| fredl1212 | 03.02.2014 08:53 |
Internetseiten mit Werbung überfüllt
Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 01-02-2014 03
Ran by Lemmen (administrator) on LEMMEN-PC on 03-02-2014 08:30:59
Running from C:\Users\Lemmen\Downloads
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: hxxp://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\UMVPFSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(G Data Software AG) C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(iAnywhere Solutions, Inc.) C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe
(Logitech Inc.) C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(TeamViewer GmbH) C:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
(G Data Software AG) C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files\Windows Live\Contacts\wlcomm.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Lemmen\Downloads\FRST (1).exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [GDFirewallTray] - C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe [1854928 2013-03-22] (G Data Software AG)
HKLM\...\Run: [G Data AntiVirus Tray] - C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe [1444472 2013-08-21] (G Data Software AG)
HKU\S-1-5-21-1436271994-3178008702-3354811721-1000\...\MountPoints2: {40e85345-1286-11e0-9300-806e6f6e6963} - D:\SYSTEM\AUTOSTRT.EXE
HKU\S-1-5-21-1436271994-3178008702-3354811721-1000\...\Winlogon: [Shell] explorer.exe [2616320 2011-02-25] (Microsoft Corporation) <==== ATTENTION
AppInit_DLLs: c:\progra~2\wincert\win32c~1.dll => C:\ProgramData\Wincert\win32cert.dll [7168 2013-11-04] ()
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x20E57B0838B7CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.windowslive.de/startseite.aspx
hxxp://search.conduit.com?SearchSource=10&ctid=CT2475029
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&st=chrome&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q=
HKCU\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=41460&st=home&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=41460&st=chrome&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q=
URLSearchHook: HKCU - (No Name) - {ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} - No File
SearchScopes: HKLM - DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=395049983_397234_3CCE83CE&ts=4522033
SearchScopes: HKLM - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKLM - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=395049983_397234_3CCE83CE&ts=4522033
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=u10666-192&apn_uid=6516239640604431&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2409} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=0&systemid=409&v=a9795-143&apn_uid=6516239640604431&apn_dtid=BND409&o=APN10650&apn_ptnrs=AGB&q={searchTerms}
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q={searchTerms}
SearchScopes: HKLM - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.8010003&st=10&q={searchTerms}
SearchScopes: HKCU - DefaultScope {C1DE6CF3-E1D4-433B-8ECA-028B45C2BBFB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://search-us.linkury.com/results.htm?cx=partner-pub-7890126930977991:1926905636&cof=FORID:11&q={searchTerms}&sa=Search&siteurl=search.linkury.com
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&r=830
SearchScopes: HKCU - {0D7562AE-8EF6-416d-A838-AB665251703A} URL = hxxp://start.facemoods.com/?a=gppc&s={searchTerms}&f=4
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.searchgol.com/?q={searchTerms}&babsrc=SP_ss_wls_Btisdt7&mntrId=3CCE001A4D8008CB&affID=121232&tl=gkn338225&tsp=4999
SearchScopes: HKCU - {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://search.qvo6.com/web/?utm_source=b&utm_medium=adk&from=adk&uid=395049983_397234_3CCE83CE&ts=4522033
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=362&systemid=406&v=u10666-192&apn_uid=6516239640604431&apn_dtid=BND406&o=APN10645&apn_ptnrs=AG6&q={searchTerms}
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2409} URL = hxxp://dts.search.ask.com/sr?src=ieb&gct=ds&appid=20&systemid=409&v=u10354-178&apn_uid=6516239640604431&apn_dtid=BND409&o=APN10650&apn_ptnrs=AGB&q={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = hxxp://search.certified-toolbar.com?si=41460&st=bs&tid=2938&ver=2.9&ts=1368331263444&tguid=41460-2938-1368331263444-7AC5D94FAF32207B9B77E85E37F18FA3&q={searchTerms}
SearchScopes: HKCU - {BFFED5CA-8BDF-47CC-AED0-23F4E6D77732} URL =
SearchScopes: HKCU - {C04B7D22-5AEC-4561-8F49-27F6269208F6} URL = hxxp://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80195&lng=de
SearchScopes: HKCU - {C1DE6CF3-E1D4-433B-8ECA-028B45C2BBFB} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=vc_trans_8140&type=horus
SearchScopes: HKCU - {E373A859-F7F3-468C-9EA9-863B736CEE6D} URL = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^U3&apn_dtid=^YYYYYY^YY^DE&apn_uid=069E9D9D-0B45-4797-8ECF-8F4C5B217C66&apn_sauid=96666B1C-59C4-48CC-B786-66E2F340DCB9
SearchScopes: HKCU - {E706A176-350A-4DA0-B266-D2BB7A460E5E} URL = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3196716
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&crg=3.8010003&st=10&q={searchTerms}
BHO: QuickShare WidgetEngine - {31ad400d-1b06-4e33-a59a-90c2c140cba0} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
BHO: TBSB01620 Class - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - No File
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: CertifiedToolbar - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Lemmen\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simplytech Ltd.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Babylon IE plugin - {9CFACCB6-2F3F-4177-94EA-0D2B72D384C1} - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll (Babylon Ltd.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: SpecialSavings.Addon - {bb184e6d-26d1-461a-9226-b93ca8da2af9} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: Message Faces for Internet Explorer - {E3758FC2-BB95-4B86-84BF-D91F4748EC75} - C:\Program Files\Message Faces for Internet Explorer\x86\messagefaces-ie.dll ()
BHO: PricePeep - {FD6D90C0-E6EE-4BC6-B9F7-9ED319698007} - No File
BHO: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - No File
Toolbar: HKLM - QuickShare Widget - {ae07101b-46d4-4a98-af68-0333ea26e113} - C:\Windows\system32\mscoree.dll (Microsoft Corporation)
Toolbar: HKLM - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Toolbar: HKLM - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
Toolbar: HKLM - CertifiedToolbar - {8d3ec233-b92d-4187-a506-284127cfba2d} - C:\Users\Lemmen\AppData\Roaming\CertifiedToolbar\CertifiedToolbar.dll (Simplytech Ltd.)
Toolbar: HKLM - Movies Toolbar (Dist. by Bandoo Media, Inc.) - {3d86a75b-cb6b-4764-885d-ca6336f04ba2} - C:\Program Files\Movies Toolbar\Datamngr\SRTOOL~2\IE\searchresultsDx.dll ()
Toolbar: HKCU - No Name - {A1E75A0E-4397-4BA8-BB50-E19FB66890F4} - No File
Toolbar: HKCU - No Name - {7E111A5C-3D11-4F56-9463-5310C3C69025} - No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} - No File
Toolbar: HKCU - No Name - {3AD61E5C-EECB-4896-9C8C-03D61F90D8FE} - No File
Toolbar: HKCU - No Name - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No File
Toolbar: HKCU - IMinent Toolbar - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No File
Toolbar: HKCU - No Name - {EBD898F8-FCF6-4694-BC3B-EABC7271EEB1} - No File
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553549800} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - No File
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 09 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 31.209.160.100 46.253.66.36
FireFox:
========
FF ProfilePath: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default
FF user.js: detected! => C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\user.js
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_170.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 - C:\Program Files\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=16.4.3505.0912 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5 - C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc;version=0.8.6f - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN Team)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\conduit.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\holasearch.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\Linkury Smartbar Search.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\MyStart Search.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\softonic.xml
FF SearchPlugin: C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\qvo6.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF Extension: No Name - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\ffxtlbr@babylon.com [2013-09-08]
FF Extension: incredibar.com - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\ffxtlbr@incredibar.com [2012-06-15]
FF Extension: Yontoo - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\plugin@yontoo.com [2013-03-03]
FF Extension: No Name - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\staged [2013-10-03]
FF Extension: webblog Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{3ad61e5c-eecb-4896-9c8c-03d61f90d8fe} [2012-12-10]
FF Extension: New Tab - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{3C4B4EB3-3EB1-4621-9431-7160289E402F} [2013-06-15]
FF Extension: Shiny Profile - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{6236BA26-C117-4007-928C-DE0716C7FA80} [2013-12-14]
FF Extension: QuickShare Widget - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{6f1909e8-8186-4f90-8b1d-4b69b879e3d1} [2013-03-07]
FF Extension: Freeware.de Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{7e111a5c-3d11-4f56-9463-5310c3c69025} [2012-12-10]
FF Extension: MyAshampoo Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4} [2012-12-10]
FF Extension: Elf 1.15 Community Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{b9d63c58-90cc-428b-8d3b-cbb88eb07e7e} [2012-12-10]
FF Extension: New Tab - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{C4A4F5A0-4B89-4392-AFAC-D58010E349AF} [2013-05-19]
FF Extension: IMinent Toolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444} [2012-06-23]
FF Extension: CertifiedToolbar - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{dac70ad0-e58c-4d0b-9ac7-eee894ffb0fa} [2013-05-12]
FF Extension: anonymoX - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\client@anonymox.net.xpi [2012-12-30]
FF Extension: Online HD TV - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\onlinehdtv@onlinehd.tv.xpi [2012-12-25]
FF Extension: Adblock Plus - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-11-25]
FF Extension: COMPUTERBILD-Abzockschutz - C:\Users\Lemmen\AppData\Roaming\Mozilla\Firefox\Profiles\2rhrykoz.default\Extensions\{d49175b3-3fd8-43b8-b28e-da5d47f3c398}.xpi [2011-11-25]
FF HKLM\...\Firefox\Extensions: [webbooster@iminent.com] - C:\Program Files\Iminent\webbooster@iminent.com
FF HKLM\...\Firefox\Extensions: [ntfdsaftsfdfdxx@mozilla.org] - C:\Users\Lemmen\AppData\Roaming\iPumper\extension_firefox.xpi
FF HKLM\...\Firefox\Extensions: [speedanalysis@SpeedAnalysis.com] - C:\Users\Lemmen\AppData\Roaming\Mozilla\Extensions\speedanalysis@SpeedAnalysis.com
FF HKLM\...\Firefox\Extensions: [ocr@babylon.com] - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com
FF Extension: Babylon Translation Activation - C:\Program Files\Babylon\Babylon-Pro\Utils\ocr@babylon.com [2013-09-23]
FF HKCU\...\Firefox\Extensions: [specialsavings@vshsolutions.com] - C:\Users\Lemmen\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com
FF Extension: Special Savings - C:\Users\Lemmen\AppData\Roaming\Mozilla\Extensions\specialsavings@vshsolutions.com [2012-12-12]
FF HKCU\...\Firefox\Extensions: [wcapturex@deskperience.com] - C:\Program Files\KingTranslate\WCaptureMoz
FF Extension: WordCaptureX - C:\Program Files\KingTranslate\WCaptureMoz [2013-04-06]
Chrome:
=======
CHR Extension: (VideoDownloadConverter) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\adldappccjhelkmbkpiibilgnnjakieg [2013-11-24]
CHR Extension: (SpecialSavings.com) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aidbbndgjnlaclnmhkdimcdjiebjpdel [2013-05-18]
CHR Extension: (QuickShare Widget) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl [2013-05-18]
CHR Extension: (Produtools Maps) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmanpbfjipmicnlbchaifoomleljpal [2013-05-18]
CHR Extension: (Speed Analysis) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfcbmgbfdbijmjgjihagbomfbjfjmgon [2013-05-18]
CHR Extension: (Babylon Translator) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb [2013-09-23]
CHR Extension: (Delta Toolbar) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-09-08]
CHR Extension: (deaal2dealait) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\leioibibakfojhcioghlfikbhejbhdjl [2014-01-29]
CHR Extension: (WordCaptureX) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjdepfkicdcciagbigfcmdhknnoaaegf [2013-05-18]
CHR Extension: (PlusWinks) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mocblcnaofikinigmceddfghppkkjbog [2013-05-18]
CHR Extension: (Google Wallet) - C:\Users\Lemmen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-23]
CHR Extension: (less2pay) - C:\ProgramData\hfdillgeaelfhhahfdhebgmehomoemef [2014-01-29]
CHR HKLM\...\Chrome\Extension: [aaaaojmikegpiepcfdkkjaplodkpfmlo] - C:\Users\Lemmen\AppData\Local\APN\GoogleCRXs\apnorjtoolbar.crx [2014-01-29]
CHR HKLM\...\Chrome\Extension: [adldappccjhelkmbkpiibilgnnjakieg] - C:\Program Files\VideoDownloadConverter_4z Chrome Extension\bar\VideoDownloadConvert@mindspark.com.gen1 [2013-11-24]
CHR HKLM\...\Chrome\Extension: [aidbbndgjnlaclnmhkdimcdjiebjpdel] - C:\Users\Lemmen\AppData\Roaming\SpecialSavings\SpecialSavings_2.0.0.crx [2012-08-19]
CHR HKLM\...\Chrome\Extension: [bbmanpbfjipmicnlbchaifoomleljpal] - C:\Users\Lemmen\AppData\Local\CRE\bbmanpbfjipmicnlbchaifoomleljpal.crx [2012-04-19]
CHR HKLM\...\Chrome\Extension: [bkkhigdapmlbelnapanlfjbeccdbbpbg] - C:\Program Files\Search Results Toolbar\Datamngr\chromeExtension.crx [2012-04-19]
CHR HKLM\...\Chrome\Extension: [cfcbmgbfdbijmjgjihagbomfbjfjmgon] - C:\Users\Lemmen\AppData\Roaming\SpeedanAlysis\speedanalysis.crx [2013-02-14]
CHR HKLM\...\Chrome\Extension: [dhkplhfnhceodhffomolpfigojocbpcb] - C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonChrome.crx [2013-09-23]
CHR HKLM\...\Chrome\Extension: [dkinklhnkmkhkhofcnapakaoehijaoih] - C:\Program Files\OnlineHD.TV\onhd11.crx [2013-09-23]
CHR HKLM\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Lemmen\AppData\Roaming\BabSolution\CR\Delta.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [jbajpeofkjjeiamcglnmldoboonfkiol] - C:\Program Files\Search Results Toolbar\Datamngr\chromeExtension.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [kekfoodhbhpjhjcdecjngamojfhknooc] - C:\Users\Lemmen\AppData\Roaming\iPumper\extension_chrome.crx [2013-09-08]
CHR HKLM\...\Chrome\Extension: [mjdepfkicdcciagbigfcmdhknnoaaegf] - C:\Program Files\KingTranslate\wcxChrome.crx [2013-02-04]
CHR HKLM\...\Chrome\Extension: [mocblcnaofikinigmceddfghppkkjbog] - C:\Users\Lemmen\AppData\Roaming\PlusWinks\pluswinks.crx [2013-03-20]
CHR HKLM\...\Chrome\Extension: [nlafpokblfobdnjhhggocaanijghemnd] - C:\Users\Lemmen\AppData\Local\Temp\ccex.crx [2013-03-20]
CHR HKCU\...\Chrome\Extension: [amfclgbdpgndipgoegfpkkgobahigbcl] - C:\Users\Lemmen\AppData\Local\Smartbar/Application\0Extension.crx [2013-02-10]
CHR HKCU\...\Chrome\Extension: [bbmanpbfjipmicnlbchaifoomleljpal] - C:\Users\Lemmen\AppData\Local\CRE\bbmanpbfjipmicnlbchaifoomleljpal.crx [2012-04-19]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
========================== Services (Whitelisted) =================
R2 AVKProxy; C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe [1970296 2013-08-26] (G Data Software AG)
R2 AVKService; C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe [635000 2013-08-21] (G Data Software AG)
R2 AVKWCtl; C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe [2101280 2013-10-15] (G Data Software AG)
R3 GDFwSvc; C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe [2373712 2013-10-17] (G Data Software AG)
R3 GDScan; C:\Program Files\Common Files\G Data\GDScan\GDScan.exe [695416 2013-08-22] (G Data Software AG)
R2 Lexware_Datenbank_Plus; C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe [83248 2010-11-05] (iAnywhere Solutions, Inc.)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [8704 2009-07-14] (Microsoft Corporation)
S4 MSSQLServerADHelper; c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [44384 2010-12-10] (Microsoft Corporation)
S3 TuneUp.Defrag; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [435008 2012-01-27] (TuneUp Software)
R2 TuneUp.UtilitiesSvc; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [1052480 2011-11-21] (TuneUp Software)
R2 UMVPFSrv; C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [450848 2012-01-18] (Logitech Inc.)
S2 DatamngrCoordinator; No ImagePath
S2 DlProtectSvc; No ImagePath
S2 Util BrowseSmart; No ImagePath
S2 where32; No ImagePath
==================== Drivers (Whitelisted) ====================
R0 GDBehave; C:\Windows\System32\drivers\GDBehave.sys [45912 2014-02-01] (G Data Software AG)
R1 GDMnIcpt; C:\Windows\system32\drivers\MiniIcpt.sys [96600 2014-02-01] (G Data Software AG)
S3 GdNetMon; C:\Windows\system32\drivers\GdNetMon32.sys [29400 2011-09-21] (G Data Software AG)
R3 GDPkIcpt; C:\Windows\system32\drivers\PktIcpt.sys [52056 2014-02-01] (G Data Software AG)
R1 gdwfpcd; C:\Windows\System32\drivers\gdwfpcd32.sys [54104 2014-02-01] (G Data Software AG)
R1 HookCentre; C:\Windows\system32\drivers\HookCentre.sys [51032 2014-02-01] (G Data Software AG)
R3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2Mon.sys [25824 2010-05-07] ()
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [141824 2010-11-20] (Microsoft Corporation)
S3 optousb; C:\Windows\System32\DRIVERS\optousb.sys [18432 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
S3 optovcm; C:\Windows\System32\DRIVERS\optovcm.sys [26368 2009-08-26] (OPTO ELECTRONICS CO.,LTD.)
R3 TuneUpUtilitiesDrv; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [10064 2009-10-14] (TuneUp Software)
S3 iSafeKrnl; No ImagePath
S1 iSafeNetFilter; No ImagePath
S3 Synth3dVsc; No ImagePath
S3 tsusbhub; No ImagePath
S3 VGPU; No ImagePath
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-02-03 08:30 - 2014-02-03 08:30 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST (1).exe
2014-02-03 08:30 - 2014-02-03 08:30 - 00030059 _____ () C:\Users\Lemmen\Downloads\FRST.txt
2014-02-02 19:35 - 2014-02-02 19:35 - 00021634 _____ () C:\Users\Lemmen\Downloads\يم يم.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00009054 _____ () C:\Users\Lemmen\Downloads\1.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00007614 _____ () C:\Users\Lemmen\Downloads\1.bmpa.bmp
2014-02-02 09:06 - 2014-02-02 09:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-01 17:07 - 2014-02-01 17:24 - 217079377 _____ () C:\Users\Lemmen\Downloads\Azov films - nudism - have.rar
2014-02-01 13:59 - 2014-02-01 13:59 - 00001936 _____ () C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2014-02-01 13:41 - 2014-02-01 13:59 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2014-02-01 13:41 - 2014-02-01 13:59 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-02-01 13:41 - 2014-02-01 13:59 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-02-01 13:41 - 2014-02-01 13:58 - 00096600 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-02-01 13:41 - 2014-02-01 13:58 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-02-01 11:19 - 2014-02-01 11:20 - 00135280 _____ () C:\Windows\Minidump\020114-15319-01.dmp
2014-02-01 10:41 - 2014-02-01 10:45 - 418836344 _____ (G Data Software AG) C:\Users\Lemmen\Downloads\INT_R_FUL_2014_IS.exe
2014-01-31 18:22 - 2014-01-31 18:22 - 00001667 _____ () C:\Users\Lemmen\Documents\G Data Protokoll ID 17258.html
2014-01-31 17:56 - 2014-02-01 09:17 - 00000246 _____ () C:\Users\Lemmen\Downloads\defogger_enable.log
2014-01-31 17:38 - 2014-01-31 18:07 - 00000474 _____ () C:\Users\Lemmen\Downloads\defogger_disable.log
2014-01-31 17:37 - 2014-01-31 17:38 - 00050477 _____ () C:\Users\Lemmen\Downloads\Defogger.exe
2014-01-31 16:49 - 2014-01-31 16:49 - 00000017 _____ () C:\Users\Lemmen\AppData\Local\resmon.resmoncfg
2014-01-31 11:19 - 2014-01-31 11:19 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-01-31 11:19 - 2013-03-15 17:01 - 00016384 _____ () C:\Windows\system32\wsusnative32.exe
2014-01-31 10:58 - 2014-01-31 10:59 - 00039573 _____ () C:\Users\Lemmen\Downloads\Addition.txt
2014-01-31 10:53 - 2014-02-03 08:30 - 00000000 ____D () C:\FRST
2014-01-31 10:51 - 2014-01-31 10:51 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST.exe
2014-01-31 10:05 - 2014-01-31 10:05 - 00000000 ____D () C:\Program Files\less2pay
2014-01-31 10:03 - 2014-01-31 10:03 - 00000000 ____D () C:\Program Files\deaal2dealait
2014-01-29 18:50 - 2014-01-29 18:50 - 00003584 _____ () C:\Users\Lemmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 15:23 - 2014-02-01 09:58 - 00000000 ____D () C:\ProgramData\deaal2dealait
2014-01-29 15:23 - 2014-01-31 10:05 - 00000000 ____D () C:\ProgramData\e2f9bc6965ac9ac3
2014-01-29 15:22 - 2014-02-01 09:58 - 00000000 ____D () C:\ProgramData\less2pay
2014-01-29 15:22 - 2014-01-29 15:22 - 00000000 ____D () C:\ProgramData\hfdillgeaelfhhahfdhebgmehomoemef
2014-01-17 10:22 - 2013-06-06 21:41 - 00489392 _____ (Ask Partner Network) C:\Users\Lemmen\Documents\APNSetup1.exe
2014-01-17 01:11 - 2014-01-17 01:11 - 00008701 _____ () C:\Users\Lemmen\Downloads\a_chp0054.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007546 _____ () C:\Users\Lemmen\Downloads\a_chp0049.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007181 _____ () C:\Users\Lemmen\Downloads\a_chp0045.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007100 _____ () C:\Users\Lemmen\Downloads\a_chp0046.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00006985 _____ () C:\Users\Lemmen\Downloads\a_chp0053.jpeg
2014-01-17 01:09 - 2014-01-17 01:09 - 00007363 _____ () C:\Users\Lemmen\Downloads\a_chp0043.jpeg
2014-01-16 21:39 - 2014-01-16 21:44 - 229754405 _____ () C:\Users\Lemmen\Downloads\All preview pics nude.rar
2014-01-15 19:04 - 2013-11-27 02:14 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-01-15 19:04 - 2013-11-27 02:13 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-01-15 19:04 - 2013-11-26 12:11 - 00240576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-01-15 19:04 - 2013-11-26 11:10 - 02349056 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-01-04 15:25 - 2014-01-04 15:25 - 00000957 _____ () C:\Users\Lemmen\Desktop\UnZIPExpress.lnk
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D () C:\Program Files\UnZIPExpress
2014-01-04 15:24 - 2014-01-04 15:26 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\speedtest4354
2014-01-04 15:24 - 2014-01-04 15:26 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\freegames4357
2014-01-04 15:07 - 2014-01-04 15:08 - 02115264 _____ () C:\Users\Lemmen\Downloads\unZipExpressSetup.exe
2014-01-04 14:55 - 2014-01-04 14:58 - 110554776 _____ () C:\Users\Lemmen\Downloads\dvd - nude.rar
==================== One Month Modified Files and Folders =======
2014-02-03 08:32 - 2014-02-03 08:30 - 00030059 _____ () C:\Users\Lemmen\Downloads\FRST.txt
2014-02-03 08:30 - 2014-02-03 08:30 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST (1).exe
2014-02-03 08:30 - 2014-01-31 10:53 - 00000000 ____D () C:\FRST
2014-02-03 08:08 - 2011-01-07 07:12 - 00000000 ____D () C:\Users\Lemmen\AppData\Local\Windows Live
2014-02-03 08:00 - 2013-11-26 11:20 - 00000284 _____ () C:\Windows\Tasks\RegistryBooster Maintenance.job
2014-02-03 07:44 - 2012-08-03 06:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-03 07:35 - 2009-07-14 05:34 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-03 07:35 - 2009-07-14 05:34 - 00013536 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-03 07:28 - 2012-02-02 10:04 - 00048925 _____ () C:\Windows\setupact.log
2014-02-03 07:28 - 2011-01-01 10:32 - 00000000 ____D () C:\Windows\system32\logishrd
2014-02-03 07:28 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-03 07:27 - 2012-02-02 10:04 - 00448684 _____ () C:\Windows\PFRO.log
2014-02-02 21:48 - 2012-02-02 10:06 - 01228540 _____ () C:\Windows\WindowsUpdate.log
2014-02-02 21:26 - 2013-03-12 22:22 - 00000000 ___RD () C:\Users\Lemmen\SkyDrive
2014-02-02 19:35 - 2014-02-02 19:35 - 00021634 _____ () C:\Users\Lemmen\Downloads\يم يم.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00009054 _____ () C:\Users\Lemmen\Downloads\1.bmp
2014-02-02 18:11 - 2014-02-02 18:11 - 00007614 _____ () C:\Users\Lemmen\Downloads\1.bmpa.bmp
2014-02-02 09:37 - 2012-03-31 11:21 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberMotion
2014-02-02 09:15 - 2013-05-08 17:49 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Systweak
2014-02-02 09:14 - 2013-12-14 09:30 - 00000000 ____D () C:\Program Files\Opera
2014-02-02 09:10 - 2013-11-21 03:50 - 00000000 ____D () C:\Program Files\BonanzaDealsLive
2014-02-02 09:07 - 2013-11-21 03:50 - 00000000 ____D () C:\Program Files\BonanzaDeals
2014-02-02 09:06 - 2014-02-02 09:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-02-01 17:24 - 2014-02-01 17:07 - 217079377 _____ () C:\Users\Lemmen\Downloads\Azov films - nudism - have.rar
2014-02-01 13:59 - 2014-02-01 13:59 - 00001936 _____ () C:\Users\Public\Desktop\G Data InternetSecurity 2014.lnk
2014-02-01 13:59 - 2014-02-01 13:41 - 00054104 _____ (G Data Software AG) C:\Windows\system32\Drivers\gdwfpcd32.sys
2014-02-01 13:59 - 2014-02-01 13:41 - 00052056 _____ (G Data Software AG) C:\Windows\system32\Drivers\PktIcpt.sys
2014-02-01 13:59 - 2014-02-01 13:41 - 00051032 _____ (G Data Software AG) C:\Windows\system32\Drivers\HookCentre.sys
2014-02-01 13:58 - 2014-02-01 13:41 - 00096600 _____ (G Data Software AG) C:\Windows\system32\Drivers\MiniIcpt.sys
2014-02-01 13:58 - 2014-02-01 13:41 - 00045912 _____ (G Data Software AG) C:\Windows\system32\Drivers\GDBehave.sys
2014-02-01 13:58 - 2011-02-08 18:42 - 00000000 ____D () C:\ProgramData\G Data
2014-02-01 13:57 - 2011-02-08 18:42 - 00000000 ____D () C:\Program Files\Common Files\G Data
2014-02-01 13:40 - 2011-02-08 18:42 - 00000000 ____D () C:\Program Files\G Data
2014-02-01 13:35 - 2011-02-08 18:24 - 00000000 ____D () C:\Users\Lemmen\AppData\Local\Downloaded Installations
2014-02-01 13:07 - 2013-03-03 13:09 - 00000000 ____D () C:\Program Files\Yontoo
2014-02-01 11:20 - 2014-02-01 11:19 - 00135280 _____ () C:\Windows\Minidump\020114-15319-01.dmp
2014-02-01 11:19 - 2012-04-27 11:13 - 204137607 _____ () C:\Windows\MEMORY.DMP
2014-02-01 11:19 - 2011-02-15 12:31 - 00000000 ____D () C:\Windows\Minidump
2014-02-01 11:10 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\spool
2014-02-01 11:09 - 2012-08-05 06:16 - 00001098 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-01 11:09 - 2012-08-05 06:16 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-01 11:08 - 2013-12-10 10:07 - 00014816 _____ () C:\Users\Lemmen\daemonprocess.txt
2014-02-01 11:07 - 2009-07-14 05:52 - 00000000 ____D () C:\Windows\system32\WinBioPlugIns
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\winevt
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\SMI
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\MUI
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\LogFiles
2014-02-01 11:07 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\system32\com
2014-02-01 10:45 - 2014-02-01 10:41 - 418836344 _____ (G Data Software AG) C:\Users\Lemmen\Downloads\INT_R_FUL_2014_IS.exe
2014-02-01 09:58 - 2014-01-29 15:23 - 00000000 ____D () C:\ProgramData\deaal2dealait
2014-02-01 09:58 - 2014-01-29 15:22 - 00000000 ____D () C:\ProgramData\less2pay
2014-02-01 09:17 - 2014-01-31 17:56 - 00000246 _____ () C:\Users\Lemmen\Downloads\defogger_enable.log
2014-02-01 09:11 - 2011-06-16 06:15 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-02-01 09:11 - 2010-12-29 10:06 - 00000000 ____D () C:\Program Files\Adobe
2014-02-01 09:11 - 2010-12-29 10:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-01-31 18:22 - 2014-01-31 18:22 - 00001667 _____ () C:\Users\Lemmen\Documents\G Data Protokoll ID 17258.html
2014-01-31 18:07 - 2014-01-31 17:38 - 00000474 _____ () C:\Users\Lemmen\Downloads\defogger_disable.log
2014-01-31 17:38 - 2014-01-31 17:37 - 00050477 _____ () C:\Users\Lemmen\Downloads\Defogger.exe
2014-01-31 16:49 - 2014-01-31 16:49 - 00000017 _____ () C:\Users\Lemmen\AppData\Local\resmon.resmoncfg
2014-01-31 11:19 - 2014-01-31 11:19 - 00001151 _____ () C:\Users\Public\Desktop\WinZip Malware Protector.lnk
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\ProgramData\Nico Mak Computing
2014-01-31 11:19 - 2014-01-31 11:19 - 00000000 ____D () C:\Program Files\WinZip Malware Protector
2014-01-31 10:59 - 2014-01-31 10:58 - 00039573 _____ () C:\Users\Lemmen\Downloads\Addition.txt
2014-01-31 10:51 - 2014-01-31 10:51 - 01137152 _____ (Farbar) C:\Users\Lemmen\Downloads\FRST.exe
2014-01-31 10:06 - 2013-06-24 14:30 - 00000000 ____D () C:\ProgramData\Trymedia
2014-01-31 10:05 - 2014-01-31 10:05 - 00000000 ____D () C:\Program Files\less2pay
2014-01-31 10:05 - 2014-01-29 15:23 - 00000000 ____D () C:\ProgramData\e2f9bc6965ac9ac3
2014-01-31 10:03 - 2014-01-31 10:03 - 00000000 ____D () C:\Program Files\deaal2dealait
2014-01-29 18:50 - 2014-01-29 18:50 - 00003584 _____ () C:\Users\Lemmen\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-29 15:22 - 2014-01-29 15:22 - 00000000 ____D () C:\ProgramData\hfdillgeaelfhhahfdhebgmehomoemef
2014-01-29 04:11 - 2013-10-03 12:52 - 00002121 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-01-19 10:35 - 2010-12-29 10:01 - 00000000 ____D () C:\EXCEL
2014-01-19 08:29 - 2013-10-17 11:09 - 00000000 ____D () C:\Program Files\MyPC Backup
2014-01-17 11:04 - 2010-12-29 10:08 - 00000000 ____D () C:\Users\Lemmen\AppData\Local\Adobe
2014-01-17 01:11 - 2014-01-17 01:11 - 00008701 _____ () C:\Users\Lemmen\Downloads\a_chp0054.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007546 _____ () C:\Users\Lemmen\Downloads\a_chp0049.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007181 _____ () C:\Users\Lemmen\Downloads\a_chp0045.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00007100 _____ () C:\Users\Lemmen\Downloads\a_chp0046.jpeg
2014-01-17 01:10 - 2014-01-17 01:10 - 00006985 _____ () C:\Users\Lemmen\Downloads\a_chp0053.jpeg
2014-01-17 01:09 - 2014-01-17 01:09 - 00007363 _____ () C:\Users\Lemmen\Downloads\a_chp0043.jpeg
2014-01-16 22:02 - 2013-12-10 23:07 - 00001028 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-01-16 21:44 - 2014-01-16 21:39 - 229754405 _____ () C:\Users\Lemmen\Downloads\All preview pics nude.rar
2014-01-16 03:45 - 2012-02-02 10:04 - 00500384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-16 03:22 - 2013-09-08 11:06 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-16 03:22 - 2009-07-14 03:04 - 00003659 _____ () C:\Windows\win.ini
2014-01-16 03:09 - 2010-12-29 10:14 - 83425928 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-01-09 02:36 - 2013-11-19 18:24 - 00000000 ____D () C:\Users\Lemmen\Downloads\Bad Boys & Bad Boys II
2014-01-04 15:26 - 2014-01-04 15:24 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\speedtest4354
2014-01-04 15:26 - 2014-01-04 15:24 - 00000000 ____D () C:\Users\Lemmen\AppData\Roaming\freegames4357
2014-01-04 15:25 - 2014-01-04 15:25 - 00000957 _____ () C:\Users\Lemmen\Desktop\UnZIPExpress.lnk
2014-01-04 15:25 - 2014-01-04 15:25 - 00000000 ____D () C:\Program Files\UnZIPExpress
2014-01-04 15:08 - 2014-01-04 15:07 - 02115264 _____ () C:\Users\Lemmen\Downloads\unZipExpressSetup.exe
2014-01-04 14:58 - 2014-01-04 14:55 - 110554776 _____ () C:\Users\Lemmen\Downloads\dvd - nude.rar
Files to move or delete:
====================
C:\Users\Lemmen\AppData\Roaming\skype.ini
C:\ProgramData\go_0molg.pad
C:\ProgramData\l_u0_0.pad
C:\ProgramData\to_r0tsef.pad
Some content of TEMP:
====================
C:\Users\Lemmen\AppData\Local\Temp\htmlayout.dll
C:\Users\Lemmen\AppData\Local\Temp\uninstall83224130.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-02-02 10:44
==================== End Of Log ============================
|
WARNUNG an die MITLESER: