| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
27.11.2013, 20:17
| #1 |
| |  Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Liebes Trojaner Team, ich denke mein Computer ist verseucht. Ich hoffe sehr, dass mir jemand auf diesem Wege helfen kann. Folgendes könnten Hinweise auf einen Virusbefall sein: 1. Vor ein paar Tagen (oder mittlerweile Wochen) öffnet sich beim Surfen im Netz des Öfteren ein Pop-Up Fenster. Da ich vor kurzem meinen Werbeblocker für den Webbrowser deaktiviert habe, könnte es damit zu tun haben. Der Inhalt des Fensters: Die Seite mit der Adresse hxxp://exclusiverewards.papperwork.com meldet: Glückwunsch! Sie sind unser glücklicher Besucher heute. Klicken Sie OK, um fortzufahren. Was ich nie getan habe. In der Adresszeile steht: rvrz-a.akamaihd.net/sd/cpops-1.2.0.html?u=http%3A […] qni.netadsopt.com […] (Und mit “[…]” meine ich eine Zahlen-Buchstaben-Prozentzahl-Kolonne, die hier wohl nicht erwähnenswert sein wird.) Seit neuestem gibt es auch neben einzelnen Wörtern (auf ganz verschiedenen Websites) einen kleinen grünen Kreis inkl. Pfeil – als Link zu folgender Seite: clickcompare.info. Das hat mit Plus-HD-2.6 zu tun. Keine Ahnung, was das ist, aber bei den Scans galt Plus-HD als infizierte Datei! 2. Gestern konnte ich über mein GMX-Mailaccount keine Mails mehr versenden. GMX hat das gesperrt, weil vermutet wird, dass unbefugte Dritte Zugriff auf meinen Account hatten und darüber Spam verschickt haben. (Die Sperrung habe ich sicherheitshalber noch nicht aufgehoben). Daraufhin habe ich auf einem anderen Rechner alle wichtigen Passwörter geändert. 3. Mein Bruder ist Informatiker und hat mich beim gestrigen Virenscan begleitet und mir diese Seite empfohlen. Ich habe mein Standardprogramm AntiVir verwendet und zusätzlich Malwarebytes... 4. Bei der Vorbereitung auf diesen Blogg hatte ich ein Problem: Der Virenscanner ließ sich für den GMER-Scan nicht deaktivieren. (Gestern hingegen ging das sehrwohl.) Beim Versuch den Echtzeit-Scanner zu deaktivieren, kam ständig die Fehlermeldung: „Auf das angegebene Gerät, bzw. den Pfad oder die Datei kann nicht zugegriffen werden. Sie verfügen eventuell nicht über ausreichende Berechtigungen, um auf das Element zugreifen zu können.“ Mein Bruder konnte nicht helfen, also deinstallierten wir das Programm und installierten es nach dem GMER-Scan neu. Deswegen ist der Log von gestern leider gelöscht. Gestern wurde Installrex.C als infiziertes Objekt gefunden und in Quarantäne verschoben. Ein heutiger Scan ergab nichts. Die Ergebnisse des Malwarebyte-Programms habe ich mit angefügt. Ein Hinweis noch: Ich habe eine PC- und eine MAC-basierte ext. Festplatte. Beide waren in letzter Zeit sowohl an meinem Rechner als auch an den Laptops anderer angeschlossen. Beim Virenscan waren sie nicht angeschlossen. Vielen Dank schon mal für jegliche Hilfe! Gruß, Lena Hier meine Logs (sowie unten als Download-Möglichkeit): Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:18 on 27/11/2013 (Musicbiggy)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed
Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)
-=E.O.F=-
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013
Ran by Musicbiggy (administrator) on MUSICBIGGY-PC on 27-11-2013 15:31:14
Running from C:\Users\Musicbiggy\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-25] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-16] (VIA)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
Startup: C:\Users\Musicbiggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF4DF793A535ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Plus-HD-2.6 - {11111111-1111-1111-1111-110311341140} - C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho.dll (Plus HD)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default
FF user.js: detected! => C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\user.js
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF SearchEngineOrder.1: Search Results
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF SearchPlugin: C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\searchplugins\Web Search.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Plus-HD-2.6 - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com
FF Extension: Searchqu Toolbar - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
FF Extension: WOT - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: firefox - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: toolbar - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\toolbar@gmx.net.xpi
FF Extension: Adblock Plus - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-25] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-25] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-25] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-07-16] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-27 15:31 - 2013-11-27 15:31 - 00012317 _____ C:\Users\Musicbiggy\Desktop\FRST.txt
2013-11-27 15:31 - 2013-11-27 15:31 - 00000000 ____D C:\FRST
2013-11-27 15:30 - 2013-11-27 15:30 - 01958818 _____ (Farbar) C:\Users\Musicbiggy\Desktop\FRST64.exe
2013-11-27 15:18 - 2013-11-27 15:18 - 00000662 _____ C:\Users\Musicbiggy\Desktop\defogger_disable.log
2013-11-27 15:18 - 2013-11-27 15:18 - 00000188 _____ C:\Users\Musicbiggy\defogger_reenable
2013-11-27 15:17 - 2013-11-27 15:17 - 00050477 _____ C:\Users\Musicbiggy\Desktop\Defogger.exe
2013-11-26 23:25 - 2013-11-26 23:25 - 00289248 _____ C:\Windows\Minidump\112613-15225-01.dmp
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\Windows\Minidump
2013-11-26 22:58 - 2013-11-26 22:58 - 04745728 _____ (AVAST Software) C:\Users\Musicbiggy\Desktop\aswMBR.exe
2013-11-26 22:18 - 2013-11-26 22:18 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 22:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 22:17 - 2013-11-26 22:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Musicbiggy\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-20 20:42 - 2013-11-20 20:42 - 105397131 _____ C:\Windows\SysWOW64\é賃ᵌ™
2013-11-18 08:58 - 2013-11-18 10:29 - 00002058 _____ C:\Users\Musicbiggy\Desktop\Montage.lnk
2013-11-15 21:39 - 2013-11-15 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:11 - 2013-11-15 10:13 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\DVDVideoSoft
2013-11-15 10:11 - 2013-11-15 10:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-15 10:06 - 2013-11-15 10:08 - 83809808 _____ (DVDVideoSoft Ltd. ) C:\Users\Musicbiggy\Downloads\FreeStudio.exe
2013-11-15 09:49 - 2013-11-15 09:49 - 00000104 _____ C:\Users\Public\sdelevURL.tmp
2013-11-13 17:41 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 17:41 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 17:41 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 17:41 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 17:41 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 17:41 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 17:41 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 17:41 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 17:41 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 17:41 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 17:40 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 17:40 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 17:40 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:48 - 2013-11-13 16:48 - 00001527 _____ C:\Users\Musicbiggy\Desktop\Bewerbungen.lnk
2013-11-13 16:39 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:39 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:39 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:39 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:39 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 16:39 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:39 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:39 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:39 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:39 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:39 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:39 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:39 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:39 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:39 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:39 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:39 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:39 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:39 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:39 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:39 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:39 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:39 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:39 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:39 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:39 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:39 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:39 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:39 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:39 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-07 15:13 - 2013-11-27 12:41 - 00000000 ____D C:\Program Files (x86)\Mediafour
2013-11-01 12:27 - 2013-11-01 13:28 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\download.am-data
2013-11-01 12:27 - 2013-11-01 12:41 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-10-28 13:07 - 2013-11-27 15:21 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\FreePDF_XP
2013-10-28 12:42 - 2013-10-28 12:42 - 00000000 ____D C:\Program Files\gs
2013-10-28 11:17 - 2013-10-28 12:47 - 00000000 ____D C:\ProgramData\FreePDF
2013-10-28 11:17 - 2013-10-28 12:47 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-10-28 11:17 - 2010-06-17 20:56 - 00119152 _____ C:\Windows\system32\redmon.hlp
2013-10-28 11:17 - 2010-06-17 20:56 - 00087040 _____ C:\Windows\system32\redmonnt.dll
2013-10-28 11:17 - 2010-06-17 20:56 - 00046080 _____ C:\Windows\system32\unredmon.exe
==================== One Month Modified Files and Folders =======
2013-11-27 15:31 - 2013-11-27 15:31 - 00012317 _____ C:\Users\Musicbiggy\Desktop\FRST.txt
2013-11-27 15:31 - 2013-11-27 15:31 - 00000000 ____D C:\FRST
2013-11-27 15:30 - 2013-11-27 15:30 - 01958818 _____ (Farbar) C:\Users\Musicbiggy\Desktop\FRST64.exe
2013-11-27 15:26 - 2013-05-25 20:56 - 01670243 _____ C:\Windows\WindowsUpdate.log
2013-11-27 15:21 - 2013-10-28 13:07 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\FreePDF_XP
2013-11-27 15:21 - 2013-05-27 16:26 - 00000000 ___RD C:\Users\Musicbiggy\Dropbox
2013-11-27 15:21 - 2013-05-27 16:24 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Dropbox
2013-11-27 15:21 - 2009-07-14 05:51 - 53043958 _____ C:\Windows\setupact.log
2013-11-27 15:20 - 2013-05-28 13:00 - 00001840 _____ C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job
2013-11-27 15:20 - 2013-05-28 13:00 - 00001208 _____ C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job
2013-11-27 15:20 - 2013-05-28 13:00 - 00001204 _____ C:\Windows\Tasks\Plus-HD-2.6-updater.job
2013-11-27 15:20 - 2013-05-28 13:00 - 00001108 _____ C:\Windows\Tasks\Plus-HD-2.6-enabler.job
2013-11-27 15:20 - 2013-05-26 09:33 - 00035486 _____ C:\Windows\PFRO.log
2013-11-27 15:20 - 2013-05-25 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-27 15:20 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-27 15:20 - 2009-07-14 05:45 - 08049176 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-27 15:18 - 2013-11-27 15:18 - 00000662 _____ C:\Users\Musicbiggy\Desktop\defogger_disable.log
2013-11-27 15:18 - 2013-11-27 15:18 - 00000188 _____ C:\Users\Musicbiggy\defogger_reenable
2013-11-27 15:18 - 2013-05-25 20:57 - 00000000 ____D C:\Users\Musicbiggy
2013-11-27 15:17 - 2013-11-27 15:17 - 00050477 _____ C:\Users\Musicbiggy\Desktop\Defogger.exe
2013-11-27 15:16 - 2013-05-26 21:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-27 12:41 - 2013-11-07 15:13 - 00000000 ____D C:\Program Files (x86)\Mediafour
2013-11-27 12:37 - 2013-05-25 22:46 - 00087384 _____ C:\Users\Musicbiggy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 12:28 - 2013-05-25 22:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-27 12:26 - 2013-05-25 21:38 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Skype
2013-11-27 12:21 - 2013-09-22 11:27 - 00000000 ____D C:\Program Files\Adobe
2013-11-27 12:21 - 2013-05-25 22:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-27 12:21 - 2013-05-25 21:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-27 10:36 - 2013-05-25 21:53 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\Adobe
2013-11-27 10:34 - 2009-07-14 05:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-27 10:34 - 2009-07-14 05:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-27 10:31 - 2013-07-16 20:00 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-27 10:31 - 2013-07-16 20:00 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-27 10:31 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 23:29 - 2013-05-25 21:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:29 - 2013-05-25 21:34 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 23:25 - 2013-11-26 23:25 - 00289248 _____ C:\Windows\Minidump\112613-15225-01.dmp
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\Windows\Minidump
2013-11-26 22:58 - 2013-11-26 22:58 - 04745728 _____ (AVAST Software) C:\Users\Musicbiggy\Desktop\aswMBR.exe
2013-11-26 22:18 - 2013-11-26 22:18 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 22:17 - 2013-11-26 22:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Musicbiggy\Desktop\mbam-setup-1.75.0.1300.exe
2013-11-25 17:06 - 2013-09-07 22:44 - 00001920 _____ C:\Users\Musicbiggy\Desktop\filmArche.lnk
2013-11-25 11:25 - 2013-05-26 07:17 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-25 11:25 - 2013-05-25 21:13 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-25 11:25 - 2013-05-25 21:13 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-25 11:25 - 2013-05-25 21:13 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-23 12:45 - 2013-05-27 21:58 - 00000000 ____D C:\ProgramData\CanonIJ
2013-11-23 12:33 - 2013-05-26 10:08 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-21 09:12 - 2013-10-16 09:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-21 09:12 - 2013-05-25 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 20:42 - 2013-11-20 20:42 - 105397131 _____ C:\Windows\SysWOW64\é賃ᵌ™
2013-11-18 19:17 - 2013-09-07 21:19 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\vlc
2013-11-18 19:09 - 2013-06-20 22:57 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\dvdcss
2013-11-18 10:29 - 2013-11-18 08:58 - 00002058 _____ C:\Users\Musicbiggy\Desktop\Montage.lnk
2013-11-17 12:55 - 2013-05-26 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 12:55 - 2013-05-26 21:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 12:55 - 2013-05-26 21:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 21:39 - 2013-11-15 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:13 - 2013-11-15 10:11 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\DVDVideoSoft
2013-11-15 10:13 - 2013-11-15 10:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-15 10:08 - 2013-11-15 10:06 - 83809808 _____ (DVDVideoSoft Ltd. ) C:\Users\Musicbiggy\Downloads\FreeStudio.exe
2013-11-15 09:49 - 2013-11-15 09:49 - 00000104 _____ C:\Users\Public\sdelevURL.tmp
2013-11-14 23:01 - 2013-10-17 22:22 - 00001929 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-14 23:00 - 2013-10-17 22:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 11:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 17:41 - 2013-05-25 21:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 17:39 - 2013-08-15 12:45 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 17:38 - 2013-06-23 22:45 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:48 - 2013-11-13 16:48 - 00001527 _____ C:\Users\Musicbiggy\Desktop\Bewerbungen.lnk
2013-11-04 19:06 - 2011-10-15 12:13 - 00000000 ___HD C:\Users\Musicbiggy\AppData\Local\BOSrsjUf6DaT
2013-11-04 18:08 - 2013-05-25 22:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-04 17:56 - 2013-05-25 21:56 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Adobe
2013-11-02 09:26 - 2013-08-30 09:09 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-11-01 13:28 - 2013-11-01 12:27 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\download.am-data
2013-11-01 12:41 - 2013-11-01 12:27 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-11-01 10:23 - 2013-08-30 09:09 - 00001949 _____ C:\Users\Musicbiggy\Desktop\CDBurnerXP.lnk
2013-10-28 12:47 - 2013-10-28 11:17 - 00000000 ____D C:\ProgramData\FreePDF
2013-10-28 12:47 - 2013-10-28 11:17 - 00000000 ____D C:\Program Files (x86)\FreePDF_XP
2013-10-28 12:42 - 2013-10-28 12:42 - 00000000 ____D C:\Program Files\gs
Some content of TEMP:
====================
C:\Users\Musicbiggy\AppData\Local\Temp\AskSLib.dll
C:\Users\Musicbiggy\AppData\Local\Temp\avgnt.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Musicbiggy\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Musicbiggy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Musicbiggy\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Musicbiggy\AppData\Local\Temp\ose00000.exe
C:\Users\Musicbiggy\AppData\Local\Temp\readSTILog.dll
C:\Users\Musicbiggy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Musicbiggy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Musicbiggy\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Musicbiggy\AppData\Local\Temp\vlc-2.1.1-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 11:17
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 27-11-2013
Ran by Musicbiggy at 2013-11-27 15:33:15
Running from C:\Users\Musicbiggy\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Avira Desktop (Disabled - Up to date) {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AS: Avira Desktop (Disabled - Up to date) {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
Adobe AIR (x32 Version: 3.1.0.4880)
Adobe Creative Cloud (x32 Version: 2.1.2.232)
Adobe Download Assistant (x32 Version: 1.2.6)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.152)
Adobe Help Manager (x32 Version: 4.0.244)
Adobe Photoshop Elements 11 (x32 Version: 11.0)
Adobe Premiere Elements 11 (Version: 11.0)
Adobe Premiere Pro CC (x32 Version: 7.0.0)
Adobe Reader 8.1.1 (x32 Version: 8.1.1)
Age of Empires II: HD Edition (x32)
Apple Application Support (x32 Version: 2.3.4)
Apple Software Update (x32 Version: 2.1.3.127)
Audacity 2.0.3 (x32 Version: 2.0.3)
Avira Free Antivirus (x32 Version: 14.0.1.749)
bl (x32 Version: 1.0.0)
Canon Easy-WebPrint EX (x32)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (x32)
Canon MP Navigator EX 3.0 (x32)
Canon MP270 series Benutzerregistrierung (x32)
Canon MP270 series MP Drivers
Canon Utilities Easy-PhotoPrint EX (x32)
Canon Utilities My Printer (x32)
Canon Utilities Solution Menu (x32)
CDBurnerXP (x32 Version: 4.5.2.4291)
D3DX10 (x32 Version: 15.4.2368.0902)
DAEMON Tools Toolbar (x32 Version: 1.0.8.0552)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32)
Dropbox (HKCU Version: 2.0.22)
Elements 11 Organizer (x32 Version: 11.0)
FormatFactory 3.0.1 (x32 Version: 3.0.1)
Fotogalerie (x32 Version: 16.4.3508.0205)
Foxit Reader (x32 Version: 6.0.3.524)
Free Studio version 2013 (x32 Version: 6.2.0.1029)
FreePDF (Remove only) (x32)
GPL Ghostscript (Version: 9.07)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300)
McAfee Security Scan Plus (Version: 3.8.130.10)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 Service Pack 1 (SP1) (x32)
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Home and Student 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000)
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.6029.1000)
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Single Image 2010 (x32 Version: 14.0.6029.1000)
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.6029.1000)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (x32 Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053)
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000)
Mount & Blade: Warband (x32)
Mount & Blade: With Fire and Sword (x32)
Movie Maker (x32 Version: 16.4.3508.0205)
MozBackup 1.5.1 (x32)
Mozilla Firefox 25.0.1 (x86 de) (x32 Version: 25.0.1)
Mozilla Maintenance Service (x32 Version: 24.1.1)
Mozilla Thunderbird 24.1.1 (x86 de) (x32 Version: 24.1.1)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT110 (x32 Version: 16.4.1108.0727)
MSVCRT110_amd64 (Version: 16.4.1109.0912)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
Napoleon: Total War (x32)
Nero 12 (x32 Version: 12.5.01900)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0)
Nero BackItUp (x32 Version: 12.5.1000)
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000)
Nero Blu-ray Player (x32 Version: 12.0.20014)
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000)
Nero Burning ROM (x32 Version: 12.5.5001)
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000)
Nero ControlCenter (x32 Version: 11.0.15600)
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000)
Nero Core Components (x32 Version: 11.0.20200)
Nero Disc Menus Basic (x32 Version: 12.0.11500)
Nero Effects Basic (x32 Version: 12.0.11500)
Nero Express (x32 Version: 12.5.5002)
Nero Express Help (CHM) (x32 Version: 12.0.13000)
Nero Kwik Media (x32 Version: 1.18.20100)
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000)
Nero Kwik Themes Basic (x32 Version: 12.0.11500)
Nero PiP Effects Basic (x32 Version: 12.0.11500)
Nero Recode (x32 Version: 12.5.6000)
Nero Recode Help (CHM) (x32 Version: 12.0.12000)
Nero RescueAgent (x32 Version: 12.0.10002)
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000)
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0)
Nero Update (x32 Version: 11.0.11800.31.0)
Nero Video (x32 Version: 12.5.2001)
Nero Video Help (CHM) (x32 Version: 12.0.12000)
neroxml (x32 Version: 1.0.0)
NVIDIA 3D Vision Driver 311.06 (Version: 311.06)
NVIDIA Control Panel 311.06 (Version: 311.06)
NVIDIA Graphics Driver 311.06 (Version: 311.06)
NVIDIA Install Application (Version: 2.1002.108.688)
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.13.1106)
NVIDIA Update 1.11.3 (Version: 1.11.3)
NVIDIA Update Components (Version: 1.11.3)
ph (x32 Version: 1.0.0)
Photo Common (x32 Version: 16.4.3508.0205)
Photo Gallery (x32 Version: 16.4.3508.0205)
Platform (x32 Version: 1.34)
Plus-HD-2.6 (x32 Version: 1.27.153.5) <==== ATTENTION
PRE11 STI 64Installer (x32 Version: 11.0)
Prerequisite installer (x32 Version: 12.0.0003)
PSE11 STI Installer (x32 Version: 11.0)
QuickTime (x32 Version: 7.74.80.86)
RedMon - Redirection Port Monitor
Samsung Kies (x32 Version: 2.5.3.13043_14)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
Sid Meier's Civilization V (x32)
Skype™ 6.11 (x32 Version: 6.11.102)
Steam (x32 Version: 1.0.0.0)
TeamViewer 8 (x32 Version: 8.0.18051)
TransMac version 10.3 (x32 Version: 10.3)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553065) (x32)
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2566458) (x32)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition (x32)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32)
Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition (x32)
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition (x32)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32)
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition (x32)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32)
Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition (x32)
VIA Plattform-Geräte-Manager (x32 Version: 1.34)
VLC media player 2.1.1 (x32 Version: 2.1.1)
Welcome App (Start-up experience) (x32 Version: 12.0.15000)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205)
Windows Live Essentials (x32 Version: 16.4.3508.0205)
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0)
Windows Live Installer (x32 Version: 16.4.3508.0205)
Windows Live Messenger (x32 Version: 16.4.3508.0205)
Windows Live Photo Common (x32 Version: 16.4.3508.0205)
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205)
Windows Live SOXE (x32 Version: 16.4.3508.0205)
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205)
Windows Live UX Platform (x32 Version: 16.4.3508.0205)
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205)
WinRAR 4.20 (32-Bit) (x32 Version: 4.20.0)
==================== Restore Points =========================
21-11-2013 11:18:14 Geplanter Prüfpunkt
27-11-2013 11:40:08 Removed MacDrive 9 Standard
27-11-2013 11:40:52 Removed MacDrive 9 Standard
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0FE489C9-C264-413E-8CA6-64B13D175AF8} - System32\Tasks\Plus-HD-2.6-updater => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe [2013-05-28] (Plus HD) <==== ATTENTION
Task: {28C5530C-1FEF-4A32-995B-3E80F025A891} - System32\Tasks\{9FE51BBD-3668-4202-AF38-FCBCA5D2BC2F} => Firefox.exe hxxp://ui.skype.com/ui/0/6.3.0.107/de/go/help.faq.installer?LastError=1618
Task: {609E3D43-3F09-4611-9819-5E90E690BAB6} - System32\Tasks\Plus-HD-2.6-enabler => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-enabler.exe <==== ATTENTION
Task: {AE7AF4C4-DA54-4918-A1A8-3DDE575E547E} - System32\Tasks\Plus-HD-2.6-firefoxinstaller => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe [2013-05-28] (Plus HD) <==== ATTENTION
Task: {B0013CF9-C59B-41D4-A3F7-722E00A6E1E1} - System32\Tasks\AdobeAAMUpdater-1.0-Musicbiggy-PC-Musicbiggy => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2013-06-13] (Adobe Systems Incorporated)
Task: {BA080E9B-E5B2-46CB-BB86-B1ABE3DE48BA} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {DE7EE812-1CAE-4180-B538-ADB198C6D30A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {E6463444-1533-4C82-825E-08C963DDA1A4} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-11-17] (Adobe Systems Incorporated)
Task: {EB02381F-D652-4B1C-894A-712498C62C51} - \Microsoft\Windows\MUI\LPRemove No Task File
Task: {FE49F1CB-31A5-4AD8-B46C-0BD6F2E5B459} - System32\Tasks\Plus-HD-2.6-codedownloader => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe [2013-05-28] (Plus HD) <==== ATTENTION
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe
Task: C:\Windows\Tasks\Plus-HD-2.6-enabler.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-enabler.exe
Task: C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe
Task: C:\Windows\Tasks\Plus-HD-2.6-updater.job => C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe
==================== Loaded Modules (whitelisted) =============
2013-08-30 09:01 - 2013-08-30 09:01 - 03358064 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
2013-05-26 11:16 - 2009-05-07 09:51 - 00071680 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\QsApoApi64.dll
2013-05-26 11:16 - 2009-05-07 09:53 - 00379392 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Dts2ApoApi64.dll
2013-05-26 11:16 - 2008-01-18 07:50 - 00098816 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\VMicApi.dll
2013-05-26 11:16 - 2009-07-10 03:48 - 47601664 ____R () C:\Program Files (x86)\VIA\VIAudioi\VDeck\Skin.dll
2013-05-25 21:13 - 2013-05-25 21:10 - 00397704 _____ () C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
2013-03-13 21:48 - 2013-03-13 21:48 - 24978944 _____ () C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\libcef.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2013-11-15 21:39 - 2013-11-15 21:39 - 03363952 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-11-17 12:55 - 2013-11-17 12:55 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Musicbiggy\Local Settings:LsJGWLuc5ttBmQPwE4NAxPB08A
AlternateDataStreams: C:\Users\Musicbiggy\AppData\Local:LsJGWLuc5ttBmQPwE4NAxPB08A
AlternateDataStreams: C:\Users\Musicbiggy\AppData\Local\Application Data:LsJGWLuc5ttBmQPwE4NAxPB08A
AlternateDataStreams: C:\Users\Musicbiggy\AppData\Local\BOSrsjUf6DaT:lqaiPMTSoPdxqTDW34embVvN5
AlternateDataStreams: C:\Users\Musicbiggy\AppData\Local\Temp:PHvMEBhX7KLSn1QjnLuV0k9HBBhw
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
Name: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
Description: NETGEAR WG311v3 54Mbps Wireless PCI Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: MRV6X64P
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (11/26/2013 11:12:09 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e41b
ID des fehlerhaften Prozesses: 0x610
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Error: (11/26/2013 11:07:03 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: aswMBR.exe, Version: 0.9.9.1771, Zeitstempel: 0x5147644e
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0002e3be
ID des fehlerhaften Prozesses: 0x858
Startzeit der fehlerhaften Anwendung: 0xaswMBR.exe0
Pfad der fehlerhaften Anwendung: aswMBR.exe1
Pfad des fehlerhaften Moduls: aswMBR.exe2
Berichtskennung: aswMBR.exe3
Error: (11/26/2013 10:32:30 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: TeamViewer.exe, Version: 8.0.18051.0, Zeitstempel: 0x51763c7c
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18247, Zeitstempel: 0x521ea8e7
Ausnahmecode: 0xc0000374
Fehleroffset: 0x000ce753
ID des fehlerhaften Prozesses: 0x6b4
Startzeit der fehlerhaften Anwendung: 0xTeamViewer.exe0
Pfad der fehlerhaften Anwendung: TeamViewer.exe1
Pfad des fehlerhaften Moduls: TeamViewer.exe2
Berichtskennung: TeamViewer.exe3
Error: (11/16/2013 10:52:56 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xd00
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
Error: (11/15/2013 09:49:19 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/15/2013 09:49:16 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/15/2013 09:49:13 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/15/2013 09:49:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/15/2013 09:49:06 AM) (Source: SideBySide) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest2" in Zeile C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error: (11/14/2013 10:58:53 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Name des fehlerhaften Moduls: avnotify.exe, Version: 13.6.20.2100, Zeitstempel: 0x51e6b921
Ausnahmecode: 0xc0000005
Fehleroffset: 0x00001487
ID des fehlerhaften Prozesses: 0xc44
Startzeit der fehlerhaften Anwendung: 0xavnotify.exe0
Pfad der fehlerhaften Anwendung: avnotify.exe1
Pfad des fehlerhaften Moduls: avnotify.exe2
Berichtskennung: avnotify.exe3
System errors:
=============
Error: (11/27/2013 03:24:34 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{64F604B1-754A-444A-AEC4-1095E1D411BF}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (11/27/2013 00:53:37 PM) (Source: BROWSER) (User: )
Description: Das Einlesen der Sicherungsliste durch den Suchdienst schlug auf Transport "\Device\NetBT_Tcpip_{64F604B1-754A-444A-AEC4-1095E1D411BF}" zu oft fehl.
Der Sicherungssuchdienst wird beendet.
Error: (11/27/2013 10:27:14 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (11/26/2013 11:27:13 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (11/26/2013 11:25:10 PM) (Source: BugCheck) (User: )
Description: 0x00000109 (0xa3a039d89bc0f531, 0xb3b7465eee3f2fab, 0xfffff800049eb080, 0x0000000000000002)C:\Windows\MEMORY.DMP112613-15225-01
Error: (11/26/2013 11:25:09 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am 26.11.2013 um 23:22:35 unerwartet heruntergefahren.
Error: (11/26/2013 09:52:25 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (11/26/2013 10:50:05 AM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (11/25/2013 09:29:47 PM) (Source: VDS Basic Provider) (User: )
Description: Unerwarteter Fehler. Fehlercode: 490@01010004
Error: (11/25/2013 05:46:15 PM) (Source: Disk) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
Microsoft Office Sessions:
=========================
Error: (11/26/2013 11:12:09 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.1.7601.18247521ea8e7c00000050002e41b61001ceeaf40b14bd27C:\Users\Musicbiggy\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dllcab18ebb-56e7-11e3-8d3c-90e6ba208500
Error: (11/26/2013 11:07:03 PM) (Source: Application Error)(User: )
Description: aswMBR.exe0.9.9.17715147644entdll.dll6.1.7601.18247521ea8e7c00000050002e3be85801ceeaf2d43185b1C:\Users\Musicbiggy\Desktop\aswMBR.exeC:\Windows\SysWOW64\ntdll.dll13dcac38-56e7-11e3-8d3c-90e6ba208500
Error: (11/26/2013 10:32:30 PM) (Source: Application Error)(User: )
Description: TeamViewer.exe8.0.18051.051763c7cntdll.dll6.1.7601.18247521ea8e7c0000374000ce7536b401ceeaedc68f50caC:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exeC:\Windows\SysWOW64\ntdll.dll404b795a-56e2-11e3-8d3c-90e6ba208500
Error: (11/16/2013 10:52:56 AM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487d0001cee2b190fc2b2eC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeddaaa305-4ea4-11e3-a117-90e6ba208500
Error: (11/15/2013 09:49:19 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_format-factory.exe
Error: (11/15/2013 09:49:16 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_format-factory.exe
Error: (11/15/2013 09:49:13 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_format-factory.exe
Error: (11/15/2013 09:49:06 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_transmac.exe
Error: (11/15/2013 09:49:06 AM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifestC:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifestC:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_format-factory.exe
Error: (11/14/2013 10:58:53 PM) (Source: Application Error)(User: )
Description: avnotify.exe13.6.20.210051e6b921avnotify.exe13.6.20.210051e6b921c000000500001487c4401cee184aa1e129cC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avnotify.exef2e4c881-4d77-11e3-9ba9-90e6ba208500
==================== Memory info ===========================
Percentage of memory in use: 45%
Total physical RAM: 4095.18 MB
Available physical RAM: 2248.82 MB
Total Pagefile: 8188.53 MB
Available Pagefile: 6052.36 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:78.64 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: E8CC7DBE)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-11-27 16:59:34
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\MUSICB~1\AppData\Local\Temp\kwlyyfow.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800035b3000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800035b302f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE[1644] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe[2676] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe[2676] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076c31465 2 bytes [C3, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076c314bb 2 bytes [C3, 76]
.text ... * 2
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x01 0x29 0x25 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x55 0x06 0xDC ...
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet001\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xED 0x2D 0x0B ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x01 0x29 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x55 0x06 0xDC ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0
Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xED 0x2D 0x0B ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x5E 0x01 0x29 0x25 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x29 0x55 0x06 0xDC ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x8B 0xED 0x2D 0x0B ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{017382FF-7ED5-A3C3-1DF0-9B49A1BF0E7E}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{017382FF-7ED5-A3C3-1DF0-9B49A1BF0E7E}@pahlbgjbmphknlnnkggglodaioabjkjp 0x6A 0x61 0x64 0x63 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{017382FF-7ED5-A3C3-1DF0-9B49A1BF0E7E}@oankhmeedelokidighnapbkcidejag 0x69 0x61 0x63 0x63 ...
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Musicbiggy :: MUSICBIGGY-PC [Administrator] Schutz: Aktiviert 26.11.2013 22:24:25 MBAM-log-2013-11-26 (22-42-18).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 254317 Laufzeit: 10 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 13 HKCR\CLSID\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440344344440} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550355345540} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.BHO.1 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 23 C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Users\Musicbiggy\AppData\Local\Temp\rkdHPIck.exe.part (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Musicbiggy\AppData\Local\Temp\SfB3SPVJ.exe.part (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Windows\Temp\33440_updater.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Users\Musicbiggy\Downloads\cdbxp_setup_4.5.2.4214_minimal.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-enabler.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-updater.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\33440.xpi (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\background.html (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Installer.log (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bg.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-helper.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6.ico (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Uninstall.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.11.26.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Musicbiggy :: MUSICBIGGY-PC [Administrator] Schutz: Aktiviert 27.11.2013 17:11:08 MBAM-log-2013-11-27 (17-21-48).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 250388 Laufzeit: 6 Minute(n), 45 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 13 HKCR\CLSID\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\TypeLib\{44444444-4444-4444-4444-440344344440} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\Interface\{55555555-5555-5555-5555-550355345540} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.BHO.1 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311341140} (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.BHO (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.Sandbox (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCR\CrossriderApp0033440.Sandbox.1 (PUP.Optional.CrossRider.A) -> Keine Aktion durchgeführt. HKCU\Software\InstalledBrowserExtensions\Plus HD (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Program Files (x86)\Plus-HD-2.6 (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. Infizierte Dateien: 23 C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bho.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Users\Musicbiggy\AppData\Local\Temp\rkdHPIck.exe.part (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Users\Musicbiggy\AppData\Local\Temp\SfB3SPVJ.exe.part (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Windows\Temp\33440_updater.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Users\Musicbiggy\Downloads\cdbxp_setup_4.5.2.4214_minimal.exe (PUP.Optional.OpenCandy) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-codedownloader.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-enabler.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-firefoxinstaller.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Windows\Tasks\Plus-HD-2.6-updater.job (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\33440.xpi (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\background.html (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Installer.log (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-bg.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil64.dll (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-buttonutil64.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-codedownloader.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-firefoxinstaller.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-helper.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6-updater.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Plus-HD-2.6.ico (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. C:\Program Files (x86)\Plus-HD-2.6\Uninstall.exe (PUP.Optional.PlusHD.A) -> Keine Aktion durchgeführt. (Ende) Geändert von musicbiggy (27.11.2013 um 20:28 Uhr) |
|
28.11.2013, 08:24
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Hi,
__________________Malwarebytes die Funde auch löschen lassen. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ |
|
28.11.2013, 15:52
| #3 |
| | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Hallo schrauber,
__________________ich habe einen neuen Scan durch Malewarebytes gemacht und versucht, alle infizierten Objekte zu löschen. Allerdings habe ich eben erst - nach Ausführung aller anderen Schritte - verstanden, wie man die Objekte in dem Programm tatsächlich löscht  Ich hoffe einfach mal, die Reihenfolge der Schritte war an dieser Stelle nicht so entscheidend...Liebe Grüße, Lena Code:
ATTFilter # AdwCleaner v3.013 - Bericht erstellt am 28/11/2013 um 14:34:12
# Updated 24/11/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Musicbiggy - MUSICBIGGY-PC
# Gestartet von : C:\Users\Musicbiggy\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gelöscht : C:\Users\MUSICB~1\AppData\Local\Temp\boost_interprocess
Ordner Gelöscht : C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Searchqutoolbar
Ordner Gelöscht : C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Datei Gelöscht : C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\searchplugins\Search_Results.xml
Datei Gelöscht : C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_format-factory_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_transmac_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_fuer_transmac_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220322342240}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345540}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346640}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355345540}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366346640}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\installedbrowserextensions
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Plus-HD-2.6
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\daemon tools toolbar
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16736
-\\ Mozilla Firefox v25.0.1 (de)
[ Datei : C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\prefs.js ]
Zeile gelöscht : user_pref("browser.search.order.1", "Search Results");
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.backgroundjs", "\n\n/*****************************************************************************[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_meta.value", "%7B%22tmp/lightbox.css%22%3A%7B%22id%22%3A354659%2C%22ver%22%3A[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354667.value", "%22%7B%5Cr%5Cn%5C%22youtube.com%5C%22%3A%5B%5C%22com[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354668.value", "%22%5B%5Cr%5Cn%5Ct%5Ct%7B%5Cr%5Cn%5Ct%5Ct%5Ct%5C%22i[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/2a71b3b28494cf1854d333288ccc18ba_DE.value", "%22var%20cat_2a71b3b28494cf1854d3332[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/3518e1eac042730aa1274618984462b3_DE.value", "%22var%20cat_3518e1eac042730aa127461[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/d5baae4ef839769f8eb7e9f9d82d8a40_DE.value", "%22var%20cat_d5baae4ef839769f8eb7e9f[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/d9fe5d2850f1ed167451b193e8bd0e0c_DE.value", "%22var%20cat_d9fe5d2850f1ed167451b19[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.js", "\n\n /************************************************************************************\[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_13.name", "CrossriderAppUtils");
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_14.name", "CrossriderUtils");
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_78.name", "CrossriderInfo");
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]
Zeile gelöscht : user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]
Zeile gelöscht : user_pref("extensions.crossrider.bic", "13eeb14bb4089e8e2382f915e35dbe90");
Zeile gelöscht : user_pref("extensions.enabledItems", "helperbar@helperbar.com:1.0,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{23fcfd51-4958-4f00-80a3-ae97e717ed8b}[...]
Zeile gelöscht : user_pref("extensions.helperbar.DockingPositionDown", false);
Zeile gelöscht : user_pref("extensions.helperbar.LastHiddenTime", 22479674);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarDisabled", false);
Zeile gelöscht : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
*************************
AdwCleaner[R0].txt - [11491 octets] - [28/11/2013 14:23:09]
AdwCleaner[S0].txt - [11158 octets] - [28/11/2013 14:34:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [11219 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Professional x64
Ran by Musicbiggy on 28.11.2013 at 15:05:34,98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\dt soft\daemon tools toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plus-hd-2_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\plus-hd-2_rasmancs
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [Folder] C:\Users\Musicbiggy\AppData\Roaming\mozilla\firefox\profiles\musa31rb.default\extensions\7f404ccc-b0a9-4faf-b3c0-89ceea949aea@a6724a05-9380-4ebe-be02-e67e35a3402c.com
Successfully deleted the following from C:\Users\Musicbiggy\AppData\Roaming\mozilla\firefox\profiles\musa31rb.default\prefs.js
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354678.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354680.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.Resources_resource_354681.value", "%22data%3Aimage/png%3Bbase6
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/530e52021dc20843b1aa62957edeb9f8.value", "%22var%20adsDe
user_pref("extensions.a7f404cccb0a94fafb3c089ceea949aeaa6724a0593804ebebe02e67e35a3402ccom33440.33440.internaldb.cache/833447eaff04548ccb80787286a7cad9_DE.value", "%22var%20ca
Emptied folder: C:\Users\Musicbiggy\AppData\Roaming\mozilla\firefox\profiles\musa31rb.default\minidumps [107 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28.11.2013 at 15:11:22,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 27-11-2013 01
Ran by Musicbiggy (administrator) on MUSICBIGGY-PC on 28-11-2013 15:32:10
Running from C:\Users\Musicbiggy\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-16] (VIA)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Musicbiggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF4DF793A535ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: firefox - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: toolbar - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\toolbar@gmx.net.xpi
FF Extension: Adblock Plus - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-11-27] (Avira Operations GmbH & Co. KG)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-07-16] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-28 15:32 - 2013-11-28 15:32 - 00011215 _____ C:\Users\Musicbiggy\Desktop\FRST.txt
2013-11-28 15:11 - 2013-11-28 15:11 - 00002285 _____ C:\Users\Musicbiggy\Desktop\JRT.txt
2013-11-28 15:05 - 2013-11-28 15:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-28 15:04 - 2013-11-28 15:04 - 01034531 _____ (Thisisu) C:\Users\Musicbiggy\Desktop\JRT.exe
2013-11-28 15:03 - 2013-11-28 15:03 - 00011316 _____ C:\Users\Musicbiggy\Desktop\AdwCleaner[S0].txt
2013-11-28 14:23 - 2013-11-28 14:34 - 00000000 ____D C:\AdwCleaner
2013-11-28 14:21 - 2013-11-28 14:21 - 01091882 _____ C:\Users\Musicbiggy\Desktop\adwcleaner.exe
2013-11-28 10:52 - 2013-11-28 10:52 - 01958850 _____ (Farbar) C:\Users\Musicbiggy\Desktop\FRST64.exe
2013-11-28 10:50 - 2013-11-28 10:50 - 00000000 ____D C:\Users\Musicbiggy\Desktop\FRST etc alt
2013-11-27 17:44 - 2013-11-27 17:44 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\ProgramData\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-27 17:40 - 2013-11-27 17:37 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 17:40 - 2013-11-27 17:37 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-27 17:40 - 2013-11-27 17:37 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 17:40 - 2013-11-27 17:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-27 17:31 - 2013-11-27 17:31 - 02294160 _____ C:\Users\Musicbiggy\Downloads\avira_free_antivirus.exe
2013-11-27 16:59 - 2013-11-27 16:59 - 00007690 _____ C:\Users\Musicbiggy\Desktop\Gmer.txt
2013-11-27 15:41 - 2013-11-27 15:41 - 00377856 _____ C:\Users\Musicbiggy\Desktop\gmer_2.1.19163.exe
2013-11-27 15:31 - 2013-11-27 15:31 - 00000000 ____D C:\FRST
2013-11-27 15:18 - 2013-11-27 15:18 - 00000662 _____ C:\Users\Musicbiggy\Desktop\defogger_disable.log
2013-11-27 15:18 - 2013-11-27 15:18 - 00000188 _____ C:\Users\Musicbiggy\defogger_reenable
2013-11-27 15:17 - 2013-11-27 15:17 - 00050477 _____ C:\Users\Musicbiggy\Desktop\Defogger.exe
2013-11-26 23:25 - 2013-11-26 23:25 - 00289248 _____ C:\Windows\Minidump\112613-15225-01.dmp
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\Windows\Minidump
2013-11-26 22:58 - 2013-11-26 22:58 - 04745728 _____ (AVAST Software) C:\Users\Musicbiggy\Desktop\aswMBR.exe
2013-11-26 22:18 - 2013-11-26 22:18 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 22:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 22:17 - 2013-11-26 22:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Musicbiggy\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-20 20:42 - 2013-11-20 20:42 - 105397131 _____ C:\Windows\SysWOW64\é賃ᵌ™
2013-11-18 08:58 - 2013-11-18 10:29 - 00002058 _____ C:\Users\Musicbiggy\Desktop\Montage.lnk
2013-11-15 21:39 - 2013-11-15 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:11 - 2013-11-15 10:13 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\DVDVideoSoft
2013-11-15 10:11 - 2013-11-15 10:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-15 10:06 - 2013-11-15 10:08 - 83809808 _____ (DVDVideoSoft Ltd. ) C:\Users\Musicbiggy\Downloads\FreeStudio.exe
2013-11-15 09:49 - 2013-11-15 09:49 - 00000104 _____ C:\Users\Public\sdelevURL.tmp
2013-11-13 17:41 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 17:41 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 17:41 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 17:41 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 17:41 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 17:41 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 17:41 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 17:41 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 17:41 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 17:41 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 17:40 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 17:40 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 17:40 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:48 - 2013-11-13 16:48 - 00001527 _____ C:\Users\Musicbiggy\Desktop\Bewerbungen.lnk
2013-11-13 16:39 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:39 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:39 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:39 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:39 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 16:39 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:39 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:39 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:39 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:39 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:39 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:39 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:39 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:39 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:39 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:39 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:39 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:39 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:39 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:39 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:39 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:39 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:39 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:39 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:39 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:39 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:39 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:39 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:39 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:39 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-07 15:13 - 2013-11-27 12:41 - 00000000 ____D C:\Program Files (x86)\Mediafour
2013-11-01 12:27 - 2013-11-01 13:28 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\download.am-data
2013-11-01 12:27 - 2013-11-01 12:41 - 00000000 ____D C:\Program Files (x86)\Download.am
==================== One Month Modified Files and Folders =======
2013-11-28 15:33 - 2013-11-28 15:32 - 00011215 _____ C:\Users\Musicbiggy\Desktop\FRST.txt
2013-11-28 15:16 - 2013-05-26 21:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-28 15:11 - 2013-11-28 15:11 - 00002285 _____ C:\Users\Musicbiggy\Desktop\JRT.txt
2013-11-28 15:05 - 2013-11-28 15:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-28 15:04 - 2013-11-28 15:04 - 01034531 _____ (Thisisu) C:\Users\Musicbiggy\Desktop\JRT.exe
2013-11-28 15:03 - 2013-11-28 15:03 - 00011316 _____ C:\Users\Musicbiggy\Desktop\AdwCleaner[S0].txt
2013-11-28 14:45 - 2009-07-14 05:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-28 14:45 - 2009-07-14 05:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-28 14:37 - 2013-10-28 13:07 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\FreePDF_XP
2013-11-28 14:37 - 2013-05-27 16:26 - 00000000 ___RD C:\Users\Musicbiggy\Dropbox
2013-11-28 14:37 - 2013-05-27 16:24 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Dropbox
2013-11-28 14:37 - 2009-07-14 05:51 - 53057454 _____ C:\Windows\setupact.log
2013-11-28 14:36 - 2013-05-25 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-28 14:36 - 2013-05-25 20:56 - 01880169 _____ C:\Windows\WindowsUpdate.log
2013-11-28 14:36 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-28 14:34 - 2013-11-28 14:23 - 00000000 ____D C:\AdwCleaner
2013-11-28 14:21 - 2013-11-28 14:21 - 01091882 _____ C:\Users\Musicbiggy\Desktop\adwcleaner.exe
2013-11-28 11:12 - 2013-05-26 09:33 - 00043090 _____ C:\Windows\PFRO.log
2013-11-28 10:52 - 2013-11-28 10:52 - 01958850 _____ (Farbar) C:\Users\Musicbiggy\Desktop\FRST64.exe
2013-11-28 10:50 - 2013-11-28 10:50 - 00000000 ____D C:\Users\Musicbiggy\Desktop\FRST etc alt
2013-11-28 10:45 - 2013-05-25 21:53 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\Adobe
2013-11-27 20:29 - 2013-05-25 21:38 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Skype
2013-11-27 17:44 - 2013-11-27 17:44 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\ProgramData\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-27 17:37 - 2013-11-27 17:40 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 17:37 - 2013-11-27 17:40 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-27 17:37 - 2013-11-27 17:40 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 17:37 - 2013-11-27 17:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-27 17:31 - 2013-11-27 17:31 - 02294160 _____ C:\Users\Musicbiggy\Downloads\avira_free_antivirus.exe
2013-11-27 16:59 - 2013-11-27 16:59 - 00007690 _____ C:\Users\Musicbiggy\Desktop\Gmer.txt
2013-11-27 15:41 - 2013-11-27 15:41 - 00377856 _____ C:\Users\Musicbiggy\Desktop\gmer_2.1.19163.exe
2013-11-27 15:31 - 2013-11-27 15:31 - 00000000 ____D C:\FRST
2013-11-27 15:20 - 2009-07-14 05:45 - 08049176 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-27 15:18 - 2013-11-27 15:18 - 00000662 _____ C:\Users\Musicbiggy\Desktop\defogger_disable.log
2013-11-27 15:18 - 2013-11-27 15:18 - 00000188 _____ C:\Users\Musicbiggy\defogger_reenable
2013-11-27 15:18 - 2013-05-25 20:57 - 00000000 ____D C:\Users\Musicbiggy
2013-11-27 15:17 - 2013-11-27 15:17 - 00050477 _____ C:\Users\Musicbiggy\Desktop\Defogger.exe
2013-11-27 12:41 - 2013-11-07 15:13 - 00000000 ____D C:\Program Files (x86)\Mediafour
2013-11-27 12:37 - 2013-05-25 22:46 - 00087384 _____ C:\Users\Musicbiggy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 12:28 - 2013-05-25 22:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-27 12:21 - 2013-09-22 11:27 - 00000000 ____D C:\Program Files\Adobe
2013-11-27 12:21 - 2013-05-25 22:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-27 12:21 - 2013-05-25 21:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-27 10:31 - 2013-07-16 20:00 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-27 10:31 - 2013-07-16 20:00 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-27 10:31 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-26 23:29 - 2013-05-25 21:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:29 - 2013-05-25 21:34 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 23:25 - 2013-11-26 23:25 - 00289248 _____ C:\Windows\Minidump\112613-15225-01.dmp
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\Windows\Minidump
2013-11-26 22:58 - 2013-11-26 22:58 - 04745728 _____ (AVAST Software) C:\Users\Musicbiggy\Desktop\aswMBR.exe
2013-11-26 22:18 - 2013-11-26 22:18 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 22:17 - 2013-11-26 22:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Musicbiggy\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-25 17:06 - 2013-09-07 22:44 - 00001920 _____ C:\Users\Musicbiggy\Desktop\filmArche.lnk
2013-11-23 12:45 - 2013-05-27 21:58 - 00000000 ____D C:\ProgramData\CanonIJ
2013-11-23 12:33 - 2013-05-26 10:08 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-21 09:12 - 2013-10-16 09:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-21 09:12 - 2013-05-25 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 20:42 - 2013-11-20 20:42 - 105397131 _____ C:\Windows\SysWOW64\é賃ᵌ™
2013-11-18 19:17 - 2013-09-07 21:19 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\vlc
2013-11-18 19:09 - 2013-06-20 22:57 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\dvdcss
2013-11-18 10:29 - 2013-11-18 08:58 - 00002058 _____ C:\Users\Musicbiggy\Desktop\Montage.lnk
2013-11-17 12:55 - 2013-05-26 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 12:55 - 2013-05-26 21:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 12:55 - 2013-05-26 21:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 21:39 - 2013-11-15 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:13 - 2013-11-15 10:11 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\DVDVideoSoft
2013-11-15 10:13 - 2013-11-15 10:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-15 10:08 - 2013-11-15 10:06 - 83809808 _____ (DVDVideoSoft Ltd. ) C:\Users\Musicbiggy\Downloads\FreeStudio.exe
2013-11-15 09:49 - 2013-11-15 09:49 - 00000104 _____ C:\Users\Public\sdelevURL.tmp
2013-11-14 23:01 - 2013-10-17 22:22 - 00001929 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-14 23:00 - 2013-10-17 22:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 11:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 17:41 - 2013-05-25 21:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 17:39 - 2013-08-15 12:45 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 17:38 - 2013-06-23 22:45 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:48 - 2013-11-13 16:48 - 00001527 _____ C:\Users\Musicbiggy\Desktop\Bewerbungen.lnk
2013-11-04 19:06 - 2011-10-15 12:13 - 00000000 ___HD C:\Users\Musicbiggy\AppData\Local\BOSrsjUf6DaT
2013-11-04 18:08 - 2013-05-25 22:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-04 17:56 - 2013-05-25 21:56 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Adobe
2013-11-02 09:26 - 2013-08-30 09:09 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-11-01 13:28 - 2013-11-01 12:27 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\download.am-data
2013-11-01 12:41 - 2013-11-01 12:27 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-11-01 10:23 - 2013-08-30 09:09 - 00001949 _____ C:\Users\Musicbiggy\Desktop\CDBurnerXP.lnk
Some content of TEMP:
====================
C:\Users\Musicbiggy\AppData\Local\Temp\AskSLib.dll
C:\Users\Musicbiggy\AppData\Local\Temp\avgnt.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Musicbiggy\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Musicbiggy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Musicbiggy\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Musicbiggy\AppData\Local\Temp\ose00000.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Quarantine.exe
C:\Users\Musicbiggy\AppData\Local\Temp\readSTILog.dll
C:\Users\Musicbiggy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Musicbiggy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Musicbiggy\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Musicbiggy\AppData\Local\Temp\vlc-2.1.1-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 11:17
==================== End Of Log ============================
|
|
29.11.2013, 08:54
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.11.2013, 16:19
| #5 |
| | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Alles klar Hier also die Logs des Tages:Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=0c83a8bc3853a84aaeb75e1dac00a386
# engine=16072
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-11-29 01:47:11
# local_time=2013-11-29 02:47:11 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1799 16775165 100 94 16106 166509 8874 0
# compatibility_mode=5893 16776574 100 94 11731660 137362681 0 0
# scanned=339851
# found=2
# cleaned=0
# scan_time=8018
sh=623704DB7A6A04F28AE8EC9C7555C109324FB2D7 ft=1 fh=b66c729283c0f376 vn="Win32/StartPage.OPH trojan" ac=I fn="C:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\VLC PORTABLE\vlc-2.0.0-win32.exe"
sh=623704DB7A6A04F28AE8EC9C7555C109324FB2D7 ft=1 fh=b66c729283c0f376 vn="Win32/StartPage.OPH trojan" ac=I fn="J:\BEHALTEN 2012\PROGRAMME\VLC PORTABLE\vlc-2.0.0-win32.exe"
Code:
ATTFilter Results of screen317's Security Check version 0.99.76 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 10 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Adobe Flash Player 11.9.900.152 Adobe Reader 8 Adobe Reader out of Date! Mozilla Firefox (25.0.1) Mozilla Thunderbird (24.1.1) ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes Anti-Malware mbam.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Musicbiggy (administrator) on MUSICBIGGY-PC on 29-11-2013 15:28:43
Running from C:\Users\Musicbiggy\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(Mediafour Corporation) C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(VIA) C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
(shbox.de) C:\Program Files (x86)\FreePDF_XP\fpassist.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Microsoft Corporation) C:\Windows\System32\audiodg.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [472984 2013-06-13] (Adobe Systems Incorporated)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2184520 2009-07-27] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.EXE [767312 2009-03-18] (CANON INC.)
HKLM\...\Run: [MacDrive 9 application] - C:\Program Files\Mediafour\MacDrive 9\MacDrive.exe [516480 2013-09-30] (Mediafour Corporation)
HKCU\...\Run: [AdobeBridge] - [x]
HKCU\...\Run: [CAHeadless] - C:\Program Files (x86)\Adobe\Elements 11 Organizer\CAHeadless\ElementsAutoAnalyzer.exe [840784 2012-09-17] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 8.0\Reader\reader_sl.exe [39792 2007-10-10] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HDAudDeck] - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2245120 2009-07-16] (VIA)
HKLM-x32\...\Run: [FreePDF Assistant] - C:\Program Files (x86)\FreePDF_XP\fpassist.exe [373760 2013-03-14] (shbox.de)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [683576 2013-11-27] (Avira Operations GmbH & Co. KG)
Startup: C:\Users\Musicbiggy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Musicbiggy\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF4DF793A535ECE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default
FF NewTab: chrome://unitedtb/content/newtab/newtab-page.xhtml
FF Homepage: https://www.facebook.com/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @canon.com/EPPEX - C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll No File
FF Plugin-x32: @mcafee.com/McAfeeMssPlugin - C:\Program Files\McAfee Security Scan\3.8.130\npMcAfeeMss.dll (McAfee, Inc.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: adobe.com/AdobeExManDetect - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll No File
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: WOT - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
FF Extension: firefox - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\firefox@mega.co.nz.xpi
FF Extension: toolbar - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\toolbar@gmx.net.xpi
FF Extension: Adblock Plus - C:\Users\Musicbiggy\AppData\Roaming\Mozilla\Firefox\Profiles\musa31rb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
==================== Services (Whitelisted) =================
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600 2012-09-17] (Adobe Systems Incorporated)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-27] (Avira Operations GmbH & Co. KG)
S4 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1164360 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [116104 2009-02-10] ()
R2 MacDrive9Service; C:\Program Files\Mediafour\MacDrive 9\MacDrive9Service.exe [187256 2013-09-30] (Mediafour Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [106904 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [132600 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-27] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [83160 2013-11-27] (Avira Operations GmbH & Co. KG)
R1 CBDisk; C:\Windows\system32\drivers\CBDisk.sys [70344 2011-05-06] (EldoS Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R0 MDFSYSNT; C:\Windows\System32\Drivers\MDFSYSNT.sys [328008 2013-09-30] (Mediafour Corporation)
R0 MDPMGRNT; C:\Windows\System32\DRIVERS\MDPMGRNT.SYS [41800 2013-08-01] (Mediafour Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-05-14] ()
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-10] (Corel Corporation)
S4 sptd; C:\Windows\System32\Drivers\sptd.sys [871408 2013-07-16] (Duplex Secure Ltd.)
S3 ssudserd; C:\Windows\System32\DRIVERS\ssudserd.sys [203672 2013-04-03] (DEVGURU Co., LTD.(www.devguru.co.kr))
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-11-29 15:24 - 2013-11-29 15:24 - 01959024 _____ (Farbar) C:\Users\Musicbiggy\Desktop\FRST64.exe
2013-11-29 15:23 - 2013-11-29 15:23 - 00001050 _____ C:\Users\Musicbiggy\Desktop\checkup.txt
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\ProgramData\Mediafour
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\Program Files\Mediafour
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\Program Files\Common Files\Mediafour
2013-11-29 12:24 - 2013-08-01 15:22 - 00041800 _____ (Mediafour Corporation) C:\Windows\system32\Drivers\MDPMGRNT.SYS
2013-11-29 12:24 - 2011-05-06 09:19 - 00070344 _____ (EldoS Corporation) C:\Windows\system32\Drivers\CBDisk.sys
2013-11-29 12:19 - 2013-11-29 12:17 - 13379696 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\Musicbiggy\Desktop\MacDrive Standard 9.2.0.2 en Setup.exe
2013-11-29 11:32 - 2013-11-29 11:32 - 00891184 _____ C:\Users\Musicbiggy\Desktop\SecurityCheck.exe
2013-11-29 11:31 - 2013-11-29 11:31 - 02347384 _____ (ESET) C:\Users\Musicbiggy\Desktop\esetsmartinstaller_enu.exe
2013-11-28 15:32 - 2013-11-29 15:28 - 00012052 _____ C:\Users\Musicbiggy\Desktop\FRST.txt
2013-11-28 15:11 - 2013-11-28 15:11 - 00002285 _____ C:\Users\Musicbiggy\Desktop\JRT.txt
2013-11-28 15:05 - 2013-11-28 15:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-28 15:04 - 2013-11-28 15:04 - 01034531 _____ (Thisisu) C:\Users\Musicbiggy\Desktop\JRT.exe
2013-11-28 15:03 - 2013-11-28 15:03 - 00011316 _____ C:\Users\Musicbiggy\Desktop\AdwCleaner[S0].txt
2013-11-28 14:23 - 2013-11-28 14:34 - 00000000 ____D C:\AdwCleaner
2013-11-28 14:21 - 2013-11-28 14:21 - 01091882 _____ C:\Users\Musicbiggy\Desktop\adwcleaner.exe
2013-11-28 10:50 - 2013-11-28 10:50 - 00000000 ____D C:\Users\Musicbiggy\Desktop\FRST etc alt
2013-11-27 17:44 - 2013-11-27 17:44 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\ProgramData\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-27 17:40 - 2013-11-27 17:37 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 17:40 - 2013-11-27 17:37 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-27 17:40 - 2013-11-27 17:37 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 17:40 - 2013-11-27 17:37 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-27 17:31 - 2013-11-27 17:31 - 02294160 _____ C:\Users\Musicbiggy\Downloads\avira_free_antivirus.exe
2013-11-27 16:59 - 2013-11-27 16:59 - 00007690 _____ C:\Users\Musicbiggy\Desktop\Gmer.txt
2013-11-27 15:41 - 2013-11-27 15:41 - 00377856 _____ C:\Users\Musicbiggy\Desktop\gmer_2.1.19163.exe
2013-11-27 15:31 - 2013-11-27 15:31 - 00000000 ____D C:\FRST
2013-11-27 15:18 - 2013-11-27 15:18 - 00000662 _____ C:\Users\Musicbiggy\Desktop\defogger_disable.log
2013-11-27 15:18 - 2013-11-27 15:18 - 00000188 _____ C:\Users\Musicbiggy\defogger_reenable
2013-11-27 15:17 - 2013-11-27 15:17 - 00050477 _____ C:\Users\Musicbiggy\Desktop\Defogger.exe
2013-11-26 23:25 - 2013-11-26 23:25 - 00289248 _____ C:\Windows\Minidump\112613-15225-01.dmp
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\Windows\Minidump
2013-11-26 22:58 - 2013-11-26 22:58 - 04745728 _____ (AVAST Software) C:\Users\Musicbiggy\Desktop\aswMBR.exe
2013-11-26 22:18 - 2013-11-26 22:18 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 22:18 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-11-26 22:17 - 2013-11-26 22:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Musicbiggy\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-20 20:42 - 2013-11-20 20:42 - 105397131 _____ C:\Windows\SysWOW64\é賃ᵌ™
2013-11-18 08:58 - 2013-11-18 10:29 - 00002058 _____ C:\Users\Musicbiggy\Desktop\Montage.lnk
2013-11-15 21:39 - 2013-11-15 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:11 - 2013-11-15 10:13 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\DVDVideoSoft
2013-11-15 10:11 - 2013-11-15 10:13 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-15 10:06 - 2013-11-15 10:08 - 83809808 _____ (DVDVideoSoft Ltd. ) C:\Users\Musicbiggy\Downloads\FreeStudio.exe
2013-11-15 09:49 - 2013-11-15 09:49 - 00000104 _____ C:\Users\Public\sdelevURL.tmp
2013-11-13 17:41 - 2013-10-12 09:45 - 02241536 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-13 17:41 - 2013-10-12 09:45 - 01364992 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-13 17:41 - 2013-10-12 09:45 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-13 17:41 - 2013-10-12 09:43 - 03959808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 02648576 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-13 17:41 - 2013-10-12 09:43 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-13 17:41 - 2013-10-12 08:03 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-13 17:41 - 2013-10-12 08:03 - 01138176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 02877952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 02049024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-13 17:41 - 2013-10-12 08:02 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-13 17:41 - 2013-10-12 07:35 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-13 17:41 - 2013-10-12 07:08 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-13 17:41 - 2013-10-12 06:44 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-13 17:41 - 2013-10-12 06:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-13 17:40 - 2013-10-12 09:43 - 19269632 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-13 17:40 - 2013-10-12 09:43 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-13 17:40 - 2013-10-12 08:02 - 14355968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-13 16:48 - 2013-11-13 16:48 - 00001527 _____ C:\Users\Musicbiggy\Desktop\Bewerbungen.lnk
2013-11-13 16:39 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 16:39 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 16:39 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 16:39 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 16:39 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 16:39 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 16:39 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 16:39 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 16:39 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 16:39 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 16:39 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 16:39 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 16:39 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 16:39 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 16:39 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 16:39 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 16:39 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 16:39 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 16:39 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 16:39 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 16:39 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 16:39 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 16:39 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 16:39 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 16:39 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 16:39 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 16:39 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 16:39 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 16:39 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 16:39 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-07 15:13 - 2013-11-29 12:24 - 00000000 ____D C:\Program Files (x86)\Mediafour
2013-11-01 12:27 - 2013-11-01 13:28 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\download.am-data
2013-11-01 12:27 - 2013-11-01 12:41 - 00000000 ____D C:\Program Files (x86)\Download.am
==================== One Month Modified Files and Folders =======
2013-11-29 15:29 - 2013-11-28 15:32 - 00012052 _____ C:\Users\Musicbiggy\Desktop\FRST.txt
2013-11-29 15:24 - 2013-11-29 15:24 - 01959024 _____ (Farbar) C:\Users\Musicbiggy\Desktop\FRST64.exe
2013-11-29 15:23 - 2013-11-29 15:23 - 00001050 _____ C:\Users\Musicbiggy\Desktop\checkup.txt
2013-11-29 15:16 - 2013-05-26 21:48 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-29 14:08 - 2013-05-25 20:56 - 02038943 _____ C:\Windows\WindowsUpdate.log
2013-11-29 12:34 - 2009-07-14 05:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 12:34 - 2009-07-14 05:45 - 00013568 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 12:29 - 2013-07-16 20:00 - 00654150 _____ C:\Windows\system32\perfh007.dat
2013-11-29 12:29 - 2013-07-16 20:00 - 00130022 _____ C:\Windows\system32\perfc007.dat
2013-11-29 12:29 - 2009-07-14 06:13 - 01498742 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-29 12:26 - 2013-10-28 13:07 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\FreePDF_XP
2013-11-29 12:26 - 2013-05-27 16:26 - 00000000 ___RD C:\Users\Musicbiggy\Dropbox
2013-11-29 12:26 - 2013-05-27 16:24 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Dropbox
2013-11-29 12:26 - 2013-05-25 21:11 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-29 12:26 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 12:26 - 2009-07-14 05:51 - 53058686 _____ C:\Windows\setupact.log
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\ProgramData\Mediafour
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\Program Files\Mediafour
2013-11-29 12:24 - 2013-11-29 12:24 - 00000000 ____D C:\Program Files\Common Files\Mediafour
2013-11-29 12:24 - 2013-11-07 15:13 - 00000000 ____D C:\Program Files (x86)\Mediafour
2013-11-29 12:23 - 2013-05-25 22:50 - 00000000 ____D C:\Users\Musicbiggy\BEHALTEN 2012
2013-11-29 12:17 - 2013-11-29 12:19 - 13379696 _____ (Mediafour Corporation, info@mediafour.com) C:\Users\Musicbiggy\Desktop\MacDrive Standard 9.2.0.2 en Setup.exe
2013-11-29 11:32 - 2013-11-29 11:32 - 00891184 _____ C:\Users\Musicbiggy\Desktop\SecurityCheck.exe
2013-11-29 11:31 - 2013-11-29 11:31 - 02347384 _____ (ESET) C:\Users\Musicbiggy\Desktop\esetsmartinstaller_enu.exe
2013-11-29 11:23 - 2013-05-25 21:53 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\Adobe
2013-11-28 15:11 - 2013-11-28 15:11 - 00002285 _____ C:\Users\Musicbiggy\Desktop\JRT.txt
2013-11-28 15:05 - 2013-11-28 15:05 - 00000000 ____D C:\Windows\ERUNT
2013-11-28 15:04 - 2013-11-28 15:04 - 01034531 _____ (Thisisu) C:\Users\Musicbiggy\Desktop\JRT.exe
2013-11-28 15:03 - 2013-11-28 15:03 - 00011316 _____ C:\Users\Musicbiggy\Desktop\AdwCleaner[S0].txt
2013-11-28 14:34 - 2013-11-28 14:23 - 00000000 ____D C:\AdwCleaner
2013-11-28 14:21 - 2013-11-28 14:21 - 01091882 _____ C:\Users\Musicbiggy\Desktop\adwcleaner.exe
2013-11-28 11:12 - 2013-05-26 09:33 - 00043090 _____ C:\Windows\PFRO.log
2013-11-28 10:50 - 2013-11-28 10:50 - 00000000 ____D C:\Users\Musicbiggy\Desktop\FRST etc alt
2013-11-27 20:29 - 2013-05-25 21:38 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Skype
2013-11-27 17:44 - 2013-11-27 17:44 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00002066 _____ C:\Users\Public\Desktop\Avira Control Center.lnk
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\ProgramData\Avira
2013-11-27 17:40 - 2013-11-27 17:40 - 00000000 ____D C:\Program Files (x86)\Avira
2013-11-27 17:37 - 2013-11-27 17:40 - 00132600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2013-11-27 17:37 - 2013-11-27 17:40 - 00106904 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2013-11-27 17:37 - 2013-11-27 17:40 - 00083160 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avnetflt.sys
2013-11-27 17:37 - 2013-11-27 17:40 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2013-11-27 17:31 - 2013-11-27 17:31 - 02294160 _____ C:\Users\Musicbiggy\Downloads\avira_free_antivirus.exe
2013-11-27 16:59 - 2013-11-27 16:59 - 00007690 _____ C:\Users\Musicbiggy\Desktop\Gmer.txt
2013-11-27 15:41 - 2013-11-27 15:41 - 00377856 _____ C:\Users\Musicbiggy\Desktop\gmer_2.1.19163.exe
2013-11-27 15:31 - 2013-11-27 15:31 - 00000000 ____D C:\FRST
2013-11-27 15:20 - 2009-07-14 05:45 - 08049176 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-27 15:18 - 2013-11-27 15:18 - 00000662 _____ C:\Users\Musicbiggy\Desktop\defogger_disable.log
2013-11-27 15:18 - 2013-11-27 15:18 - 00000188 _____ C:\Users\Musicbiggy\defogger_reenable
2013-11-27 15:18 - 2013-05-25 20:57 - 00000000 ____D C:\Users\Musicbiggy
2013-11-27 15:17 - 2013-11-27 15:17 - 00050477 _____ C:\Users\Musicbiggy\Desktop\Defogger.exe
2013-11-27 12:37 - 2013-05-25 22:46 - 00087384 _____ C:\Users\Musicbiggy\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-27 12:28 - 2013-05-25 22:39 - 00000000 ____D C:\Program Files (x86)\Adobe
2013-11-27 12:21 - 2013-09-22 11:27 - 00000000 ____D C:\Program Files\Adobe
2013-11-27 12:21 - 2013-05-25 22:37 - 00000000 ____D C:\Program Files\Common Files\Adobe
2013-11-27 12:21 - 2013-05-25 21:56 - 00000000 ____D C:\ProgramData\Adobe
2013-11-26 23:29 - 2013-05-25 21:38 - 00000000 ___RD C:\Program Files (x86)\Skype
2013-11-26 23:29 - 2013-05-25 21:34 - 00000000 ____D C:\ProgramData\Skype
2013-11-26 23:25 - 2013-11-26 23:25 - 00289248 _____ C:\Windows\Minidump\112613-15225-01.dmp
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\Windows\Minidump
2013-11-26 22:58 - 2013-11-26 22:58 - 04745728 _____ (AVAST Software) C:\Users\Musicbiggy\Desktop\aswMBR.exe
2013-11-26 22:18 - 2013-11-26 22:18 - 00001109 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-11-26 22:18 - 2013-11-26 22:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2013-11-26 22:17 - 2013-11-26 22:17 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Musicbiggy\Downloads\mbam-setup-1.75.0.1300.exe
2013-11-25 17:06 - 2013-09-07 22:44 - 00001920 _____ C:\Users\Musicbiggy\Desktop\filmArche.lnk
2013-11-23 12:45 - 2013-05-27 21:58 - 00000000 ____D C:\ProgramData\CanonIJ
2013-11-23 12:33 - 2013-05-26 10:08 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-21 09:12 - 2013-10-16 09:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2013-11-21 09:12 - 2013-05-25 21:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-11-20 20:42 - 2013-11-20 20:42 - 105397131 _____ C:\Windows\SysWOW64\é賃ᵌ™
2013-11-18 19:17 - 2013-09-07 21:19 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\vlc
2013-11-18 19:09 - 2013-06-20 22:57 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\dvdcss
2013-11-18 10:29 - 2013-11-18 08:58 - 00002058 _____ C:\Users\Musicbiggy\Desktop\Montage.lnk
2013-11-17 12:55 - 2013-05-26 21:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-17 12:55 - 2013-05-26 21:48 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-17 12:55 - 2013-05-26 21:48 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-15 21:39 - 2013-11-15 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-15 10:13 - 2013-11-15 10:11 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\DVDVideoSoft
2013-11-15 10:13 - 2013-11-15 10:11 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2013-11-15 10:08 - 2013-11-15 10:06 - 83809808 _____ (DVDVideoSoft Ltd. ) C:\Users\Musicbiggy\Downloads\FreeStudio.exe
2013-11-15 09:49 - 2013-11-15 09:49 - 00000104 _____ C:\Users\Public\sdelevURL.tmp
2013-11-14 23:01 - 2013-10-17 22:22 - 00001929 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-11-14 23:00 - 2013-10-17 22:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-11-14 11:26 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-13 17:41 - 2013-05-25 21:31 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 17:39 - 2013-08-15 12:45 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 17:38 - 2013-06-23 22:45 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 16:48 - 2013-11-13 16:48 - 00001527 _____ C:\Users\Musicbiggy\Desktop\Bewerbungen.lnk
2013-11-04 19:06 - 2011-10-15 12:13 - 00000000 ___HD C:\Users\Musicbiggy\AppData\Local\BOSrsjUf6DaT
2013-11-04 18:08 - 2013-05-25 22:46 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2013-11-04 17:56 - 2013-05-25 21:56 - 00000000 ____D C:\Users\Musicbiggy\AppData\Roaming\Adobe
2013-11-02 09:26 - 2013-08-30 09:09 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2013-11-01 13:28 - 2013-11-01 12:27 - 00000000 ____D C:\Users\Musicbiggy\AppData\Local\download.am-data
2013-11-01 12:41 - 2013-11-01 12:27 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-11-01 10:23 - 2013-08-30 09:09 - 00001949 _____ C:\Users\Musicbiggy\Desktop\CDBurnerXP.lnk
Some content of TEMP:
====================
C:\Users\Musicbiggy\AppData\Local\Temp\AskSLib.dll
C:\Users\Musicbiggy\AppData\Local\Temp\avgnt.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Musicbiggy\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Foxit Reader Updater.exe
C:\Users\Musicbiggy\AppData\Local\Temp\fp_pl_pfs_installer.exe
C:\Users\Musicbiggy\AppData\Local\Temp\MSETUP4.EXE
C:\Users\Musicbiggy\AppData\Local\Temp\ose00000.exe
C:\Users\Musicbiggy\AppData\Local\Temp\Quarantine.exe
C:\Users\Musicbiggy\AppData\Local\Temp\readSTILog.dll
C:\Users\Musicbiggy\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Musicbiggy\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Musicbiggy\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Musicbiggy\AppData\Local\Temp\vlc-2.1.1-win32.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-11-20 11:17
==================== End Of Log ============================
|
|
30.11.2013, 16:48
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Adobe updaten. Die 2 Funde von ESET manuell löschen. Fertig Die Reihenfolge ist hier entscheidend.
Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) |
|
04.12.2013, 14:06
| #7 |
| | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Danke für die vielen, nützlichen Tipps Eine Frage hätte ich da noch: Die Problematik mit meinem gehackten E-Mail-Account ist wirklich gelöst, oder? Ich habe zunächst das Passwort geändert und dann telefonisch die Entsperrung veranlasst - aber zur Sicherheit wollte ich nochmal nachfragen.Anbei noch die Logdateien von Del-Flix und einem erneuten Scan durch Malewarebytes (da hat es mich etwas gewundert, dass bei einem vollständigen Suchdurchlauf immerhin noch 5 infizierte Dateien gefunden wurden. Die habe ich natürlich gelöscht). Vielen Dank für die Hilfe! Liebe Grüße, Lena Code:
ATTFilter # DelFix v10.6 - Datei am 30/11/2013 um 21:23:12 erstellt
# Aktualisiert am 11/11/2013 von Xplode
# Benutzer : Musicbiggy - MUSICBIGGY-PC
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
~ Aktiviere die Benutzerkontensteuerung ... OK
~ Entferne die Bereinigungsprogramme ...
Gelöscht : C:\FRST
Gelöscht : C:\AdwCleaner
Gelöscht : C:\Users\Musicbiggy\Desktop\adwcleaner.exe
Gelöscht : C:\Users\Musicbiggy\Desktop\AdwCleaner[S0].txt
Gelöscht : C:\Users\Musicbiggy\Desktop\aswMBR.exe
Gelöscht : C:\Users\Musicbiggy\Desktop\Defogger.exe
Gelöscht : C:\Users\Musicbiggy\Desktop\defogger_disable.log
Gelöscht : C:\Users\Musicbiggy\Desktop\defogger_enable.log
Gelöscht : C:\Users\Musicbiggy\Desktop\esetsmartinstaller_enu.exe
Gelöscht : C:\Users\Musicbiggy\Desktop\FRST (29.11.13).txt
Gelöscht : C:\Users\Musicbiggy\Desktop\FRST64.exe
Gelöscht : C:\Users\Musicbiggy\Desktop\JRT.exe
Gelöscht : C:\Users\Musicbiggy\Desktop\JRT.txt
Gelöscht : C:\Users\Musicbiggy\Desktop\log eset.txt
Gelöscht : C:\Users\Musicbiggy\Desktop\SecurityCheck.exe
Gelöscht : HKLM\SOFTWARE\AdwCleaner
Gelöscht : HKLM\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_ASWMBR
~ Erstelle ein Backup der Registrierungsdatenbank ... OK
~ Lösche die Wiederherstellungspunkte ...
Gelöscht : RP #80 [Installed MacDrive 9 Standard | 11/29/2013 11:23:38]
Ein neuer Wiederherstellungspunkt wurde erstellt !
~ Stelle die Systemeinstellungen wieder her ... OK
########## - EOF - ##########
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.12.02.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16736 Musicbiggy :: MUSICBIGGY-PC [Administrator] Schutz: Aktiviert 02.12.2013 09:57:06 mbam-log-2013-12-02 (09-57-06).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 483784 Laufzeit: 1 Stunde(n), 40 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 3 C:\Users\Musicbiggy\AppData\Roaming\OpenCandy (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Musicbiggy\AppData\Roaming\OpenCandy\01C77457F41C41FCB6BCE2770BDA11E7 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Musicbiggy\AppData\Roaming\OpenCandy\30CE9BEEAE834CB1A4BA16A0F8E5CAD5 (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 5 C:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_format-factory.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Musicbiggy\BEHALTEN 2012\PROGRAMME\MAC-WANDLER\SoftonicDownloader_fuer_transmac.exe (PUP.Optional.Softonic) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Musicbiggy\Downloads\DTLite4481-0347.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Musicbiggy\AppData\Roaming\OpenCandy\01C77457F41C41FCB6BCE2770BDA11E7\Setupsft_chr_p1v7.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Musicbiggy\AppData\Roaming\OpenCandy\30CE9BEEAE834CB1A4BA16A0F8E5CAD5\Trial-14.0.1000.89_de-DE_1004732_DE-1.exe (PUP.Optional.OpenCandy) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
|
05.12.2013, 09:22
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Ja das waren Reste, einfach löschen. Wenn Du das PW geändert hast passt das
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
05.12.2013, 11:08
| #9 |
| | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Alles klar. Dann danke dir für die Hilfe Gruß, Lena |
|
06.12.2013, 09:25
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) Gern Geschehen
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu Windows 7: Verseuchter Rechner (Malewarebytes findet 23 infizierte Dateien) |
| 4d36e972-e325-11ce-bfc1-08002be10318, adblock, antivir, canon, deaktiviert, dvdvideosoft ltd., fehlermeldung, infizierte, link, memory.dmp, minidump, newtab, ntdll.dll, passwörter, plugin, problem, pup.optional.crossrider.a, pup.optional.opencandy, pup.optional.plushd.a, quarantäne, required, richtlinie, trojaner, virenscanner, websites, win32/startpage.oph, windows, öffnet |
Linear-Darstellung
