| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Webseiten werden massiv auf Werbung umgeleitetWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
29.01.2014, 12:04
| #1 |
| |  Windows 7: Webseiten werden massiv auf Werbung umgeleitet Hinweis: Dieser Rechner wird auch zum Bearbeiten geschäftlicher Mails und zum Austausch bzw. Bearbeiten beruflicher Daten verwendet. Der Rechner ist mein Privateigentum und wird hauptsächlich zu privaten Zwecken verwendet. Die Firma meines Bruders (ich bin dort fest angestellt besteht nur aus zwei Personen besitzt keine IT-Abteilung). Seit gestern öffnen sich beim Benutzen von Firefox permanent neue Seiten mit Werbung, Hinweisen zum Download verschiedener Software, Warnhinweise u.ä. Das Schließen der Seiten führt umgehend zu neuen Seiten, eine normale Nutzung des Rechners ist fast nicht mehr möglich. Ich bin zum ersten Mal beim Trojaner-Board und hoffe, alles gemäß der Anleitung richtig gemacht zu haben. Für alle Rückfragen stehe ich natürlich gerne zur Verfügung. Und schon mal vielen Dank im voraus, das was ich bisher in diesem Board gelesen habe stimmt mich zuversichtlich.  Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014
Ran by Michael (administrator) on MICHAEL-HP on 29-01-2014 10:59:34
Running from C:\Users\Michael\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Cherished Technololgy LIMITED) C:\ProgramData\IePluginService\PluginService.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Surftastic\updateSurftastic.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
() C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [] - [x]
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\runonceex: [ContentMerger] - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\ContentMerger10.exe [19952 2009-11-23] (Sonic Solutions)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKCU\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
HKCU\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKCU\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845168 2013-12-11] (Samsung)
HKU\Administrator\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - C:\Program Files (x86)\Surftastic\Surftasticbho.dll (Surftastic)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default
FF NewTab: hxxp://www.awesomehp.com/newtab/?type=nt&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\trash [2014-01-28]
FF Extension: HP Detect - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-25]
FF Extension: Extension_Protected - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-28]
FF Extension: Lightning Speed Dial - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF Extension: Surftastic - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{01531192-f7ef-415f-a549-cfdb11836731}.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{a711367d-39ac-4cd2-8b4f-b9602e6df838}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
==================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 IePluginService; C:\ProgramData\IePluginService\PluginService.exe [508016 2014-01-14] (Cherished Technololgy LIMITED)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OKI OKHC DCS Loader; C:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE [20480 2009-03-05] (Oki Data Corporation)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [102176 2014-01-28] ()
R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [102176 2014-01-29] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-02] ()
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 08:34 - 00000000 ____D C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-28 23:52 - 2014-01-29 10:45 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-28 23:47 - 2014-01-29 10:45 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-28 23:47 - 2014-01-29 10:41 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-28 23:41 - 2014-01-29 00:24 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-28 23:39 - 2014-01-29 08:10 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-27 19:19 - 2014-01-27 19:20 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PLATINUM
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:14 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:46 - 2014-01-24 14:50 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 13:27 - 2014-01-24 14:09 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:20 - 2014-01-24 13:21 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 22:18 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-15 22:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-15 22:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-15 22:17 - 2014-01-15 22:18 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 14:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 14:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:55 - 2012-03-22 13:43 - 02557952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\windows\SysWOW64\QtCore4.dll
2014-01-12 16:54 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:53 - 2014-01-12 16:54 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:47 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\windows\WM8EUTIL.exe
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-04 10:21 - 2014-01-04 10:26 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
==================== One Month Modified Files and Folders =======
2014-01-29 11:00 - 2013-12-11 19:47 - 00018560 _____ C:\Users\Michael\Downloads\FRST.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:59 - 2013-12-11 19:47 - 00000000 ____D C:\FRST
2014-01-29 10:58 - 2013-12-11 19:37 - 00000476 _____ C:\Users\Michael\Downloads\defogger_disable.log
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 __SHD C:\windows\SysWOW64\AI_RecycleBin
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-29 10:50 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 10:50 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 10:47 - 2012-09-28 16:40 - 01201314 _____ C:\windows\WindowsUpdate.log
2014-01-29 10:45 - 2014-01-28 23:52 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-29 10:45 - 2014-01-28 23:47 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-29 10:44 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2014-01-29 10:44 - 2012-10-03 19:50 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 10:43 - 2012-10-05 13:24 - 00001108 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 10:43 - 2012-09-27 17:58 - 00000000 ___RD C:\Users\Michael\Dropbox
2014-01-29 10:42 - 2010-09-12 21:43 - 00089016 _____ C:\windows\PFRO.log
2014-01-29 10:42 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-29 10:42 - 2009-07-14 05:51 - 00103432 _____ C:\windows\setupact.log
2014-01-29 10:41 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-29 10:39 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\Outlook-Dateien
2014-01-29 10:04 - 2012-10-05 13:24 - 00001112 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:34 - 2014-01-29 08:29 - 00000000 ____D C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-29 08:10 - 2014-01-28 23:39 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-29 00:24 - 2014-01-28 23:41 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:41 - 2012-09-28 07:57 - 00000000 ____D C:\Users\Michael
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\ProgramData\IePluginService
2014-01-28 23:40 - 2012-10-03 19:31 - 00001298 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-28 23:40 - 2012-09-28 08:13 - 00001601 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-28 16:15 - 2012-10-01 10:55 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6347D7FD-5107-48C0-96E6-C687689A1F64}
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 15:29 - 2012-10-04 08:45 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe
2014-01-28 15:29 - 2012-10-03 19:50 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 15:29 - 2012-10-03 19:50 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 15:29 - 2012-10-03 19:50 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-28 11:51 - 2013-01-31 00:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MyPhoneExplorer
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 11:30 - 2010-09-12 21:06 - 03428894 _____ C:\windows\system32\perfh007.dat
2014-01-28 11:30 - 2010-09-12 21:06 - 01048708 _____ C:\windows\system32\perfc007.dat
2014-01-28 11:30 - 2009-07-14 06:13 - 00006488 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PLATINUM Tools
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Program Files (x86)\PLATINUM Tools
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Solarschmiede
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Program Files (x86)\Solarschmiede
2014-01-27 19:20 - 2014-01-27 19:19 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PLATINUM
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:15 - 2014-01-27 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:50 - 2014-01-24 14:46 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 14:09 - 2014-01-24 13:27 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:31 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\samsung
2014-01-24 13:27 - 2013-01-30 23:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Samsung
2014-01-24 13:27 - 2010-09-12 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 13:26 - 2013-01-30 23:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-24 13:26 - 2012-09-28 08:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-24 13:21 - 2014-01-24 13:20 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-19 08:33 - 2012-10-01 19:11 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 21:38 - 2013-08-07 12:40 - 00001483 _____ C:\Users\Michael\Desktop\bwin Poker.lnk
2014-01-16 08:05 - 2012-10-04 11:50 - 00001025 _____ C:\Users\Michael\Desktop\Dropbox.lnk
2014-01-16 08:05 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 08:05 - 2012-09-28 08:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 07:57 - 2009-07-14 05:45 - 00393664 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:35 - 2013-08-15 11:00 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 22:33 - 2012-10-01 19:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 22:32 - 2012-09-27 18:15 - 00000000 ____D C:\Users\Michael\Documents\VirtualDJ
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2014-01-15 22:17 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:18 - 2013-07-15 08:26 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 11:32 - 2012-09-28 08:18 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-01-14 09:09 - 2012-10-08 13:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 09:09 - 2009-07-14 03:34 - 00000513 _____ C:\windows\win.ini
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:57 - 2014-01-12 16:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:54 - 2014-01-12 16:53 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-07 14:50 - 2013-02-12 18:29 - 00000000 ____D C:\Program Files (x86)\KOSTAL
2014-01-04 10:26 - 2014-01-04 10:21 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\e5rpqs2f.dll
C:\Users\Michael\AppData\Local\Temp\EnableExtDll.dll
C:\Users\Michael\AppData\Local\Temp\firefoxjre_exe.exe
C:\Users\Michael\AppData\Local\Temp\install-PLATINUM-SolarConfigPlus.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u21-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Michael\AppData\Local\Temp\pdfiutil.exe
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
C:\Users\Michael\AppData\Local\Temp\ShellLink.dll
C:\Users\Michael\AppData\Local\Temp\ShellLink0.dll
C:\Users\Michael\AppData\Local\Temp\SIInvoker.exe
C:\Users\Michael\AppData\Local\Temp\_ISDEL.EXE
C:\Users\Michael\AppData\Local\Temp\_SETUP.DLL
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-19 09:23
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-01-2014
Ran by Michael at 2014-01-29 11:00:43
Running from C:\Users\Michael\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
==================== Installed Programs ======================
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7-Zip 9.20 (x32 Version: - )
888poker (x32 Version: - )
ActivClient x64 (Version: 6.2 - ActivIdentity)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.170 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
Adobe Reader X (10.1.9) - Deutsch (x32 Version: 10.1.9 - Adobe Systems Incorporated)
Audiograbber 1.83 SE (x32 Version: 1.83 SE - Audiograbber)
Audiograbber MP3-Plugin (x32 Version: 1.0 - AG)
Bing Rewards Client Installer (x32 Version: 16.0.345.0 - Microsoft Corporation) Hidden
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Broadcom 802.11 Wireless LAN Adapter (Version: 5.60.48.35 - Broadcom Corporation)
bwin Poker (x32 Version: - bwincom)
Carmageddon II - Carpocalypse Now (x32 Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (x32 Version: - Microsoft)
DirectX 9 Runtime (x32 Version: 1.00.0000 - Sonic Solutions) Hidden
Dropbox (HKCU Version: 2.4.11 - Dropbox, Inc.)
EcrSystem (Version: 1.0.0 - EcrSystem)
Energy Star Digital Logo (x32 Version: 1.0.1 - Hewlett-Packard)
File Sanitizer For HP ProtectTools (x32 Version: 5.0.1.3 - Hewlett-Packard)
FileZilla Client 3.2.7.1 (x32 Version: 3.2.7.1 - )
Filzip 3.06 (x32 Version: 3.0.6 - Philipp Engel)
Free Audio CD to MP3 Converter version 1.3.12.1228 (x32 Version: 1.3.12.1228 - DVDVideoSoft Ltd.)
Free CD to MP3 Converter (x32 Version: - Eusing Software)
Google Earth (x32 Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.22.3 - Google Inc.) Hidden
HP Customer Experience Enhancements (x32 Version: 6.0.1.4 - Hewlett-Packard) Hidden
HP Update (x32 Version: 5.005.000.001 - Hewlett-Packard)
HP Web Camera (Version: 1.0.0 - Hewlett-Packard) Hidden
HP Webcam (x32 Version: 1.0.19.5 - Roxio)
HP Wireless Assistant (Version: 4.0.6.0 - Hewlett-Packard)
IDT Audio (x32 Version: 1.0.6275.0 - IDT)
IePluginService12.27.0.3326 (x32 Version: 12.27.0.3326 - Cherished Technololgy LIMITED) <==== ATTENTION
Intel(R) Control Center (x32 Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (x32 Version: 8.15.10.2119 - Intel Corporation)
Intel(R) Management Engine Components (x32 Version: 6.0.0.1179 - Intel Corporation)
Intel(R) Network Connections Drivers (Version: 14.8 - Intel)
Intel® Matrix Storage Manager (Version: - Intel Corporation)
Java 7 Update 51 (x32 Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java Card Security for HP ProtectTools (Version: 5.0.4.1 - Hewlett-Packard)
Java(TM) 6 Update 31 (x32 Version: 6.0.310 - Oracle)
Lastannahmen International (HKCU Version: 1.3.1.5 - Schletter GmbH)
LightScribe System Software (x32 Version: 1.18.12.1 - LightScribe)
LSI HDA Modem (Version: 2.2.98 - LSI Corporation)
Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
MeteoSyn (x32 Version: 2.3.1.123 - Dr. Valentin EnergieSoftware GmbH)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30320 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended DEU Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Klick-und-Los 2010 (x32 Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.4.0304.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (Version: 4.4.304.0 - Microsoft Corporation)
Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 DEU (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0 - Microsoft Corporation)
MyPhoneExplorer (x32 Version: 1.8.5 - F.J. Wechselberger)
NAVIGON Fresh 3.4.1 (x32 Version: 3.4.1 - NAVIGON)
OKI Alert Info (x32 Version: 1.3.0 - Okidata)
OKI Color Correct Utility (x32 Version: 2.17.1 - Okidata)
OKI Color Swatch-Dienstprogramm (x32 Version: 2.1.11 - Okidata)
OKI Configuration Tool (x32 Version: 1.6.0 - Okidata)
OKI Device Setting (x32 Version: 1.6.0 - Okidata)
OKI LPR-Dienstprogramm (x32 Version: 5.0.5 - Okidata)
OKI Network Setting (x32 Version: 1.0.2 - Okidata)
OKI Storage Manager (x32 Version: 1.0.2 - Okidata)
OKI User Setting (x32 Version: 1.4.0 - Okidata)
PDFCreator (x32 Version: 1.5.1 - Frank Heindörfer, Philip Chinery)
Photo Plan (x32 Version: 1.01.0004 - Dr. Valentin EnergieSoftware GmbH)
PIKO Plan 2.0 (x32 Version: 1.0.1350.3 - KOSTAL)
PokerStars.eu (x32 Version: - PokerStars.eu)
PowerRouter Installation Tool Version 3.3.2183 (x32 Version: 3.3.2183 - Nedap Energy Systems, the PowerRouter)
PVSOL advanced 6.0 (x32 Version: 6.0.1 - Dr. Valentin EnergieSoftware GmbH)
PVSOL Pro 5.5 (x32 Version: 5.5.2 - Dr. Valentin EnergieSoftware GmbH)
Realtek PC Camera (x32 Version: 6.1.7600.0028 - Realtek Semiconductor Corp.)
RICOH Media Driver (x32 Version: 2.14.00.05 - RICOH)
Roxio Activation Module (x32 Version: 1.0 - Roxio) Hidden
Roxio Creator Audio (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Business (x32 Version: 10.3.56.20 - Roxio)
Roxio Creator Business v10 (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.8.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.2 - Roxio) Hidden
Roxio MyDVD (x32 Version: 10.3.349 - Roxio) Hidden
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.1.12123_2 - Samsung Electronics Co., Ltd.) Hidden
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.13114.22 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13054_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.29.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Show-Password (x32 Version: - Show-Password LTD)
SketchUp 2013 (x32 Version: 13.0.4812 - Trimble Navigation Limited)
Skype™ 5.10 (x32 Version: 5.10.116 - Skype Technologies S.A.)
SolarConfig Plus (x32 Version: 1.0.1349.3 - Platinum GmbH)
SolarEdge Site Designer (x32 Version: 2.1.2 - SolarEdge Technologies)
SolarEdge Site Designer (x32 Version: 2.1.4 - SolarEdge Technologies)
Sonic CinePlayer Decoder Pack (x32 Version: 4.3.0 - Sonic Solutions) Hidden
Studie zur Verbesserung von HP Deskjet 2050 J510 series Produkten (Version: 28.0.1313.0 - Hewlett-Packard Co.)
Sunny Design 2.30 (x32 Version: 2.30.0.4 - SMA Solar Technology AG)
Surftastic (Version: 2014.01.28.010740 - Surftastic)
Synaptics Pointing Device Driver (Version: 15.0.10.0 - Synaptics Incorporated)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard)
Theft Recovery (x32 Version: 5.1.0.21 - Hewlett-Packard) Hidden
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1 - Microsoft Corporation)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3 - Microsoft Corporation)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (x32 Version: - Microsoft)
Validity Fingerprint Driver (Version: 4.0.15.0 - Validity Sensors, Inc.)
ValueApps (HKCU Version: 1.3.1.1 - Conduit) <==== ATTENTION
VD64Inst (Version: 1.00.0000 - Roxio, Inc.) Hidden
VirtualDJ Home FREE (x32 Version: 7.4.1 - Atomix Productions)
Winamp (x32 Version: 5.63 - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU Version: 1.0.0.1 - Nullsoft, Inc)
Windows 7 Default Setting (x32 Version: 1.0.1.6 - Hewlett-Packard Company)
Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) (Version: 07/30/2009 6.2.0.9405 - Broadcom)
Windows Driver Package - Broadcom Bluetooth (12/16/2009 6.2.0.9414) (Version: 12/16/2009 6.2.0.9414 - Broadcom)
Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) (Version: 07/28/2009 6.2.0.9800 - Broadcom)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0 - Microsoft Corporation)
Windows-Treiberpaket - FTDI CDM Driver Package (02/17/2009 2.04.16) (Version: 02/17/2009 2.04.16 - FTDI)
WinZip 14.5 (x32 Version: 14.5.9055 - WinZip Computing, S.L. )
WPM17.8.0.3325 (x32 Version: 17.8.0.3325 - Cherished Technololgy LIMITED) <==== ATTENTION
==================== Restore Points =========================
28-01-2014 17:18:02 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {0F556584-E0E9-4623-B54E-C440E10659E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05] (Google Inc.)
Task: {211E3C2B-3304-40CE-9A67-B32AF286C1E7} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-01-28] (Adobe Systems Incorporated)
Task: {2406BECA-24C3-4BCF-A2C0-37F8B04520DC} - System32\Tasks\HPCustParticipation HP Deskjet 2050 J510 series => C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe [2012-10-02] (Hewlett-Packard Co.)
Task: {38C9D060-B84E-4039-8C40-BB45DB72F748} - \AmiUpdXp No Task File
Task: {49CCB556-F9DC-40A0-B08C-F1EEE474ECE8} - System32\Tasks\RegistryDr_Start => C:\Program Files (x86)\Registry Dr\RegistryDr.exe
Task: {7ADB0A97-8AC7-4CD6-B2BD-89BEEE9E362C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {8F811A56-878C-4E70-BB45-3CBB81D3214A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05] (Google Inc.)
Task: {BE786043-51B8-44B0-B81F-C0253046C047} - System32\Tasks\RegistryDr_Popup => C:\Program Files (x86)\Registry Dr\Splash.exe
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2009-08-23 18:24 - 2009-08-23 18:24 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2010-04-05 19:11 - 2010-04-05 19:11 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2010-04-05 19:12 - 2010-04-05 19:12 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-02-22 19:19 - 2010-02-22 19:19 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-02-22 19:19 - 2010-02-22 19:19 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-02-22 19:19 - 2010-02-22 19:19 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2013-10-19 00:55 - 2013-10-19 00:55 - 25100288 _____ () C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll
2013-12-21 02:17 - 2013-12-21 02:17 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-28 15:29 - 2014-01-28 15:29 - 16287624 _____ () C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/28/2014 05:37:05 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"
Error: (01/28/2014 05:18:29 PM) (Source: Windows Backup) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)"
Error: (01/28/2014 11:30:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/28/2014 11:30:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/28/2014 11:30:37 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/24/2014 03:24:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/24/2014 03:24:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/24/2014 03:24:43 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (01/24/2014 02:49:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (01/24/2014 02:49:04 PM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
System errors:
=============
Error: (01/29/2014 10:45:07 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/29/2014 10:44:00 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/29/2014 08:37:49 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/29/2014 08:13:02 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/29/2014 08:12:17 AM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: AnwendungsspezifischLokalStart{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT-AUTORITÄTSYSTEMS-1-5-18LocalHost (unter Verwendung von LRPC)
Error: (01/29/2014 00:24:43 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/29/2014 00:24:21 AM) (Source: Service Control Manager) (User: )
Description: Dienst "MgAssist Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Error: (01/28/2014 11:41:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "MgAssist Service" ist als interaktiver Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error: (01/28/2014 03:22:04 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (01/28/2014 08:10:51 AM) (Source: Service Control Manager) (User: )
Description: Der Dienst "HP Health Check Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (01/28/2014 05:37:05 PM) (Source: Windows Backup)(User: )
Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)
Error: (01/28/2014 05:18:29 PM) (Source: Windows Backup)(User: )
Description: Auf diesem Laufwerk ist nicht genügend Speicherplatz zum Speichern der Sicherung verfügbar. Löschen Sie ältere Sicherungen und nicht benötigte Daten, um Speicherplatz freizugeben, oder ändern Sie die Sicherungseinstellungen. (0x81000005)
Error: (01/28/2014 11:30:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/28/2014 11:30:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/28/2014 11:30:37 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/24/2014 03:24:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/24/2014 03:24:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/24/2014 03:24:43 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
Error: (01/24/2014 02:49:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (01/24/2014 02:49:04 PM) (Source: Microsoft-Windows-LoadPerf)(User: NT-AUTORITÄT)
Description: Performance1637070000000000000000000009030000
CodeIntegrity Errors:
===================================
Date: 2013-10-29 21:45:11.721
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:11.564
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:09.363
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:09.203
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:06.811
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:06.663
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:04.462
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:04.332
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:02.128
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2013-10-29 21:45:02.005
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\SysWOW64\FsUsbExDisk.Sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Memory info ===========================
Percentage of memory in use: 48%
Total physical RAM: 3887.43 MB
Available physical RAM: 2007.23 MB
Total Pagefile: 7773.04 MB
Available Pagefile: 5703.62 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:280.79 GB) (Free:111.88 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:1.99 GB) (Free:0.02 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298 GB) (Disk ID: 8C949010)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=180 MB) - (Type=42)
Partition 3: (Not Active) - (Size=120 MB) - (Type=42)
Partition 4: (Not Active) - (Size=281 GB) - (Type=42)
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-01-29 11:44:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST932042 rev.0006 298,09GB
Running: Gmer-19357.exe; Driver: C:\Users\Michael\AppData\Local\Temp\uwliykow.sys
---- User code sections - GMER 2.1 ----
.text C:\ProgramData\IePluginService\PluginService.exe[1656] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\ProgramData\IePluginService\PluginService.exe[1656] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2120] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[2120] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
.text C:\Program Files (x86)\Surftastic\updateSurftastic.exe[2664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\Program Files (x86)\Surftastic\updateSurftastic.exe[2664] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
.text C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe[3052] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe[3052] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3292] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4688] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe[4688] C:\windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075651465 2 bytes [65, 75]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[5588] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756514bb 2 bytes [65, 75]
.text ... * 2
---- Processes - GMER 2.1 ----
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4688](2014-01-03 00:45:04) 0000000004090000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4688](2013-10-18 23:55:02) 0000000069e40000
Library C:\Users\Michael\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe [4688] (ICU Data DLL/The ICU Project)(2013-10-18 23:55:00) 0000000073b60000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\e02a82cf7554
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\e02a82cf7554 (not active ControlSet)
---- EOF - GMER 2.1 ----
|
|
29.01.2014, 12:36
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Webseiten werden massiv auf Werbung umgeleitet hi,
__________________Scan mit Combofix
__________________ |
|
29.01.2014, 13:18
| #3 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitetCode:
ATTFilter ComboFix 14-01-29.01 - Michael 29.01.2014 12:57:45.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3887.1885 [GMT 1:00]
ausgeführt von:: c:\users\Michael\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Enabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\IePluginService
c:\programdata\IePluginService\PluginService.exe
c:\users\Michael\AppData\Local\Microsoft\Windows\Temporary Internet Files\{381BD0C7-A9FB-4CBB-8A6A-05D2DB4E5E32}.xps
c:\users\Michael\AppData\Roaming\platinum
c:\users\Michael\AppData\Roaming\platinum\DB\PLATINUM.sdf
c:\users\Michael\AppData\Roaming\platinum\DB\pvscout.sdf
c:\users\Michael\AppData\Roaming\platinum\DB\pvscoutextended.sdf
c:\users\Michael\AppData\Roaming\platinum\InternetUpdateFiles\7za.exe
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_IePluginService
-------\Service_IePluginService
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-12-28 bis 2014-01-29 ))))))))))))))))))))))))))))))
.
.
2014-01-29 12:04 . 2014-01-29 12:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-01-29 12:04 . 2014-01-29 12:04 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2014-01-29 07:43 . 2014-01-29 07:43 -------- d-----w- c:\users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 07:43 . 2014-01-29 07:43 -------- d-----w- c:\programdata\Malwarebytes
2014-01-29 07:43 . 2014-01-29 07:43 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-01-29 07:43 . 2013-04-04 13:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-01-29 07:29 . 2014-01-29 07:34 -------- d-----w- C:\AdwCleaner
2014-01-28 22:52 . 2014-01-28 22:52 -------- d-----w- c:\users\Michael\AppData\Local\RegistryDR
2014-01-28 22:47 . 2014-01-29 09:41 -------- d-----w- c:\program files (x86)\AmiExt
2014-01-28 22:47 . 2014-01-29 09:51 -------- d-sh--w- c:\windows\SysWow64\AI_RecycleBin
2014-01-28 22:47 . 2014-01-29 09:51 -------- d-----w- c:\program files (x86)\Registry Dr
2014-01-28 22:41 . 2014-01-28 23:24 -------- d-----w- c:\users\Michael\AppData\Local\cache
2014-01-28 22:39 . 2014-01-29 07:10 -------- d-----w- c:\program files (x86)\Surftastic
2014-01-28 14:35 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{037474F5-71BD-4023-ACED-4847ABB653C8}\mpengine.dll
2014-01-28 14:29 . 2014-01-28 14:29 -------- d-----w- c:\programdata\McAfee
2014-01-28 10:33 . 2014-01-28 10:33 -------- d-----w- c:\users\Michael\.android
2014-01-28 10:33 . 2014-01-28 10:33 -------- d-----w- c:\program files (x86)\MyPhoneExplorer
2014-01-27 18:15 . 2014-01-27 18:15 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2014-01-27 18:14 . 2014-01-27 18:15 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-01-27 12:05 . 2013-12-04 03:28 10315576 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-01-24 13:46 . 2014-01-24 13:50 -------- d-----w- c:\users\Michael\Fotos Mama
2014-01-23 18:58 . 2013-10-18 06:19 965000 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1E7EB4D0-5454-4151-ABE7-36C18688072D}\gapaengine.dll
2014-01-22 07:52 . 2014-01-22 07:52 206080 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2014-01-22 07:52 . 2014-01-22 07:52 108800 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2014-01-15 21:19 . 2014-01-15 21:19 -------- d-----w- c:\programdata\Oracle
2014-01-15 21:18 . 2014-01-15 21:18 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-01-15 21:18 . 2013-12-18 20:09 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-01-15 13:48 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-01-15 13:48 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-01-15 13:48 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-01-15 13:48 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-01-15 13:48 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-01-15 13:48 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-01-15 13:48 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-01-15 13:48 . 2013-11-26 10:32 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-01-15 13:48 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-01-12 15:55 . 2012-03-22 12:43 2557952 ----a-w- c:\windows\SysWow64\QtCore4.dll
2014-01-12 15:55 . 2014-01-12 15:55 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2014-01-12 15:55 . 2014-01-12 15:55 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2014-01-12 15:54 . 2014-01-12 15:57 -------- d-----w- c:\users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 15:47 . 2014-01-12 15:47 -------- d-----w- c:\users\Michael\AppData\Roaming\Eusing
2014-01-12 15:47 . 2001-03-23 15:29 880912 ----a-w- c:\windows\WM8EUTIL.exe
2014-01-12 15:47 . 2014-01-12 15:47 -------- d-----w- c:\program files (x86)\CD to MP3 Freeware
2014-01-12 15:35 . 2014-01-12 15:35 -------- d-----w- C:\Musik
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-01-28 14:29 . 2012-10-03 18:50 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-01-28 14:29 . 2012-10-03 18:50 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-19 07:33 . 2012-10-01 18:11 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-01-15 21:33 . 2012-10-01 18:31 86054176 ----a-w- c:\windows\system32\MRT.exe
2013-12-04 08:03 . 2013-12-04 08:03 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-12-04 08:03 . 2013-12-04 08:03 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-12-04 08:03 . 2013-12-04 08:03 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2013-12-04 08:03 . 2013-12-04 08:03 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2013-12-04 08:03 . 2013-12-04 08:03 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-12-04 08:03 . 2013-12-04 08:03 34816 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2013-12-04 08:03 . 2013-12-04 08:03 337408 ----a-w- c:\windows\SysWow64\html.iec
2013-12-04 08:03 . 2013-12-04 08:03 235008 ----a-w- c:\windows\system32\elshyph.dll
2013-12-04 08:03 . 2013-12-04 08:03 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2013-12-04 08:03 . 2013-12-04 08:03 61952 ----a-w- c:\windows\SysWow64\MshtmlDac.dll
2013-12-04 08:03 . 2013-12-04 08:03 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2013-12-04 08:03 . 2013-12-04 08:03 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2013-12-04 08:03 . 2013-12-04 08:03 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-12-04 08:03 . 2013-12-04 08:03 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-12-04 08:03 . 2013-12-04 08:03 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-12-04 08:03 . 2013-12-04 08:03 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-12-04 08:03 . 2013-12-04 08:03 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2013-12-04 08:03 . 2013-12-04 08:03 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2013-12-04 08:03 . 2013-12-04 08:03 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-12-04 08:03 . 2013-12-04 08:03 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-12-04 08:03 . 2013-12-04 08:03 1051136 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-12-04 08:03 . 2013-12-04 08:03 942592 ----a-w- c:\windows\system32\jsIntl.dll
2013-12-04 08:03 . 2013-12-04 08:03 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-12-04 08:03 . 2013-12-04 08:03 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-12-04 08:03 . 2013-12-04 08:03 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2013-12-04 08:03 . 2013-12-04 08:03 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-12-04 08:03 . 2013-12-04 08:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-12-04 08:03 . 2013-12-04 08:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-12-04 08:03 . 2013-12-04 08:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-12-04 08:03 . 2013-12-04 08:03 247808 ----a-w- c:\windows\system32\msls31.dll
2013-12-04 08:03 . 2013-12-04 08:03 195584 ----a-w- c:\windows\system32\msrating.dll
2013-12-04 08:03 . 2013-12-04 08:03 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2013-12-04 08:03 . 2013-12-04 08:03 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-12-04 08:03 . 2013-12-04 08:03 105984 ----a-w- c:\windows\system32\iesysprep.dll
2013-12-04 08:03 . 2013-12-04 08:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-12-04 08:03 . 2013-12-04 08:03 84992 ----a-w- c:\windows\system32\mshtmled.dll
2013-12-04 08:03 . 2013-12-04 08:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-12-04 08:03 . 2013-12-04 08:03 626176 ----a-w- c:\windows\system32\msfeeds.dll
2013-12-04 08:03 . 2013-12-04 08:03 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2013-12-04 08:03 . 2013-12-04 08:03 548352 ----a-w- c:\windows\system32\vbscript.dll
2013-12-04 08:03 . 2013-12-04 08:03 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2013-12-04 08:03 . 2013-12-04 08:03 413696 ----a-w- c:\windows\system32\html.iec
2013-12-04 08:03 . 2013-12-04 08:03 40448 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2013-12-04 08:03 . 2013-12-04 08:03 30208 ----a-w- c:\windows\system32\licmgr10.dll
2013-12-04 08:03 . 2013-12-04 08:03 296960 ----a-w- c:\windows\system32\dxtrans.dll
2013-12-04 08:03 . 2013-12-04 08:03 263376 ----a-w- c:\windows\system32\iedkcs32.dll
2013-12-04 08:03 . 2013-12-04 08:03 243200 ----a-w- c:\windows\system32\webcheck.dll
2013-12-04 08:03 . 2013-12-04 08:03 235520 ----a-w- c:\windows\system32\url.dll
2013-12-04 08:03 . 2013-12-04 08:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-12-04 08:03 . 2013-12-04 08:03 143872 ----a-w- c:\windows\system32\wextract.exe
2013-12-04 08:03 . 2013-12-04 08:03 1228800 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-12-04 08:03 . 2013-12-04 08:03 101376 ----a-w- c:\windows\system32\inseng.dll
2013-12-04 08:03 . 2013-12-04 08:03 83968 ----a-w- c:\windows\system32\MshtmlDac.dll
2013-12-04 08:03 . 2013-12-04 08:03 774144 ----a-w- c:\windows\system32\jscript.dll
2013-12-04 08:03 . 2013-12-04 08:03 62464 ----a-w- c:\windows\system32\pngfilt.dll
2013-12-04 08:03 . 2013-12-04 08:03 48128 ----a-w- c:\windows\system32\imgutil.dll
2013-12-04 08:03 . 2013-12-04 08:03 147968 ----a-w- c:\windows\system32\occache.dll
2013-12-04 08:03 . 2013-12-04 08:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-12-04 08:03 . 2013-12-04 08:03 135680 ----a-w- c:\windows\system32\iepeers.dll
2013-11-26 11:54 . 2013-12-10 23:38 23183360 ----a-w- c:\windows\system32\mshtml.dll
2013-11-26 10:19 . 2013-12-10 23:38 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2013-11-26 10:18 . 2013-12-10 23:38 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2013-11-26 09:48 . 2013-12-10 23:38 66048 ----a-w- c:\windows\system32\iesetup.dll
2013-11-26 09:46 . 2013-12-10 23:38 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2013-11-26 09:41 . 2013-12-10 23:38 2764288 ----a-w- c:\windows\system32\iertutil.dll
2013-11-26 09:29 . 2013-12-10 23:38 53760 ----a-w- c:\windows\system32\jsproxy.dll
2013-11-26 09:27 . 2013-12-10 23:38 33792 ----a-w- c:\windows\system32\iernonce.dll
2013-11-26 09:23 . 2013-12-10 23:38 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-11-26 09:21 . 2013-12-10 23:38 574976 ----a-w- c:\windows\system32\ieui.dll
2013-11-26 09:18 . 2013-12-10 23:38 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2013-11-26 09:18 . 2013-12-10 23:38 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2013-11-26 09:16 . 2013-12-10 23:38 708608 ----a-w- c:\windows\system32\jscript9diag.dll
2013-11-26 08:57 . 2013-12-10 23:38 218624 ----a-w- c:\windows\system32\ie4uinit.exe
2013-11-26 08:35 . 2013-12-10 23:38 5769216 ----a-w- c:\windows\system32\jscript9.dll
2013-11-26 08:28 . 2013-12-10 23:38 553472 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2013-11-26 08:16 . 2013-12-10 23:38 4243968 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-11-26 08:02 . 2013-12-10 23:38 1995264 ----a-w- c:\windows\system32\inetcpl.cpl
2013-11-26 07:48 . 2013-12-10 23:38 12996608 ----a-w- c:\windows\system32\ieframe.dll
2013-11-26 07:32 . 2013-12-10 23:38 1928192 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-11-26 07:07 . 2013-12-10 23:38 2334208 ----a-w- c:\windows\system32\wininet.dll
2013-11-26 06:40 . 2013-12-10 23:38 1395200 ----a-w- c:\windows\system32\urlmon.dll
2013-11-26 06:34 . 2013-12-10 23:38 817664 ----a-w- c:\windows\system32\ieapfltr.dll
2013-11-26 06:33 . 2013-12-10 23:38 1820160 ----a-w- c:\windows\SysWow64\wininet.dll
2013-11-23 18:26 . 2013-12-10 23:32 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-11-23 17:47 . 2013-12-10 23:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-11-12 02:23 . 2013-12-10 23:32 2048 ----a-w- c:\windows\system32\tzres.dll
2013-11-12 02:07 . 2013-12-10 23:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{c6673938-a52b-4dc6-af05-783e7e2c8b65}]
2014-01-28 01:38 249632 ----a-w- c:\program files (x86)\Surftastic\SurftasticBHO.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\\Phone\Skype.exe" [2012-07-13 17418928]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-12-11 311152]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-1-3 30714328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
OKI LPR-Dienstprogramm.lnk - c:\program files\Okidata\OKI LPR Utility\okilpr.exe [2012-11-9 260144]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\SysWOW64\FsUsbExDisk.SYS;c:\windows\SysWOW64\FsUsbExDisk.SYS [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys;c:\windows\SYSNATIVE\DRIVERS\NETw5s64.sys [x]
R3 OKI OKHC DCS Loader;OKI OKHC DCS Loader;c:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE;c:\windows\SYSNATIVE\spool\DRIVERS\x64\3\OKHCLDCS.EXE [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
R3 rtsuvc;Realtek USB2.0 PC Camera;c:\windows\system32\DRIVERS\rtsuvc.sys;c:\windows\SYSNATIVE\DRIVERS\rtsuvc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 usbrndis6;USB-RNDIS6-Adapter;c:\windows\system32\DRIVERS\usb80236.sys;c:\windows\SYSNATIVE\DRIVERS\usb80236.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe;c:\windows\SYSNATIVE\Hpservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 OpLclSrv;OKI Local Port Manager;c:\program files\Okidata\Common\Extend3\portmgrsrv.exe;c:\program files\Okidata\Common\Extend3\portmgrsrv.exe [x]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys;c:\windows\SYSNATIVE\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys;c:\windows\SYSNATIVE\DRIVERS\rixdpe64.sys [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S2 Update Surftastic;Update Surftastic;c:\program files (x86)\Surftastic\updateSurftastic.exe;c:\program files (x86)\Surftastic\updateSurftastic.exe [x]
S2 Util Surftastic;Util Surftastic;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe;c:\program files (x86)\Surftastic\bin\utilSurftastic.exe [x]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe;c:\windows\SYSNATIVE\vcsFPService.exe [x]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-03 14:29]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 12:24]
.
2014-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-05 12:24]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 413208]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-10-23 1266912]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 161304]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 386584]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
mDefault_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
mStart Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\
FF - prefs.js: browser.search.selectedEngine - awesomehp
FF - prefs.js: browser.startup.homepage - hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-HPAdvisorDock - c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{93DBF2BB-A2B3-4683-A92E-57E60751F346} - c:\program files\Conduit\ValueApps\IE\ValueAppsLoader.dll
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-596d162f-8518-414c-984e-a9bb1430875b - c:\program files (x86)\Show-Password\Uninstall.exe
AddRemove-Carmageddon II - Carpocalypse Now - c:\windows\IsUn0407.exe
AddRemove-IePlugins - c:\programdata\IePluginService\PluginService.exe
AddRemove-WPM - c:\programdata\WPM\wprotectmanager.exe
AddRemove-ValueApps - c:\program files (x86)\Conduit\ValueApps\IE\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2857778488-4066983858-3000933675-1002_Classes\VirtualStore\MACHINE\SOFTWARE\Microsoft\Cryptography\RNG*]
@Allowed: (Read) (RestrictedCode)
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_170_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_170.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-01-29 13:13:42 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-01-29 12:13
.
Vor Suchlauf: 18 Verzeichnis(se), 121.264.680.960 Bytes frei
Nach Suchlauf: 28 Verzeichnis(se), 134.347.677.696 Bytes frei
.
- - End Of File - - 6C4D85DF24B475E2AE2C9C100EEAD76F
A36C5E4F47E84449FF07ED3517B43A31
|
|
29.01.2014, 18:51
| #4 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.01.2014, 20:26
| #5 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitetCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2014.01.29.07 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 11.0.9600.16476 Michael :: MICHAEL-HP [Administrator] 29.01.2014 19:09:14 mbam-log-2014-01-29 (19-09-14).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 240504 Laufzeit: 7 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter # AdwCleaner v3.018 - Bericht erstellt am 29/01/2014 um 19:31:16
# Updated 28/01/2014 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzername : Michael - MICHAEL-HP
# Gestartet von : C:\Users\Michael\Downloads\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.16428
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\prefs.js ]
[ Datei : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\ivg0229s.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [17124 octets] - [29/01/2014 08:30:52]
AdwCleaner[R1].txt - [1127 octets] - [29/01/2014 19:25:08]
AdwCleaner[S0].txt - [16728 octets] - [29/01/2014 08:34:11]
AdwCleaner[S1].txt - [1049 octets] - [29/01/2014 19:31:16]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1109 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Professional x64
Ran by Michael on 29.01.2014 at 19:48:47,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\caphyon
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\windows\syswow64\ai_recyclebin"
~~~ FireFox
Emptied folder: C:\Users\Michael\AppData\Roaming\mozilla\firefox\profiles\o833m7s4.default\minidumps [383 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2014 at 19:54:26,62
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014
Ran by Michael (administrator) on MICHAEL-HP on 29-01-2014 20:23:27
Running from C:\Users\Michael\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
() C:\Program Files (x86)\Surftastic\updateSurftastic.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Administrator\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: No Name - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - No File
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\trash [2014-01-28]
FF Extension: HP Detect - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-25]
FF Extension: Extension_Protected - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-28]
FF Extension: Lightning Speed Dial - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{a711367d-39ac-4cd2-8b4f-b9602e6df838}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
==================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OKI OKHC DCS Loader; C:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE [20480 2009-03-05] (Oki Data Corporation)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [102176 2014-01-28] ()
R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [102176 2014-01-29] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-02] ()
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ C:\ComboFix.txt
2014-01-29 12:55 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-29 12:55 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-29 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-29 12:49 - 2014-01-29 13:13 - 00000000 ____D C:\Qoobox
2014-01-29 12:49 - 2014-01-29 13:12 - 00000000 ____D C:\windows\erdnt
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ C:\Users\Michael\Desktop\Addition.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 08:43 - 2014-01-29 19:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-28 23:52 - 2014-01-29 10:45 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-28 23:47 - 2014-01-29 10:45 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-28 23:47 - 2014-01-29 10:41 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-28 23:41 - 2014-01-29 00:24 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:39 - 2014-01-29 20:03 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:14 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:46 - 2014-01-24 14:50 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 13:27 - 2014-01-24 14:09 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:20 - 2014-01-24 13:21 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 22:18 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-15 22:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-15 22:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-15 22:17 - 2014-01-15 22:18 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 14:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 14:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:55 - 2012-03-22 13:43 - 02557952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\windows\SysWOW64\QtCore4.dll
2014-01-12 16:54 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:53 - 2014-01-12 16:54 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:47 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\windows\WM8EUTIL.exe
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-04 10:21 - 2014-01-04 10:26 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
==================== One Month Modified Files and Folders =======
2014-01-29 20:23 - 2013-12-11 19:47 - 00016833 _____ C:\Users\Michael\Downloads\FRST.txt
2014-01-29 20:23 - 2013-12-11 19:47 - 00000000 ____D C:\FRST
2014-01-29 20:04 - 2012-10-05 13:24 - 00001112 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-29 20:03 - 2014-01-28 23:39 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:45 - 2012-09-28 16:40 - 01253085 _____ C:\windows\WindowsUpdate.log
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:44 - 2012-10-03 19:50 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-29 19:40 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-29 19:40 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-29 19:35 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2014-01-29 19:34 - 2012-10-05 13:24 - 00001108 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-29 19:34 - 2012-09-27 17:58 - 00000000 ___RD C:\Users\Michael\Dropbox
2014-01-29 19:32 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-29 19:32 - 2009-07-14 05:51 - 00103544 _____ C:\windows\setupact.log
2014-01-29 19:31 - 2014-01-29 08:29 - 00000000 ____D C:\AdwCleaner
2014-01-29 19:24 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\Outlook-Dateien
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 19:00 - 2014-01-29 08:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 17:13 - 2012-10-01 10:55 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6347D7FD-5107-48C0-96E6-C687689A1F64}
2014-01-29 13:19 - 2012-09-28 08:17 - 00006686 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-29 13:19 - 2010-09-12 21:06 - 03432480 _____ C:\windows\system32\perfh007.dat
2014-01-29 13:19 - 2010-09-12 21:06 - 01049794 _____ C:\windows\system32\perfc007.dat
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ C:\ComboFix.txt
2014-01-29 13:13 - 2014-01-29 12:49 - 00000000 ____D C:\Qoobox
2014-01-29 13:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-29 13:12 - 2014-01-29 12:49 - 00000000 ____D C:\windows\erdnt
2014-01-29 13:08 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2014-01-29 13:07 - 2010-09-12 21:43 - 00089562 _____ C:\windows\PFRO.log
2014-01-29 13:07 - 2009-07-14 03:34 - 82837504 _____ C:\windows\system32\config\software.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 19136512 _____ C:\windows\system32\config\system.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 01048576 _____ C:\windows\system32\config\default.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ C:\Users\Michael\Desktop\Addition.txt
2014-01-29 11:01 - 2013-12-11 19:50 - 00032237 _____ C:\Users\Michael\Downloads\Addition.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:58 - 2013-12-11 19:37 - 00000476 _____ C:\Users\Michael\Downloads\defogger_disable.log
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-29 10:45 - 2014-01-28 23:52 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-29 10:45 - 2014-01-28 23:47 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-29 10:41 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-29 00:24 - 2014-01-28 23:41 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:41 - 2012-09-28 07:57 - 00000000 ____D C:\Users\Michael
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:40 - 2012-10-03 19:31 - 00001298 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-28 23:40 - 2012-09-28 08:13 - 00001601 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 15:29 - 2012-10-04 08:45 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe
2014-01-28 15:29 - 2012-10-03 19:50 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 15:29 - 2012-10-03 19:50 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 15:29 - 2012-10-03 19:50 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-28 11:51 - 2013-01-31 00:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MyPhoneExplorer
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 11:30 - 2009-07-14 06:13 - 00006488 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PLATINUM Tools
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Program Files (x86)\PLATINUM Tools
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Solarschmiede
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Program Files (x86)\Solarschmiede
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:15 - 2014-01-27 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:50 - 2014-01-24 14:46 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 14:09 - 2014-01-24 13:27 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:31 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\samsung
2014-01-24 13:27 - 2013-01-30 23:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Samsung
2014-01-24 13:27 - 2010-09-12 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 13:26 - 2013-01-30 23:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-24 13:26 - 2012-09-28 08:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-24 13:21 - 2014-01-24 13:20 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-19 08:33 - 2012-10-01 19:11 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 21:38 - 2013-08-07 12:40 - 00001483 _____ C:\Users\Michael\Desktop\bwin Poker.lnk
2014-01-16 08:05 - 2012-10-04 11:50 - 00001025 _____ C:\Users\Michael\Desktop\Dropbox.lnk
2014-01-16 08:05 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 08:05 - 2012-09-28 08:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 07:57 - 2009-07-14 05:45 - 00393664 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:35 - 2013-08-15 11:00 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 22:33 - 2012-10-01 19:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 22:32 - 2012-09-27 18:15 - 00000000 ____D C:\Users\Michael\Documents\VirtualDJ
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2014-01-15 22:17 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:18 - 2013-07-15 08:26 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 11:32 - 2012-09-28 08:18 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-01-14 09:09 - 2012-10-08 13:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 09:09 - 2009-07-14 03:34 - 00000513 _____ C:\windows\win.ini
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:57 - 2014-01-12 16:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:54 - 2014-01-12 16:53 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-07 14:50 - 2013-02-12 18:29 - 00000000 ____D C:\Program Files (x86)\KOSTAL
2014-01-04 10:26 - 2014-01-04 10:21 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:12
==================== End Of Log ============================
--- --- --- |
|
30.01.2014, 16:26
| #6 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden massiv auf Werbung umgeleitetESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ --> Windows 7: Webseiten werden massiv auf Werbung umgeleitet |
|
30.01.2014, 22:16
| #7 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitetCode:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=620c67634d1e394e93eb6f2f45aa734d
# engine=16868
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-01-30 08:56:57
# local_time=2014-01-30 09:56:57 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 17242118 142745267 0 0
# scanned=254100
# found=0
# cleaned=0
# scan_time=12211
Code:
ATTFilter Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Microsoft Security Essentials (On Access scanning disabled!) Error obtaining update status for antivirus! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Java(TM) 6 Update 31 Java 7 Update 51 Adobe Flash Player 12.0.0.43 Flash Player out of Date! Adobe Reader 10.1.9 Adobe Reader out of Date! Mozilla Firefox (26.0) ````````Process Check: objlist.exe by Laurent```````` Microsoft Security Essentials MSMpEng.exe Microsoft Security Essentials msseces.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014
Ran by Michael (administrator) on MICHAEL-HP on 30-01-2014 22:13:53
Running from C:\Users\Michael\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
() C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
() C:\Program Files (x86)\Surftastic\updateSurftastic.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Administrator\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - C:\Program Files (x86)\Surftastic\SurftasticBHO.dll (Surftastic)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\trash [2014-01-28]
FF Extension: HP Detect - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-25]
FF Extension: Extension_Protected - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-28]
FF Extension: Lightning Speed Dial - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{a711367d-39ac-4cd2-8b4f-b9602e6df838}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
==================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OKI OKHC DCS Loader; C:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE [20480 2009-03-05] (Oki Data Corporation)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [103200 2014-01-30] ()
R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [103200 2014-01-30] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-02] ()
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:20 - 2014-01-30 18:21 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 20:24 - 2014-01-29 20:24 - 00038379 _____ C:\Users\Michael\Desktop\FRST_NEU.txt
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ C:\ComboFix.txt
2014-01-29 12:55 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-29 12:55 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-29 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-29 12:49 - 2014-01-29 13:13 - 00000000 ____D C:\Qoobox
2014-01-29 12:49 - 2014-01-29 13:12 - 00000000 ____D C:\windows\erdnt
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ C:\Users\Michael\Desktop\Addition.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 08:43 - 2014-01-29 19:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-28 23:52 - 2014-01-29 10:45 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-28 23:47 - 2014-01-29 10:45 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-28 23:47 - 2014-01-29 10:41 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-28 23:41 - 2014-01-29 00:24 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:39 - 2014-01-29 21:03 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:14 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:46 - 2014-01-24 14:50 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 13:27 - 2014-01-24 14:09 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:20 - 2014-01-24 13:21 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 22:18 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-15 22:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-15 22:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-15 22:17 - 2014-01-15 22:18 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 14:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 14:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:55 - 2012-03-22 13:43 - 02557952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\windows\SysWOW64\QtCore4.dll
2014-01-12 16:54 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:53 - 2014-01-12 16:54 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:47 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\windows\WM8EUTIL.exe
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-04 10:21 - 2014-01-04 10:26 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
==================== One Month Modified Files and Folders =======
2014-01-30 22:13 - 2013-12-11 19:47 - 00017126 _____ C:\Users\Michael\Downloads\FRST.txt
2014-01-30 22:13 - 2013-12-11 19:47 - 00000000 ____D C:\FRST
2014-01-30 22:07 - 2012-09-28 16:40 - 01290585 _____ C:\windows\WindowsUpdate.log
2014-01-30 22:04 - 2012-10-05 13:24 - 00001112 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 21:44 - 2012-10-03 19:50 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-30 20:44 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2014-01-30 19:04 - 2012-10-05 13:24 - 00001108 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-30 18:35 - 2012-10-01 10:55 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6347D7FD-5107-48C0-96E6-C687689A1F64}
2014-01-30 18:23 - 2010-09-12 21:06 - 03449366 _____ C:\windows\system32\perfh007.dat
2014-01-30 18:23 - 2010-09-12 21:06 - 01055384 _____ C:\windows\system32\perfc007.dat
2014-01-30 18:23 - 2009-07-14 06:13 - 00006684 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-30 18:21 - 2014-01-30 18:20 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-30 18:21 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\Outlook-Dateien
2014-01-30 16:00 - 2009-07-14 05:51 - 00104528 _____ C:\windows\setupact.log
2014-01-30 07:38 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-30 07:38 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-30 07:35 - 2012-09-27 17:58 - 00000000 ___RD C:\Users\Michael\Dropbox
2014-01-30 07:31 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-29 23:10 - 2013-11-14 12:10 - 00000000 ____D C:\Program Files (x86)\Filzip
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 21:03 - 2014-01-28 23:39 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-29 20:24 - 2014-01-29 20:24 - 00038379 _____ C:\Users\Michael\Desktop\FRST_NEU.txt
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:31 - 2014-01-29 08:29 - 00000000 ____D C:\AdwCleaner
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 19:00 - 2014-01-29 08:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:19 - 2012-09-28 08:17 - 00006686 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ C:\ComboFix.txt
2014-01-29 13:13 - 2014-01-29 12:49 - 00000000 ____D C:\Qoobox
2014-01-29 13:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-29 13:12 - 2014-01-29 12:49 - 00000000 ____D C:\windows\erdnt
2014-01-29 13:08 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2014-01-29 13:07 - 2010-09-12 21:43 - 00089562 _____ C:\windows\PFRO.log
2014-01-29 13:07 - 2009-07-14 03:34 - 82837504 _____ C:\windows\system32\config\software.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 19136512 _____ C:\windows\system32\config\system.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 01048576 _____ C:\windows\system32\config\default.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ C:\Users\Michael\Desktop\Addition.txt
2014-01-29 11:01 - 2013-12-11 19:50 - 00032237 _____ C:\Users\Michael\Downloads\Addition.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:58 - 2013-12-11 19:37 - 00000476 _____ C:\Users\Michael\Downloads\defogger_disable.log
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-29 10:45 - 2014-01-28 23:52 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-29 10:45 - 2014-01-28 23:47 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-29 10:41 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-29 00:24 - 2014-01-28 23:41 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:41 - 2012-09-28 07:57 - 00000000 ____D C:\Users\Michael
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:40 - 2012-10-03 19:31 - 00001298 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-28 23:40 - 2012-09-28 08:13 - 00001601 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 15:29 - 2012-10-04 08:45 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe
2014-01-28 15:29 - 2012-10-03 19:50 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-28 15:29 - 2012-10-03 19:50 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-28 15:29 - 2012-10-03 19:50 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-28 11:51 - 2013-01-31 00:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MyPhoneExplorer
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PLATINUM Tools
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Program Files (x86)\PLATINUM Tools
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Solarschmiede
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Program Files (x86)\Solarschmiede
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:15 - 2014-01-27 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:50 - 2014-01-24 14:46 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 14:09 - 2014-01-24 13:27 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:31 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\samsung
2014-01-24 13:27 - 2013-01-30 23:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Samsung
2014-01-24 13:27 - 2010-09-12 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 13:26 - 2013-01-30 23:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-24 13:26 - 2012-09-28 08:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-24 13:21 - 2014-01-24 13:20 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-19 08:33 - 2012-10-01 19:11 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 21:38 - 2013-08-07 12:40 - 00001483 _____ C:\Users\Michael\Desktop\bwin Poker.lnk
2014-01-16 08:05 - 2012-10-04 11:50 - 00001025 _____ C:\Users\Michael\Desktop\Dropbox.lnk
2014-01-16 08:05 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 08:05 - 2012-09-28 08:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 07:57 - 2009-07-14 05:45 - 00393664 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:35 - 2013-08-15 11:00 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 22:33 - 2012-10-01 19:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 22:32 - 2012-09-27 18:15 - 00000000 ____D C:\Users\Michael\Documents\VirtualDJ
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2014-01-15 22:17 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:18 - 2013-07-15 08:26 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 11:32 - 2012-09-28 08:18 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-01-14 09:09 - 2012-10-08 13:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 09:09 - 2009-07-14 03:34 - 00000513 _____ C:\windows\win.ini
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:57 - 2014-01-12 16:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:54 - 2014-01-12 16:53 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-07 14:50 - 2013-02-12 18:29 - 00000000 ____D C:\Program Files (x86)\KOSTAL
2014-01-04 10:26 - 2014-01-04 10:21 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:12
==================== End Of Log ============================
--- --- --- Aber als Startseite erscheint immer noch "aweseomehp". Geändert von hillerb99 (30.01.2014 um 22:14 Uhr) |
|
31.01.2014, 16:53
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Flash und Adobe updaten. Downloade dir bitte Shortcut Cleaner (by Grinler) auf deinen Desktop.
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
31.01.2014, 18:18
| #9 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitetCode:
ATTFilter Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Professional Service Pack 1
Program started at: 01/31/2014 06:13:12 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\
* Shortcut Cleaned: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
* Shortcut Cleaned: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
* Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
Searching C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
* Shortcut Cleaned: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
* Shortcut Cleaned: C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
Searching C:\Users\Public\Desktop\
* Shortcut Cleaned: C:\Users\Public\Desktop\Mozilla Firefox.lnk => C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
Searching C:\Users\Michael\Desktop
6 bad shortcuts found.
Program finished at: 01/31/2014 06:13:15 PM
Execution time: 0 hours(s), 0 minute(s), and 3 seconds(s)
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-01-2014
Ran by Michael (administrator) on MICHAEL-HP on 31-01-2014 18:16:48
Running from C:\Users\Michael\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Surftastic\updateSurftastic.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKCU\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Administrator\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Administrator\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
HKU\Default\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
HKU\Default User\...\Run: [HPAdvisorDock] - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - C:\Program Files (x86)\Surftastic\SurftasticBHO.dll (Surftastic)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\trash [2014-01-28]
FF Extension: HP Detect - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-25]
FF Extension: Extension_Protected - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-28]
FF Extension: Lightning Speed Dial - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{a711367d-39ac-4cd2-8b4f-b9602e6df838}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
==================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OKI OKHC DCS Loader; C:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE [20480 2009-03-05] (Oki Data Corporation)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [103200 2014-01-30] ()
R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [103200 2014-01-30] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-02] ()
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-31 18:15 - 2014-01-31 18:15 - 00001322 _____ C:\Users\Michael\Desktop\Fixlist.txt
2014-01-31 18:14 - 2014-01-31 18:14 - 00004866 _____ C:\Users\Michael\Desktop\sc-cleaner.txt
2014-01-31 18:13 - 2014-01-31 18:13 - 00004866 _____ C:\sc-cleaner.txt
2014-01-31 18:04 - 2014-01-31 18:04 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-31 18:02 - 2014-01-31 18:04 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 18:02 - 2014-01-31 18:03 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 18:02 - 2014-01-31 18:02 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:20 - 2014-01-30 18:21 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 20:24 - 2014-01-29 20:24 - 00038379 _____ C:\Users\Michael\Desktop\FRST_NEU.txt
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ C:\ComboFix.txt
2014-01-29 12:55 - 2011-06-26 07:45 - 00256000 _____ C:\windows\PEV.exe
2014-01-29 12:55 - 2010-11-07 18:20 - 00208896 _____ C:\windows\MBR.exe
2014-01-29 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00098816 _____ C:\windows\sed.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00080412 _____ C:\windows\grep.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00068096 _____ C:\windows\zip.exe
2014-01-29 12:49 - 2014-01-29 13:13 - 00000000 ____D C:\Qoobox
2014-01-29 12:49 - 2014-01-29 13:12 - 00000000 ____D C:\windows\erdnt
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ C:\Users\Michael\Desktop\Addition.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 08:43 - 2014-01-29 19:00 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 19:31 - 00000000 ____D C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-28 23:52 - 2014-01-29 10:45 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-28 23:47 - 2014-01-29 10:45 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-28 23:47 - 2014-01-29 10:41 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-28 23:41 - 2014-01-29 00:24 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:39 - 2014-01-29 21:03 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:14 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:46 - 2014-01-24 14:50 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 13:27 - 2014-01-24 14:09 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:20 - 2014-01-24 13:21 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 22:18 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-15 22:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-15 22:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-15 22:17 - 2014-01-15 22:18 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 14:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 14:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:55 - 2012-03-22 13:43 - 02557952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\windows\SysWOW64\QtCore4.dll
2014-01-12 16:54 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:53 - 2014-01-12 16:54 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:47 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\windows\WM8EUTIL.exe
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-04 10:21 - 2014-01-04 10:26 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
==================== One Month Modified Files and Folders =======
2014-01-31 18:16 - 2013-12-11 19:47 - 00016923 _____ C:\Users\Michael\Downloads\FRST.txt
2014-01-31 18:16 - 2013-12-11 19:47 - 00000000 ____D C:\FRST
2014-01-31 18:16 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\Outlook-Dateien
2014-01-31 18:15 - 2014-01-31 18:15 - 00001322 _____ C:\Users\Michael\Desktop\Fixlist.txt
2014-01-31 18:14 - 2014-01-31 18:14 - 00004866 _____ C:\Users\Michael\Desktop\sc-cleaner.txt
2014-01-31 18:13 - 2014-01-31 18:13 - 00004866 _____ C:\sc-cleaner.txt
2014-01-31 18:13 - 2012-10-03 19:31 - 00001134 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-31 18:13 - 2012-09-28 08:13 - 00001425 _____ C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00002019 _____ C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00000000 ____D C:\Program Files (x86)\Adobe
2014-01-31 18:04 - 2014-01-31 18:02 - 00000884 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 18:04 - 2012-10-05 13:24 - 00001112 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-31 18:04 - 2012-10-04 08:45 - 00000000 ____D C:\Users\Michael\AppData\Local\Adobe
2014-01-31 18:04 - 2012-10-02 15:26 - 00000000 ____D C:\ProgramData\Adobe
2014-01-31 18:03 - 2014-01-31 18:02 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 18:02 - 2014-01-31 18:02 - 00003822 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-31 18:02 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-31 18:02 - 2009-07-14 05:45 - 00020720 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-31 17:56 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Dropbox
2014-01-31 17:54 - 2012-09-27 17:58 - 00000000 ___RD C:\Users\Michael\Dropbox
2014-01-31 17:53 - 2012-10-05 13:24 - 00001108 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-31 17:53 - 2009-07-14 06:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-31 17:53 - 2009-07-14 05:51 - 00104640 _____ C:\windows\setupact.log
2014-01-31 17:51 - 2012-09-28 16:40 - 01352773 _____ C:\windows\WindowsUpdate.log
2014-01-31 13:07 - 2010-09-12 21:06 - 03483138 _____ C:\windows\system32\perfh007.dat
2014-01-31 13:07 - 2010-09-12 21:06 - 01066564 _____ C:\windows\system32\perfc007.dat
2014-01-31 13:07 - 2009-07-14 06:13 - 00006684 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-31 07:37 - 2010-09-12 21:43 - 00090380 _____ C:\windows\PFRO.log
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:35 - 2012-10-01 10:55 - 00003946 _____ C:\windows\System32\Tasks\User_Feed_Synchronization-{6347D7FD-5107-48C0-96E6-C687689A1F64}
2014-01-30 18:21 - 2014-01-30 18:20 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 23:10 - 2013-11-14 12:10 - 00000000 ____D C:\Program Files (x86)\Filzip
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 21:03 - 2014-01-28 23:39 - 00000000 ____D C:\Program Files (x86)\Surftastic
2014-01-29 20:24 - 2014-01-29 20:24 - 00038379 _____ C:\Users\Michael\Desktop\FRST_NEU.txt
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:31 - 2014-01-29 08:29 - 00000000 ____D C:\AdwCleaner
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 19:00 - 2014-01-29 08:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:19 - 2012-09-28 08:17 - 00006686 _____ C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ C:\ComboFix.txt
2014-01-29 13:13 - 2014-01-29 12:49 - 00000000 ____D C:\Qoobox
2014-01-29 13:13 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2014-01-29 13:12 - 2014-01-29 12:49 - 00000000 ____D C:\windows\erdnt
2014-01-29 13:08 - 2009-07-14 03:34 - 00000215 _____ C:\windows\system.ini
2014-01-29 13:07 - 2009-07-14 03:34 - 82837504 _____ C:\windows\system32\config\software.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 19136512 _____ C:\windows\system32\config\system.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 01048576 _____ C:\windows\system32\config\default.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\security.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ C:\windows\system32\config\sam.bak
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ C:\Users\Michael\Desktop\Addition.txt
2014-01-29 11:01 - 2013-12-11 19:50 - 00032237 _____ C:\Users\Michael\Downloads\Addition.txt
2014-01-29 10:59 - 2014-01-29 10:59 - 02079744 _____ (Farbar) C:\Users\Michael\Downloads\FRST64(1).exe
2014-01-29 10:58 - 2013-12-11 19:37 - 00000476 _____ C:\Users\Michael\Downloads\defogger_disable.log
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\Registry Dr
2014-01-29 10:45 - 2014-01-28 23:52 - 00003458 _____ C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-29 10:45 - 2014-01-28 23:47 - 00000000 ____D C:\Users\Michael\Documents\RegistryDr
2014-01-29 10:41 - 2014-01-28 23:47 - 00000000 ____D C:\Program Files (x86)\AmiExt
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-29 00:24 - 2014-01-28 23:41 - 00000000 ____D C:\Users\Michael\AppData\Local\cache
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ C:\Users\Michael\daemonprocess.txt
2014-01-28 23:41 - 2012-09-28 07:57 - 00000000 ____D C:\Users\Michael
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D C:\ProgramData\McAfee
2014-01-28 11:51 - 2013-01-31 00:29 - 00000000 ____D C:\Users\Michael\AppData\Roaming\MyPhoneExplorer
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Users\Michael\AppData\Roaming\PLATINUM Tools
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D C:\Program Files (x86)\PLATINUM Tools
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Solarschmiede
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D C:\Program Files (x86)\Solarschmiede
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:15 - 2014-01-27 19:14 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:50 - 2014-01-24 14:46 - 00000000 ____D C:\Users\Michael\Fotos Mama
2014-01-24 14:09 - 2014-01-24 13:27 - 00000000 ____D C:\Users\Michael\Documents\SelfMV
2014-01-24 13:31 - 2012-09-27 18:14 - 00000000 ____D C:\Users\Michael\Documents\samsung
2014-01-24 13:27 - 2013-01-30 23:57 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Samsung
2014-01-24 13:27 - 2010-09-12 21:00 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 13:26 - 2013-01-30 23:53 - 00000000 ____D C:\Program Files (x86)\Samsung
2014-01-24 13:26 - 2012-09-28 08:00 - 00000000 ____D C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-24 13:21 - 2014-01-24 13:20 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-19 08:33 - 2012-10-01 19:11 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 21:38 - 2013-08-07 12:40 - 00001483 _____ C:\Users\Michael\Desktop\bwin Poker.lnk
2014-01-16 08:05 - 2012-10-04 11:50 - 00001025 _____ C:\Users\Michael\Desktop\Dropbox.lnk
2014-01-16 08:05 - 2012-10-04 11:28 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 08:05 - 2012-09-28 08:13 - 00000000 ___RD C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 07:57 - 2009-07-14 05:45 - 00393664 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:35 - 2013-08-15 11:00 - 00000000 ____D C:\windows\system32\MRT
2014-01-15 22:33 - 2012-10-01 19:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 22:32 - 2012-09-27 18:15 - 00000000 ____D C:\Users\Michael\Documents\VirtualDJ
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D C:\ProgramData\Oracle
2014-01-15 22:18 - 2014-01-15 22:17 - 00005933 _____ C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:18 - 2013-07-15 08:26 - 00000000 ____D C:\Program Files (x86)\Java
2014-01-15 11:32 - 2012-09-28 08:18 - 00000000 ____D C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-01-14 09:09 - 2012-10-08 13:15 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-14 09:09 - 2009-07-14 03:34 - 00000513 _____ C:\windows\win.ini
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:57 - 2014-01-12 16:54 - 00000000 ____D C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:54 - 2014-01-12 16:53 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-07 14:50 - 2013-02-12 18:29 - 00000000 ____D C:\Program Files (x86)\KOSTAL
2014-01-04 10:26 - 2014-01-04 10:21 - 204384991 _____ C:\Users\Michael\Downloads\PS3UPDAT.PUP
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:12
==================== End Of Log ============================
|
|
01.02.2014, 11:33
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Hast Du den Fix gemacht mir FRST?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
01.02.2014, 13:56
| #11 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Nein, hatte ich nicht. Hier der aktuelle FRST. Diesmal wurde der Fix ausgeführt mit dem Hinweis, das nichts zum fixen ist. Ist das so gut wie es sich anhört? :-) FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 03
Ran by Michael (administrator) on MICHAEL-HP on 01-02-2014 13:53:19
Running from C:\Users\Michael\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Surftastic\updateSurftastic.exe
() C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2857778488-4066983858-3000933675-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2857778488-4066983858-3000933675-1002\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - C:\Program Files (x86)\Surftastic\SurftasticBHO.dll (Surftastic)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\trash [2014-01-28]
FF Extension: HP Detect - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-25]
FF Extension: Extension_Protected - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-28]
FF Extension: Lightning Speed Dial - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{a711367d-39ac-4cd2-8b4f-b9602e6df838}] - C:\Program Files (x86)\Show-Password\150.xpi
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
==================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OKI OKHC DCS Loader; C:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE [20480 2009-03-05] (Oki Data Corporation)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [103200 2014-01-30] ()
R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [103200 2014-01-30] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-02] ()
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-01 13:53 - 2014-02-01 13:53 - 00000000 ____D () C:\Users\Michael\Downloads\FRST-OlderVersion
2014-01-31 18:17 - 2014-01-31 18:17 - 00041144 _____ () C:\Users\Michael\Desktop\FRST 31.01..txt
2014-01-31 18:15 - 2014-01-31 18:15 - 00001322 _____ () C:\Users\Michael\Desktop\Fixlist.txt
2014-01-31 18:14 - 2014-01-31 18:14 - 00004866 _____ () C:\Users\Michael\Desktop\sc-cleaner.txt
2014-01-31 18:13 - 2014-01-31 18:13 - 00004866 _____ () C:\sc-cleaner.txt
2014-01-31 18:04 - 2014-01-31 18:04 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-31 18:02 - 2014-02-01 13:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 18:02 - 2014-01-31 18:03 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 18:02 - 2014-01-31 18:02 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:20 - 2014-01-30 18:21 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 20:24 - 2014-01-29 20:24 - 00038379 _____ () C:\Users\Michael\Desktop\FRST_NEU.txt
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ () C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ () C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ () C:\ComboFix.txt
2014-01-29 12:55 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-01-29 12:55 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-01-29 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-01-29 12:49 - 2014-01-29 13:13 - 00000000 ____D () C:\Qoobox
2014-01-29 12:49 - 2014-01-29 13:12 - 00000000 ____D () C:\windows\erdnt
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ () C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ () C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ () C:\Users\Michael\Desktop\Addition.txt
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ () C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 08:43 - 2014-01-29 19:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 19:31 - 00000000 ____D () C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ () C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-28 23:52 - 2014-01-29 10:45 - 00003458 _____ () C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ () C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 ____D () C:\Program Files (x86)\Registry Dr
2014-01-28 23:47 - 2014-01-29 10:45 - 00000000 ____D () C:\Users\Michael\Documents\RegistryDr
2014-01-28 23:47 - 2014-01-29 10:41 - 00000000 ____D () C:\Program Files (x86)\AmiExt
2014-01-28 23:41 - 2014-01-29 00:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\cache
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ () C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:39 - 2014-01-29 21:03 - 00000000 ____D () C:\Program Files (x86)\Surftastic
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ () C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ () C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:14 - 2014-01-27 19:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:46 - 2014-01-24 14:50 - 00000000 ____D () C:\Users\Michael\Fotos Mama
2014-01-24 13:27 - 2014-01-24 14:09 - 00000000 ____D () C:\Users\Michael\Documents\SelfMV
2014-01-24 13:20 - 2014-01-24 13:21 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 22:18 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 22:18 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-15 22:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-15 22:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-15 22:17 - 2014-01-15 22:18 - 00005933 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 14:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 14:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D () C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:55 - 2012-03-22 13:43 - 02557952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\windows\SysWOW64\QtCore4.dll
2014-01-12 16:54 - 2014-01-12 16:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:53 - 2014-01-12 16:54 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ () C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ () C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:47 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\windows\WM8EUTIL.exe
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ () C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D () C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ () C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-04 10:21 - 2014-01-04 10:26 - 204384991 _____ () C:\Users\Michael\Downloads\PS3UPDAT.PUP
==================== One Month Modified Files and Folders =======
2014-02-01 13:53 - 2014-02-01 13:53 - 00000000 ____D () C:\Users\Michael\Downloads\FRST-OlderVersion
2014-02-01 13:53 - 2013-12-11 19:47 - 00016276 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-02-01 13:53 - 2013-12-11 19:47 - 00000000 ____D () C:\FRST
2014-02-01 13:53 - 2013-12-11 19:46 - 02080256 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-02-01 13:53 - 2012-09-27 18:14 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2014-02-01 13:04 - 2014-01-31 18:02 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-01 13:04 - 2012-10-05 13:24 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 12:53 - 2012-09-28 16:40 - 01408864 _____ () C:\windows\WindowsUpdate.log
2014-02-01 09:38 - 2009-07-14 05:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-01 09:38 - 2009-07-14 05:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-01 09:32 - 2012-10-04 11:28 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-02-01 09:31 - 2012-10-05 13:24 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 09:31 - 2012-09-27 17:58 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-02-01 09:30 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-01 09:30 - 2009-07-14 05:51 - 00104696 _____ () C:\windows\setupact.log
2014-02-01 09:29 - 2010-09-12 21:43 - 00091978 _____ () C:\windows\PFRO.log
2014-01-31 19:52 - 2012-10-01 10:55 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6347D7FD-5107-48C0-96E6-C687689A1F64}
2014-01-31 18:17 - 2014-01-31 18:17 - 00041144 _____ () C:\Users\Michael\Desktop\FRST 31.01..txt
2014-01-31 18:15 - 2014-01-31 18:15 - 00001322 _____ () C:\Users\Michael\Desktop\Fixlist.txt
2014-01-31 18:14 - 2014-01-31 18:14 - 00004866 _____ () C:\Users\Michael\Desktop\sc-cleaner.txt
2014-01-31 18:13 - 2014-01-31 18:13 - 00004866 _____ () C:\sc-cleaner.txt
2014-01-31 18:13 - 2012-10-03 19:31 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-31 18:13 - 2012-09-28 08:13 - 00001425 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-31 18:04 - 2012-10-04 08:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-01-31 18:04 - 2012-10-02 15:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-31 18:03 - 2014-01-31 18:02 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 18:02 - 2014-01-31 18:02 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-31 13:07 - 2010-09-12 21:06 - 03483138 _____ () C:\windows\system32\perfh007.dat
2014-01-31 13:07 - 2010-09-12 21:06 - 01066564 _____ () C:\windows\system32\perfc007.dat
2014-01-31 13:07 - 2009-07-14 06:13 - 00006684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:21 - 2014-01-30 18:20 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 23:10 - 2013-11-14 12:10 - 00000000 ____D () C:\Program Files (x86)\Filzip
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 21:03 - 2014-01-28 23:39 - 00000000 ____D () C:\Program Files (x86)\Surftastic
2014-01-29 20:24 - 2014-01-29 20:24 - 00038379 _____ () C:\Users\Michael\Desktop\FRST_NEU.txt
2014-01-29 19:54 - 2014-01-29 19:54 - 00001009 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:44 - 2014-01-29 19:44 - 00001189 _____ () C:\Users\Michael\Desktop\AdwCleaner[S1].txt
2014-01-29 19:31 - 2014-01-29 08:29 - 00000000 ____D () C:\AdwCleaner
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ () C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 19:00 - 2014-01-29 08:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:19 - 2012-09-28 08:17 - 00006686 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ () C:\ComboFix.txt
2014-01-29 13:13 - 2014-01-29 12:49 - 00000000 ____D () C:\Qoobox
2014-01-29 13:13 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-01-29 13:12 - 2014-01-29 12:49 - 00000000 ____D () C:\windows\erdnt
2014-01-29 13:08 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-01-29 13:07 - 2009-07-14 03:34 - 82837504 _____ () C:\windows\system32\config\software.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 19136512 _____ () C:\windows\system32\config\system.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 01048576 _____ () C:\windows\system32\config\default.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:44 - 2014-01-29 11:44 - 00006306 _____ () C:\Users\Michael\Desktop\Gmer.txt
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ () C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00037143 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-01-29 11:02 - 2014-01-29 11:02 - 00032237 _____ () C:\Users\Michael\Desktop\Addition.txt
2014-01-29 11:01 - 2013-12-11 19:50 - 00032237 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-01-29 10:58 - 2013-12-11 19:37 - 00000476 _____ () C:\Users\Michael\Downloads\defogger_disable.log
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ () C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 ____D () C:\Program Files (x86)\Registry Dr
2014-01-29 10:45 - 2014-01-28 23:52 - 00003458 _____ () C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-29 10:45 - 2014-01-28 23:47 - 00000000 ____D () C:\Users\Michael\Documents\RegistryDr
2014-01-29 10:41 - 2014-01-28 23:47 - 00000000 ____D () C:\Program Files (x86)\AmiExt
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ () C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-29 00:24 - 2014-01-28 23:41 - 00000000 ____D () C:\Users\Michael\AppData\Local\cache
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ () C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ () C:\Users\Michael\daemonprocess.txt
2014-01-28 23:41 - 2012-09-28 07:57 - 00000000 ____D () C:\Users\Michael
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-28 11:51 - 2013-01-31 00:29 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\MyPhoneExplorer
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ () C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ () C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PLATINUM Tools
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D () C:\Program Files (x86)\PLATINUM Tools
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Solarschmiede
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D () C:\Program Files (x86)\Solarschmiede
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:15 - 2014-01-27 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:50 - 2014-01-24 14:46 - 00000000 ____D () C:\Users\Michael\Fotos Mama
2014-01-24 14:09 - 2014-01-24 13:27 - 00000000 ____D () C:\Users\Michael\Documents\SelfMV
2014-01-24 13:31 - 2012-09-27 18:14 - 00000000 ____D () C:\Users\Michael\Documents\samsung
2014-01-24 13:27 - 2013-01-30 23:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Samsung
2014-01-24 13:27 - 2010-09-12 21:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 13:26 - 2013-01-30 23:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-24 13:26 - 2012-09-28 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-24 13:21 - 2014-01-24 13:20 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-19 08:33 - 2012-10-01 19:11 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 21:38 - 2013-08-07 12:40 - 00001483 _____ () C:\Users\Michael\Desktop\bwin Poker.lnk
2014-01-16 08:05 - 2012-10-04 11:50 - 00001025 _____ () C:\Users\Michael\Desktop\Dropbox.lnk
2014-01-16 08:05 - 2012-10-04 11:28 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 08:05 - 2012-09-28 08:13 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 07:57 - 2009-07-14 05:45 - 00393664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:35 - 2013-08-15 11:00 - 00000000 ____D () C:\windows\system32\MRT
2014-01-15 22:33 - 2012-10-01 19:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 22:32 - 2012-09-27 18:15 - 00000000 ____D () C:\Users\Michael\Documents\VirtualDJ
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 22:18 - 2014-01-15 22:17 - 00005933 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:18 - 2013-07-15 08:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 11:32 - 2012-09-28 08:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-01-14 09:09 - 2012-10-08 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-14 09:09 - 2009-07-14 03:34 - 00000513 _____ () C:\windows\win.ini
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D () C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:57 - 2014-01-12 16:54 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:54 - 2014-01-12 16:53 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ () C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ () C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ () C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D () C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ () C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-07 14:50 - 2013-02-12 18:29 - 00000000 ____D () C:\Program Files (x86)\KOSTAL
2014-01-04 10:26 - 2014-01-04 10:21 - 204384991 _____ () C:\Users\Michael\Downloads\PS3UPDAT.PUP
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:12
==================== End Of Log ============================
|
|
02.02.2014, 06:49
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Bitte richtig lesen: Unterhalb der Anleitung zu Shortcut CLeaner steht ganz klar, Du musst eine fixlist erstellen, dann nen Fix mit FRST laufen lassen. Bitte genauso machen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
02.02.2014, 17:40
| #13 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Sorry, hier nun mein neuer Versuch: Flash und Adobe sind neu. sc-cleaner ausgeführt. Hier das Ergebnis: Code:
ATTFilter Shortcut Cleaner 1.2.8 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/
Windows Version: Windows 7 Professional Service Pack 1
Program started at: 02/02/2014 05:14:01 PM.
Scanning for registry hijacks:
* No issues found in the Registry.
Searching for Hijacked Shortcuts:
Searching C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\
Searching C:\ProgramData\Microsoft\Windows\Start Menu\
Searching C:\Users\Michael\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\
Searching C:\Users\Public\Desktop\
Searching C:\Users\Michael\Desktop
0 bad shortcuts found.
Program finished at: 02/02/2014 05:14:06 PM
Execution time: 0 hours(s), 0 minute(s), and 4 seconds(s)
Daraus ergab sich eine Fixlist, wurde gespeichert. FRST gestartet und gefixt, hier der fixlog.txt Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 01-02-2014 04
Ran by Michael at 2014-02-02 17:36:55 Run:1
Running from C:\Users\Michael\Desktop
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.awesomehp.com/?type=hp&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.awesomehp.com/web/?type=ds&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT&q={searchTerms}
FF DefaultSearchEngine: awesomehp
FF SelectedSearchEngine: awesomehp
FF StartMenuInternet: FIREFOX.EXE - C:\Program Files (x86)\Mozilla Firefox\firefox.exe hxxp://www.awesomehp.com/?type=sc&ts=1390948825&from=amt&uid=ST9320423AS_5VH5Y2HT
*****************
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
Firefox DefaultSearchEngine deleted successfully.
Firefox SelectedSearchEngine deleted successfully.
HKLM\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command\\Default => Value was restored successfully.
==== End of Fixlog ====
|
|
03.02.2014, 16:14
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Perfekt. Frisches Scanlog mit FRST bitte. Noch probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
04.02.2014, 18:39
| #15 |
| | Windows 7: Webseiten werden massiv auf Werbung umgeleitet Schon deutlich weniger. Es gehen nicht mehr ständig irgendwelche Werbe-Seiten auf. Und die Startseite ist auch wieder die Alte. Das einzige, was mir noch auffällt ist, das auf den normalen Internet-Seiten mehr Werbung plaziert ist (rechts, links und unten), die man wegklicken muß, wenn man die gesamte Seite sehen möchte. Hier der aktuelle Scanlog: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-02-2014 04
Ran by Michael (administrator) on MICHAEL-HP on 04-02-2014 18:34:52
Running from C:\Users\Michael\Desktop
Windows 7 Professional Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(IDT, Inc.) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\stacsv64.exe
(Hewlett-Packard) C:\Windows\System32\hpservice.exe
(Validity Sensors, Inc.) C:\Windows\System32\vcsFPService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ActivIdentity) C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(Andrea Electronics Corporation) C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
(LSI Corporation) C:\Program Files\LSI SoftModem\agr64svc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Oki Data Corporation) C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Program Files (x86)\Surftastic\updateSurftastic.exe
() C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\acevents.exe
(ActivIdentity) C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
() C:\Program Files\Okidata\OKI LPR Utility\okilpr.exe
(Dropbox, Inc.) C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Hewlett-Packard Development Company L.P.) C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\ielowutil.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Microsoft Corporation) C:\Windows\System32\PrintIsolationHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_43.exe
(Farbar) C:\Users\Michael\Desktop\FRST64(1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2074408 2010-02-26] (Synaptics Incorporated)
HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1266912 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [IAAnotif] - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2010-01-08] (Intel Corporation)
HKLM\...\Run: [HPWirelessAssistant] - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-04-05] (Hewlett-Packard)
HKLM\...\Run: [acevents] - C:\Program Files\ActivIdentity\ActivClient\acevents.exe [196648 2009-06-04] (ActivIdentity)
HKLM\...\Run: [accrdsub] - C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [483880 2009-06-04] (ActivIdentity)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [IMSS] - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [111640 2010-03-04] ()
HKLM-x32\...\Run: [File Sanitizer] - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [11266048 2010-01-19] (Hewlett-Packard)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-12-11] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2857778488-4066983858-3000933675-1002\...\Run: [Skype] - C:\Program Files (x86)\Skype\\Phone\Skype.exe [17418928 2012-07-13] (Skype Technologies S.A.)
HKU\S-1-5-21-2857778488-4066983858-3000933675-1002\...\Run: [LightScribe Control Panel] - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392 2010-02-22] (Hewlett-Packard Company)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: ValueApps - {93DBF2BB-A2B3-4683-A92E-57E60751F346} - C:\Program Files\Conduit\ValueApps\IE\ValueAppsLoader.dll No File
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: File Sanitizer for HP ProtectTools - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Surftastic - {c6673938-a52b-4dc6-af05-783e7e2c8b65} - C:\Program Files (x86)\Surftastic\SurftasticBHO.dll (Surftastic)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default
FF Homepage: hxxp://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @lightspark.github.com/Lightspark;version=1 - C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\awesomehp.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\trash [2014-01-28]
FF Extension: HP Detect - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2} [2012-10-25]
FF Extension: Extension_Protected - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\jid0-O6MIff3eO5dIGf5Tcv8RsJDKxrs@jetpack.xpi [2014-01-28]
FF Extension: Lightning Speed Dial - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF Extension: Surftastic - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\Extensions\{01531192-f7ef-415f-a549-cfdb11836731}.xpi [2014-02-04]
FF HKLM-x32\...\Firefox\Extensions: [lightningnewtab@gmail.com] - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi
FF Extension: No Name - C:\Users\Michael\AppData\Roaming\Mozilla\Firefox\Profiles\o833m7s4.default\extensions\lightningnewtab@gmail.com.xpi [2014-01-28]
FF HKLM-x32\...\Firefox\Extensions: [ext@flashenhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff
FF HKCU\...\Firefox\Extensions: [{a711367d-39ac-4cd2-8b4f-b9602e6df838}] - C:\Program Files (x86)\Show-Password\150.xpi
==================== Services (Whitelisted) =================
R2 ac.sharedstore; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [277032 2009-06-04] (ActivIdentity)
R2 AESTFilters; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-10-23] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [348376 2013-10-23] (Microsoft Corporation)
S3 OKI OKHC DCS Loader; C:\windows\system32\spool\DRIVERS\x64\3\OKHCLDCS.EXE [20480 2009-03-05] (Oki Data Corporation)
R2 OpLclSrv; C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe [169472 2011-04-11] (Oki Data Corporation)
R2 STacSV; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [244736 2010-03-17] (IDT, Inc.)
R2 Update Surftastic; C:\Program Files (x86)\Surftastic\updateSurftastic.exe [103200 2014-01-30] ()
R2 Util Surftastic; C:\Program Files (x86)\Surftastic\bin\utilSurftastic.exe [103200 2014-01-30] ()
S2 HP Health Check Service; "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe" [x]
==================== Drivers (Whitelisted) ====================
R2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [88480 2012-12-02] ()
S3 FsUsbExDisk; C:\windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-18] ()
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [46400 2012-12-02] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [248240 2013-09-27] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [134944 2013-09-27] (Microsoft Corporation)
S3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [89344 2010-01-30] (Realtek Semiconductor Corp.)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [19968 2013-02-12] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-04 18:34 - 2014-02-04 18:34 - 00015565 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-03 21:12 - 2014-02-03 21:12 - 01691432 _____ (Fusion Install ) C:\Users\Michael\Downloads\Setup(7).exe
2014-02-03 20:28 - 2014-02-03 20:34 - 238291968 _____ () C:\Users\Michael\Downloads\restorecd.msi
2014-02-02 21:05 - 2014-02-02 23:41 - 00000000 ____D () C:\Users\Michael\Daten Asus
2014-02-02 17:25 - 2014-02-02 17:26 - 02080256 _____ (Farbar) C:\Users\Michael\Desktop\FRST64(1).exe
2014-02-02 17:14 - 2014-02-02 17:15 - 00000000 ____D () C:\Users\Michael\Desktop\trojanerboard
2014-02-02 17:14 - 2014-02-02 17:14 - 00001808 _____ () C:\Users\Michael\Desktop\sc-cleaner 2.2..txt
2014-02-01 13:58 - 2014-02-01 13:58 - 00000000 ____D () C:\Sicherung
2014-02-01 13:53 - 2014-02-01 13:53 - 00000000 ____D () C:\Users\Michael\Downloads\FRST-OlderVersion
2014-01-31 18:13 - 2014-02-02 17:14 - 00001808 _____ () C:\sc-cleaner.txt
2014-01-31 18:04 - 2014-01-31 18:04 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-31 18:02 - 2014-02-04 18:04 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-01-31 18:02 - 2014-01-31 18:03 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 18:02 - 2014-01-31 18:02 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:20 - 2014-01-30 18:21 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ () C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ () C:\ComboFix.txt
2014-01-29 12:55 - 2011-06-26 07:45 - 00256000 _____ () C:\windows\PEV.exe
2014-01-29 12:55 - 2010-11-07 18:20 - 00208896 _____ () C:\windows\MBR.exe
2014-01-29 12:55 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00098816 _____ () C:\windows\sed.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00080412 _____ () C:\windows\grep.exe
2014-01-29 12:55 - 2000-08-31 01:00 - 00068096 _____ () C:\windows\zip.exe
2014-01-29 12:49 - 2014-01-29 13:13 - 00000000 ____D () C:\Qoobox
2014-01-29 12:49 - 2014-01-29 13:12 - 00000000 ____D () C:\windows\erdnt
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ () C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ () C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 08:43 - 2014-01-29 19:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 08:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 19:31 - 00000000 ____D () C:\AdwCleaner
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ () C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-28 23:52 - 2014-01-29 10:45 - 00003458 _____ () C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ () C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:47 - 2014-01-29 10:51 - 00000000 ____D () C:\Program Files (x86)\Registry Dr
2014-01-28 23:47 - 2014-01-29 10:45 - 00000000 ____D () C:\Users\Michael\Documents\RegistryDr
2014-01-28 23:47 - 2014-01-29 10:41 - 00000000 ____D () C:\Program Files (x86)\AmiExt
2014-01-28 23:41 - 2014-01-29 00:24 - 00000000 ____D () C:\Users\Michael\AppData\Local\cache
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ () C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 23:39 - 2014-01-29 21:03 - 00000000 ____D () C:\Program Files (x86)\Surftastic
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ () C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ () C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:14 - 2014-01-27 19:15 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:46 - 2014-01-24 14:50 - 00000000 ____D () C:\Users\Michael\Fotos Mama
2014-01-24 13:27 - 2014-01-24 14:09 - 00000000 ____D () C:\Users\Michael\Documents\SelfMV
2014-01-24 13:20 - 2014-01-24 13:21 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 22:18 - 2013-12-18 21:09 - 00096168 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-01-15 22:18 - 2013-12-18 21:04 - 00264616 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-01-15 22:18 - 2013-12-18 21:04 - 00175016 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-01-15 22:18 - 2013-12-18 21:03 - 00174504 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-01-15 22:17 - 2014-01-15 22:18 - 00005933 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 14:48 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-01-15 14:48 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-15 14:48 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\netio.sys
2014-01-15 14:48 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D () C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:55 - 2012-03-22 13:43 - 02557952 _____ (Nokia Corporation and/or its subsidiary(-ies)) C:\windows\SysWOW64\QtCore4.dll
2014-01-12 16:54 - 2014-01-12 16:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:53 - 2014-01-12 16:54 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ () C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ () C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:47 - 2001-03-23 16:29 - 00880912 _____ (Microsoft Corporation) C:\windows\WM8EUTIL.exe
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ () C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D () C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ () C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
==================== One Month Modified Files and Folders =======
2014-02-04 18:35 - 2014-02-04 18:34 - 00015565 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-02-04 18:34 - 2013-12-11 19:47 - 00000000 ____D () C:\FRST
2014-02-04 18:33 - 2012-09-27 18:14 - 00000000 ____D () C:\Users\Michael\Documents\Outlook-Dateien
2014-02-04 18:04 - 2014-01-31 18:02 - 00000884 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-02-04 18:04 - 2012-10-05 13:24 - 00001112 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-04 08:07 - 2009-07-14 05:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-04 08:07 - 2009-07-14 05:45 - 00020720 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-04 08:03 - 2012-09-28 16:40 - 01600455 _____ () C:\windows\WindowsUpdate.log
2014-02-03 21:12 - 2014-02-03 21:12 - 01691432 _____ (Fusion Install ) C:\Users\Michael\Downloads\Setup(7).exe
2014-02-03 20:34 - 2014-02-03 20:28 - 238291968 _____ () C:\Users\Michael\Downloads\restorecd.msi
2014-02-03 19:38 - 2012-10-04 11:28 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-02-03 19:04 - 2012-10-05 13:24 - 00001108 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-03 17:40 - 2012-10-01 10:55 - 00003946 _____ () C:\windows\System32\Tasks\User_Feed_Synchronization-{6347D7FD-5107-48C0-96E6-C687689A1F64}
2014-02-02 23:41 - 2014-02-02 21:05 - 00000000 ____D () C:\Users\Michael\Daten Asus
2014-02-02 21:06 - 2012-09-28 07:57 - 00000000 ____D () C:\Users\Michael
2014-02-02 17:26 - 2014-02-02 17:25 - 02080256 _____ (Farbar) C:\Users\Michael\Desktop\FRST64(1).exe
2014-02-02 17:15 - 2014-02-02 17:14 - 00000000 ____D () C:\Users\Michael\Desktop\trojanerboard
2014-02-02 17:14 - 2014-02-02 17:14 - 00001808 _____ () C:\Users\Michael\Desktop\sc-cleaner 2.2..txt
2014-02-02 17:14 - 2014-01-31 18:13 - 00001808 _____ () C:\sc-cleaner.txt
2014-02-01 14:07 - 2010-09-12 21:06 - 03500024 _____ () C:\windows\system32\perfh007.dat
2014-02-01 14:07 - 2010-09-12 21:06 - 01072154 _____ () C:\windows\system32\perfc007.dat
2014-02-01 14:07 - 2009-07-14 06:13 - 00006684 _____ () C:\windows\system32\PerfStringBackup.INI
2014-02-01 13:58 - 2014-02-01 13:58 - 00000000 ____D () C:\Sicherung
2014-02-01 13:53 - 2014-02-01 13:53 - 00000000 ____D () C:\Users\Michael\Downloads\FRST-OlderVersion
2014-02-01 13:53 - 2013-12-11 19:47 - 00040962 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-02-01 13:53 - 2013-12-11 19:46 - 02080256 _____ (Farbar) C:\Users\Michael\Downloads\FRST64.exe
2014-02-01 09:31 - 2012-09-27 17:58 - 00000000 ___RD () C:\Users\Michael\Dropbox
2014-02-01 09:30 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-02-01 09:30 - 2009-07-14 05:51 - 00104696 _____ () C:\windows\setupact.log
2014-02-01 09:29 - 2010-09-12 21:43 - 00091978 _____ () C:\windows\PFRO.log
2014-01-31 18:13 - 2012-10-03 19:31 - 00001134 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-31 18:13 - 2012-09-28 08:13 - 00001425 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00002019 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-01-31 18:04 - 2014-01-31 18:04 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-01-31 18:04 - 2012-10-04 08:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-01-31 18:04 - 2012-10-02 15:26 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-31 18:03 - 2014-01-31 18:02 - 00406264 _____ (Bleeping Computer, LLC) C:\Users\Michael\Desktop\sc-cleaner.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-31 18:02 - 2014-01-31 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-31 18:02 - 2014-01-31 18:02 - 00003822 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-01-30 22:00 - 2014-01-30 22:00 - 00987425 _____ () C:\Users\Michael\Desktop\SecurityCheck.exe
2014-01-30 18:21 - 2014-01-30 18:20 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-01-29 23:10 - 2013-11-14 12:10 - 00000000 ____D () C:\Program Files (x86)\Filzip
2014-01-29 21:59 - 2014-01-29 21:59 - 06424632 _____ (ManiacTools.com ) C:\Users\Michael\Downloads\m4a-to-mp3-converter.exe
2014-01-29 21:03 - 2014-01-28 23:39 - 00000000 ____D () C:\Program Files (x86)\Surftastic
2014-01-29 19:48 - 2014-01-29 19:48 - 00000000 ____D () C:\windows\ERUNT
2014-01-29 19:45 - 2014-01-29 19:45 - 01037068 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-01-29 19:31 - 2014-01-29 08:29 - 00000000 ____D () C:\AdwCleaner
2014-01-29 19:06 - 2014-01-29 19:06 - 01166132 _____ () C:\Users\Michael\Downloads\adwcleaner.exe
2014-01-29 19:00 - 2014-01-29 19:00 - 00001113 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-01-29 19:00 - 2014-01-29 08:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-29 18:59 - 2014-01-29 18:59 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300(1).exe
2014-01-29 13:19 - 2012-09-28 08:17 - 00006686 _____ () C:\windows\SysWOW64\PerfStringBackup.INI
2014-01-29 13:13 - 2014-01-29 13:13 - 00036483 _____ () C:\ComboFix.txt
2014-01-29 13:13 - 2014-01-29 12:49 - 00000000 ____D () C:\Qoobox
2014-01-29 13:13 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2014-01-29 13:12 - 2014-01-29 12:49 - 00000000 ____D () C:\windows\erdnt
2014-01-29 13:08 - 2009-07-14 03:34 - 00000215 _____ () C:\windows\system.ini
2014-01-29 13:07 - 2009-07-14 03:34 - 82837504 _____ () C:\windows\system32\config\software.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 19136512 _____ () C:\windows\system32\config\system.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 01048576 _____ () C:\windows\system32\config\default.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\security.bak
2014-01-29 13:07 - 2009-07-14 03:34 - 00262144 _____ () C:\windows\system32\config\sam.bak
2014-01-29 12:48 - 2014-01-29 12:48 - 05177551 ____R (Swearware) C:\Users\Michael\Downloads\ComboFix.exe
2014-01-29 11:03 - 2014-01-29 11:03 - 00380416 _____ () C:\Users\Michael\Downloads\Gmer-19357.exe
2014-01-29 11:01 - 2013-12-11 19:50 - 00032237 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-01-29 10:58 - 2013-12-11 19:37 - 00000476 _____ () C:\Users\Michael\Downloads\defogger_disable.log
2014-01-29 10:56 - 2014-01-29 10:56 - 00050477 _____ () C:\Users\Michael\Downloads\Defogger(1).exe
2014-01-29 10:51 - 2014-01-28 23:47 - 00000000 ____D () C:\Program Files (x86)\Registry Dr
2014-01-29 10:45 - 2014-01-28 23:52 - 00003458 _____ () C:\windows\System32\Tasks\RegistryDr_Popup
2014-01-29 10:45 - 2014-01-28 23:47 - 00000000 ____D () C:\Users\Michael\Documents\RegistryDr
2014-01-29 10:41 - 2014-01-28 23:47 - 00000000 ____D () C:\Program Files (x86)\AmiExt
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Malwarebytes
2014-01-29 08:43 - 2014-01-29 08:43 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-29 08:42 - 2014-01-29 08:42 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-29 08:29 - 2014-01-29 08:29 - 01236282 _____ () C:\Users\Michael\Downloads\adwcleaner_3.017.exe
2014-01-29 00:24 - 2014-01-28 23:41 - 00000000 ____D () C:\Users\Michael\AppData\Local\cache
2014-01-28 23:52 - 2014-01-28 23:52 - 00003194 _____ () C:\windows\System32\Tasks\RegistryDr_Start
2014-01-28 23:52 - 2014-01-28 23:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\RegistryDR
2014-01-28 23:41 - 2014-01-28 23:41 - 00000000 _____ () C:\Users\Michael\daemonprocess.txt
2014-01-28 23:40 - 2014-01-28 23:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Lollipop
2014-01-28 15:29 - 2014-01-28 15:29 - 00000000 ____D () C:\ProgramData\McAfee
2014-01-28 11:51 - 2013-01-31 00:29 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\MyPhoneExplorer
2014-01-28 11:33 - 2014-01-28 11:33 - 00002061 _____ () C:\Users\Public\Desktop\MyPhoneExplorer.lnk
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Users\Michael\.android
2014-01-28 11:33 - 2014-01-28 11:33 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-01-28 11:32 - 2014-01-28 11:32 - 07080248 _____ () C:\Users\Michael\Downloads\MyPhoneExplorer_Setup_1.8.5.exe
2014-01-28 10:29 - 2014-01-28 10:29 - 00001364 _____ () C:\Users\Michael\Desktop\SolarConfig Plus.lnk
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\PLATINUM Tools
2014-01-28 10:29 - 2013-11-26 11:06 - 00000000 ____D () C:\Program Files (x86)\PLATINUM Tools
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Solarschmiede
2014-01-28 08:13 - 2013-10-04 13:31 - 00000000 ____D () C:\Program Files (x86)\Solarschmiede
2014-01-27 19:15 - 2014-01-27 19:15 - 00000000 ____D () C:\Program Files\Microsoft SQL Server Compact Edition
2014-01-27 19:15 - 2014-01-27 19:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-01-24 14:50 - 2014-01-24 14:46 - 00000000 ____D () C:\Users\Michael\Fotos Mama
2014-01-24 14:09 - 2014-01-24 13:27 - 00000000 ____D () C:\Users\Michael\Documents\SelfMV
2014-01-24 13:31 - 2012-09-27 18:14 - 00000000 ____D () C:\Users\Michael\Documents\samsung
2014-01-24 13:27 - 2013-01-30 23:57 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Samsung
2014-01-24 13:27 - 2010-09-12 21:00 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-01-24 13:26 - 2013-01-30 23:53 - 00000000 ____D () C:\Program Files (x86)\Samsung
2014-01-24 13:26 - 2012-09-28 08:00 - 00000000 ____D () C:\Users\Michael\AppData\Local\Downloaded Installations
2014-01-24 13:21 - 2014-01-24 13:20 - 38825784 _____ (Samsung Electronics Co., Ltd. ) C:\Users\Michael\Downloads\Kies3Setup.exe
2014-01-22 08:52 - 2014-01-22 08:52 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudmdm.sys
2014-01-22 08:52 - 2014-01-22 08:52 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\windows\system32\Drivers\ssudbus.sys
2014-01-19 08:33 - 2012-10-01 19:11 - 00270496 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe
2014-01-18 21:38 - 2013-08-07 12:40 - 00001483 _____ () C:\Users\Michael\Desktop\bwin Poker.lnk
2014-01-16 08:05 - 2012-10-04 11:50 - 00001025 _____ () C:\Users\Michael\Desktop\Dropbox.lnk
2014-01-16 08:05 - 2012-10-04 11:28 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-01-16 08:05 - 2012-09-28 08:13 - 00000000 ___RD () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 07:57 - 2009-07-14 05:45 - 00393664 _____ () C:\windows\system32\FNTCACHE.DAT
2014-01-15 22:35 - 2013-08-15 11:00 - 00000000 ____D () C:\windows\system32\MRT
2014-01-15 22:33 - 2012-10-01 19:31 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-15 22:32 - 2012-09-27 18:15 - 00000000 ____D () C:\Users\Michael\Documents\VirtualDJ
2014-01-15 22:19 - 2014-01-15 22:19 - 00000000 ____D () C:\ProgramData\Oracle
2014-01-15 22:18 - 2014-01-15 22:17 - 00005933 _____ () C:\windows\SysWOW64\jupdate-1.7.0_51-b13.log
2014-01-15 22:18 - 2013-07-15 08:26 - 00000000 ____D () C:\Program Files (x86)\Java
2014-01-15 11:32 - 2012-09-28 08:18 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SoftGrid Client
2014-01-14 09:09 - 2012-10-08 13:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-14 09:09 - 2009-07-14 03:34 - 00000513 _____ () C:\windows\win.ini
2014-01-12 16:57 - 2014-01-12 16:57 - 00000000 ____D () C:\Users\Michael\Documents\DVDVideoSoft
2014-01-12 16:57 - 2014-01-12 16:54 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-01-12 16:55 - 2014-01-12 16:55 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-01-12 16:54 - 2014-01-12 16:53 - 24546848 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Downloads\FreeAudioCDToMP3Converter.exe
2014-01-12 16:47 - 2014-01-12 16:47 - 00001002 _____ () C:\Users\Administrator\Desktop\Free CD to MP3 Converter.lnk
2014-01-12 16:47 - 2014-01-12 16:47 - 00000040 _____ () C:\Users\Michael\AppData\Roaming\cdr.ini
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CD to MP3 Freeware
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Eusing
2014-01-12 16:47 - 2014-01-12 16:47 - 00000000 ____D () C:\Program Files (x86)\CD to MP3 Freeware
2014-01-12 16:46 - 2014-01-12 16:46 - 01906243 _____ () C:\Users\Michael\Downloads\cdtomp3freeware.exe
2014-01-12 16:35 - 2014-01-12 16:35 - 00000000 ____D () C:\Musik
2014-01-07 14:50 - 2014-01-07 14:50 - 00001283 _____ () C:\Users\Public\Desktop\KOSTAL PIKO Plan 2.0.lnk
2014-01-07 14:50 - 2013-02-12 18:29 - 00000000 ____D () C:\Program Files (x86)\KOSTAL
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-01-29 20:12
==================== End Of Log ============================
|
|
| Themen zu Windows 7: Webseiten werden massiv auf Werbung umgeleitet |
| applaus, auf werbung umgeleitet, browser, desktop, device driver, dvdvideosoft ltd., excel, fehler, firefox, flash player, google, helper, homepage, iepluginservice, iexplore.exe, installation, lightning, mozilla, neue seite, newtab, programm, prozess, realtek, registry, rundll, scan, security, show-password, software, speicherplatz, svchost.exe, system, werbung, windows, ändern |
WARNUNG an die MITLESER: 
Linear-Darstellung
