malwarebytes Anti Malware Malware Scanner - CHIP-Installer.exe 2014-07-02 19:35 - 2014-02-25 19:13 - 00000000 ____D () C:\Users\###\Documents\####n 2014-07-01 08:46 - 2013-10-23 13:56 - 00000000 ____D () C:\Users\###\Documents\#### 2014-06-30 16:29 - 2013-11-06 15:32 - 00000000 ____D () C:\Users\###\Documents\___Tests 2014-06-30 16:18 - 2014-06-30 16:18 - 00002302 _____ () C:\Users\###\Desktop\W####- Verknüpfung.lnk 2014-06-30 07:29 - 2013-12-25 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\FileAdvisor 2014-06-26 09:32 - 2014-06-26 09:32 - 00517413 _____ () C:\Users\###\Downloads\quickfolders_tabbed_folders-3.14.1-sm+tb.xpi 2014-06-26 09:32 - 2014-06-26 09:32 - 00097251 _____ () C:\Users\###\Downloads\expression_search_gmailui-0.8.8-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00376218 _____ () C:\Users\###\Downloads\archive_this-1.4.8.0-tb.xpi 2014-06-26 09:31 - 2014-06-26 09:31 - 00204851 _____ () C:\Users\###\Downloads\quickfilters-2.5-sm+tb.xpi 2014-06-26 09:28 - 2014-06-26 09:28 - 00046321 _____ () C:\Users\###\Downloads\totalquickfilter-3.0-tb.xpi 2014-06-26 09:27 - 2014-06-26 09:27 - 00002054 _____ () C:\Users\###\Downloads\filter_of_filters-1.1-tb.xpi 2014-06-25 19:47 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp 2014-06-25 13:51 - 2014-01-27 21:27 - 00000000 ____D () C:\D-EVERYTHINGSEARCH 2014-06-25 13:51 - 2014-01-27 21:25 - 00000000 ____D () C:\Program Files (x86)\Everything 2014-06-23 16:15 - 2014-06-23 16:15 - 00000000 _____ () C:\Users\###\Downloads\IRON_BUTTERFLY_-_IN_A_GADDA_DA_VIDA_-_1968_ORIGINAL_FULL_VERSION_CD_SOUND_3D_VIDEO.flv 2014-06-23 12:54 - 2014-06-23 12:54 - 00003832 _____ () C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1396198660 2014-06-23 12:54 - 2014-03-30 18:57 - 00000000 ____D () C:\Program Files (x86)\Opera 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Users\###\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LinuxLive USB Creator 2014-06-23 12:04 - 2014-06-23 12:04 - 00000000 ____D () C:\Program Files (x86)\LinuxLive USB Creator 2014-06-23 12:00 - 2014-06-23 11:40 - 1010827264 _____ () C:\Users\Public\Documents\ubuntu-14.04-desktop-amd64.iso 2014-06-23 11:52 - 2014-06-23 11:52 - 05001199 _____ (LinuxLive USB Creator) C:\Users\Public\Documents\LinuxLive USB Creator 2.8.29.exe 2014-06-23 11:19 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF 2014-06-23 10:50 - 2014-06-23 10:50 - 05001199 _____ (LinuxLive USB Creator) C:\Users\###\Downloads\LinuxLive USB Creator 2.8.29.exe 2014-06-23 08:43 - 2014-06-23 08:37 - 34251899 _____ () C:\Users\###\Downloads\Led_Zeppelin_-_Whole_Lotta_Love_HD.flv 2014-06-22 20:43 - 2014-06-22 20:43 - 00000000 _____ () C:\Users\###\Downloads\Red_Hot_Chili_Peppers_-_Stadion_Slaski_Chorz_w_Poland_Full_Concert_2007.07.03.flv 2014-06-21 14:24 - 2014-06-21 14:24 - 00000000 ____D () C:\Program Files\SAMSUNG 2014-06-21 14:23 - 2014-06-21 13:50 - 00000000 ____D () C:\ProgramData\Samsung 2014-06-21 13:54 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\samsung 2014-06-21 13:33 - 2014-06-21 13:33 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log 2014-06-21 13:33 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\AppData\Roaming\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00001993 _____ () C:\Users\Public\Desktop\Samsung Kies 3.lnk 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Users\###\Documents\SelfMV 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung 2014-06-21 13:32 - 2014-06-21 13:32 - 00000000 ____D () C:\Program Files (x86)\Samsung 2014-06-21 13:32 - 2012-11-05 19:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information 2014-06-21 13:31 - 2014-06-21 13:30 - 41820464 _____ (Samsung Electronics Co., Ltd.) C:\Users\###\Downloads\Kies3Setup.exe 2014-06-21 13:28 - 2014-06-21 13:28 - 00000000 ____D () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505 2014-06-21 13:27 - 2014-06-21 13:26 - 20536004 _____ () C:\Users\###\Downloads\CF-Auto-Root-jflte-jfltexx-gti9505.zip 2014-06-21 13:26 - 2014-06-21 13:26 - 00467537 _____ () C:\Users\###\Downloads\Odin304.zip 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert-1.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Copenhagen_Denmark_1972_Full_Concert.flv 2014-06-21 07:58 - 2014-06-21 07:58 - 00000000 _____ () C:\Users\###\Downloads\AC_DC_-_Greatest_Hits_2011_Full_Completo.flv 2014-06-21 07:58 - 2014-06-21 07:57 - 00000000 _____ () C:\Users\###\Downloads\Deep_Purple_-_Live_Rockpalast_-_1985_-_Palais_Omnisport_Paris_-_Full.flv 2014-06-21 00:20 - 2014-03-22 01:03 - 00000000 ____D () C:\Users\###\AppData\Local\Windows Live 2014-06-21 00:07 - 2014-06-20 23:41 - 77834736 _____ () C:\Users\###\Downloads\Deep_Purple-Made_In_Japan_1972.flv 2014-06-18 17:56 - 2013-09-24 18:18 - 00004090 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2014-06-18 17:56 - 2013-09-24 18:17 - 00003854 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2014-06-17 18:29 - 2013-09-22 22:02 - 00006234 _____ () C:\WirelessDiagLog.csv 2014-06-16 10:43 - 2014-06-16 10:39 - 00000000 ____D () C:\Users\###\Documents\_G####t- 2014-06-13 22:41 - 2014-06-11 09:08 - 00000000 ____D () C:\Users\###\Documents\_####r 2014-06-12 08:13 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\rescache 2014-06-12 07:37 - 2013-10-14 10:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ___RD () C:\WINDOWS\ToastData 2014-06-12 07:30 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\WinStore 2014-06-11 21:45 - 2013-09-22 14:37 - 00000000 ____D () C:\WINDOWS\system32\MRT 2014-06-11 21:43 - 2012-11-05 19:14 - 95414520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe 2014-06-11 21:03 - 2014-06-11 21:03 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll 2014-06-11 21:03 - 2014-06-11 21:03 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll 2014-06-11 13:02 - 2014-06-11 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2014-06-11 12:25 - 2014-05-02 10:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird 2014-06-08 21:44 - 2013-12-24 08:55 - 00000000 ____D () C:\Users\###\Documents\##### Files to move or delete: ==================== C:\Users\###\AppData\Roaming\CamLayout.ini C:\Users\###\AppData\Roaming\CamShapes.ini C:\Users\###\AppData\Roaming\CamStudio.Producer.Data.ini Some content of TEMP: ==================== C:\Users\###\AppData\Local\Temp\Foxit Reader Updater.exe C:\Users\###\AppData\Local\Temp\Quarantine.exe ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-07-07 12:25 ==================== End Of Log ============================ --- --- --- --- --- --- --- --- --- Soweit das erst einmal. Ich habe jetzt natürlich noch nicht norml am Laptop gearbeitet, weil ich die Test laufen ließ, aber zumindest im Firefox traten diese Supra-Sachen nicht mehr auf. Vielleicht schon mal ein gutes Zeichen. Ich werde aber erst nach dem heutigen Deutschland-Sieg zum Testen kommen :-)))))) Gruß aus dem Regenwald Kim P.S. nach dem Veröffentlichen finde ich immer wieder Buchstabendreher, bitte entschuldige, das kommt vom 2-Finger-Gaaaanz-Schnelltippen.... Hallo Schrauber, Ich habs!! Ich habe einfach eine ältere Version probiert und geht! Also SecurityCheck Code:
ATTFilter Results of screen317's Security Check version 0.99.83 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Defender WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Spybot - Search & Destroy Adobe Flash Player 13.0.0.214 Mozilla Firefox (30.0) Mozilla Thunderbird (24.6.0) ````````Process Check: objlist.exe by Laurent```````` Spybot Teatimer.exe is disabled! `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` Geändert von kimberger (08.07.2014 um 15:17 Uhr) |
09.07.2014, 13:12 | #8 |
/// the machine /// TB-Ausbilder | Supra Savings im Firefox Revo Uninstaller - Download - Filepony damit Firefox deinstallieren, keine Daten behalten, Reste entfernen lassen, neu installieren. Dann: https://support.mozilla.org/de/kb/fi...einfach-loesen Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
12.07.2014, 08:39 | #9 |
| Supra Savings im Firefox Hallo Schrauber, entschuldige die späte Rückmeldung, aber seit dem ersten Punkt, FF deinstallieren, brauche ich immer noch, um meine gesammelten Daten wieder zu restaurieren, denn das von mir benutzte FF-Backup funktionierte wohl nicht :-((( Also da sitze ich jetzt jede frei Minute dran. Zwischenmeldung: Supra Savings scheint weg zu sein, aber das Ladetempo von FF ist immer noch extrem träge, auch ohne plugins. Ich versuche weiter, dann melde ich mich. Bekommst Du dann Nachricht? Gruß Kim |
13.07.2014, 08:11 | #10 |
/// the machine /// TB-Ausbilder | Supra Savings im Firefox ja einfach hier rein schreiben
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
21.07.2014, 08:34 | #11 |
| Supra Savings im Firefox Hallo Schrauber, hmmmm, also Dir erst einmal vielen Dank für Deine Anleitungen! So ist zumindest SupraSaving-Problem weg, aber dann tauchte daüfr irgendeine nervige WebSearch-Sache auf, die mich in Anspruch nahm. Also irgendetwas von Deinen vielen Programmen hat mir geholfen, andere leider wichtige persönliche Einstellungen in diversen Programmen zerstört. Ich habe aber den Überblick verloren, wann das war. Jedenfalls sitze ich hier nun mit anderen komischen Problemen, wie z.B. dass TB keinen Link mehr öffnet (Ja, habe alle Foren durch - nix) oder viele Programme sehr sehr lange zum Start brauchen, Google-Maps sich kaum aufbauen, wichtige Libre-Office-Eingaben fehlen usw usw. http://www.trojaner-board.de/images/.../glaskugel.gif Ich weiß, dass das ein ganz anderer Thread wäre: ich weiß aber kein Stichwort, nachdem ich suchen kann. Könntest Du mir da einen Tipp geben? Dann wäre aber SupraSaving hiermit dankenswerterweise erledigt! Also dafür nochmls vielen Dank! Kim |
21.07.2014, 13:40 | #12 | ||
/// the machine /// TB-Ausbilder | Supra Savings im FirefoxZitat:
Zitat:
Poste mal ein frisches FRST log. In welchem Browser hast Du all diese Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |