Karl_Andreas | 08.05.2014 16:09 | Hallo Schrauber,
ich war ein paar Tage geschäftlich unterwegs, habe in der Zeit meinen Computer aberauch nicht wirklich benutzt.
Hier sind die Logs: Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Starting,
Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malware Protection, Started,
Protection, 08.05.2014 14:57:28, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting,
Protection, 08.05.2014 14:57:38, SYSTEM, NBAB, Protection, Malicious Website Protection, Started,
Update, 08.05.2014 14:57:53, SYSTEM, NBAB, Manual, Rootkit Database, 2014.2.20.1, 2014.3.27.1,
Update, 08.05.2014 14:58:54, SYSTEM, NBAB, Manual, Malware Database, 2014.3.4.9, 2014.5.8.4,
Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Refresh, Starting,
Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopping,
Protection, 08.05.2014 14:59:04, SYSTEM, NBAB, Protection, Malicious Website Protection, Stopped,
Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Refresh, Success,
Protection, 08.05.2014 14:59:10, SYSTEM, NBAB, Protection, Malicious Website Protection, Starting,
Protection, 08.05.2014 14:59:11, SYSTEM, NBAB, Protection, Malicious Website Protection, Started,
(end) Code:
# AdwCleaner v3.207 - Bericht erstellt am 08/05/2014 um 16:31:58
# Aktualisiert 05/05/2014 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 1 (32 bits)
# Benutzername : An-D - NBAB
# Gestartet von : C:\Users\An-D\Desktop\adwcleaner.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Vuze
Ordner Gelöscht : C:\Users\An-D\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\An-D\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\An-D\AppData\LocalLow\Vuze_Remote
Ordner Gelöscht : C:\Users\An-D\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\An-D\Documents\Optimizer Pro
Datei Gelöscht : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\user.js
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E49F0B41-3322-11D4-AEFE-00C04F61025C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69091116-E0CD-48F6-8037-B5579FD9D326}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
***** [ Browser ] *****
-\\ Internet Explorer v7.0.6001.18319
-\\ Mozilla Firefox v28.0 (de)
[ Datei : C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\prefs.js ]
Zeile gelöscht : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Zeile gelöscht : user_pref("surfcanyon.last_checked_ts", "1266877330766");
-\\ Google Chrome v
[ Datei : C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dvd_14_14_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtByCzy0Czy0E0AtCtCzz0DtAtBtN0D0Tzu0SzztByEtN1L2XzutBtFtCzztFtBtFtDtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StCyBtB0DyDyB0EyDtGzztD0CtCtGtAtCyBtBtG0FtAtD0AtGtDtC0FtC0B0Bzy0B0C0E0AtD2QtN1M1F1B2Z1V1N2Y1L1Qzu2StCyDyEtA0D0F0CyCtGtA0F0D0BtGzytDtA0DtGyCyCyC0DtGtDzztA0CtAtCtByE0CyByDyB2Q&cr=415182659&ir=
*************************
AdwCleaner[R0].txt - [5042 octets] - [08/05/2014 16:25:53]
AdwCleaner[S0].txt - [4963 octets] - [08/05/2014 16:31:58]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5023 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows Vista (TM) Home Premium x86
Ran by An-D on 08.05.2014 at 16:50:53,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Users\An-D\appdata\locallow\boost_interprocess"
~~~ FireFox
Emptied folder: C:\Users\An-D\AppData\Roaming\mozilla\firefox\profiles\xp78hkst.default\minidumps [22 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.05.2014 at 16:55:33,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:07-05-2014
Ran by An-D (administrator) on NBAB on 08-05-2014 17:02:04
Running from C:\Users\An-D\Desktop
Microsoft® Windows Vista™ Home Premium Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 7
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVAST Software) C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Seagate Technology LLC) C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Syntek America Inc.) C:\Windows\System32\StkCSrv.exe
() C:\Program Files\Verbindungsassistent\WTGService.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(SAMSUNG Electronics co., LTD.) C:\Program Files\Samsung\EBM\EasyBatteryMgr3.exe
(SAMSUNG Electronics) C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Samsung Electronics Co., Ltd.) C:\Program Files\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe
(Realtek Semiconductor) C:\Windows\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Seagate LLC) C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
(Spotify Ltd) C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] => C:\Windows\RtHDVCpl.exe [6111232 2008-04-17] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1029416 2007-10-26] (Synaptics, Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [178712 2008-07-22] (Intel Corporation)
HKLM\...\Run: [MaxMenuMgr] => C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe [185640 2009-05-01] (Seagate LLC)
HKLM\...\Run: [pdfFactory Pro Dispatcher v3] => C:\Windows\system32\spool\DRIVERS\W32X86\3\fppdis3a.exe [614400 2009-12-15] (FinePrint Software, LLC)
HKLM\...\Run: [APSDaemon] => C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Steam] => C:\Program Files\Steam\Steam.exe [1641896 2013-06-07] (Valve Corporation)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [HumanizedEnso] => C:\Users\An-D\AppData\Local\HumanizedEnso\Enso.exe [117232 2008-01-14] ()
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify Web Helper] => C:\Users\An-D\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171000 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Run: [Spotify] => C:\Users\An-D\AppData\Roaming\Spotify\Spotify.exe [6087224 2014-04-26] (Spotify Ltd)
HKU\S-1-5-21-3115540864-2871994801-2538804916-1003\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\BTTray.lnk
ShortcutTarget: BTTray.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Inhaltsmanager-Assistent für PlayStation(R).lnk
ShortcutTarget: Inhaltsmanager-Assistent für PlayStation(R).lnk -> C:\Program Files\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\An-D\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search
BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS4/contributeieplugin.dll (Adobe Systems Incorporated.)
Toolbar: HKLM - No Name - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No File
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Winsock: Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2
FireFox:
========
FF ProfilePath: C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20nq-us09.personalitycores.com%3A8000%3B%20PROXY%20nq-us11.personalitycores.com%3A8000%3B%20PROXY%20nq-us05.personalitycores.com%3A8000%3B%20PROXY%20nq-us10.personalitycores.com%3A8000%3B%20PROXY%20nq-us04.personalitycores.com%3A8000%3B%20PROXY%20nq-us08.personalitycores.com%3A8000%3B%20PROXY%20nq-us06.personalitycores.com%3A8000%3B%20PROXY%20nq-us07.personalitycores.com%3A8000%3B%20PROXY%20nq-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @3dvia.com/3DVIAStudioPlayer - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1165635.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.17.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.17.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll No File
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\An-D\AppData\Local\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Move Media Player - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\moveplayer@movenetworks.com [2009-04-04]
FF Extension: FoxyTunes - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{463F6CA5-EE3C-4be1-B7E6-7FEE11953374} [2012-03-27]
FF Extension: DownloadHelper - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-03-26]
FF Extension: Add-on Compatibility Reporter - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\compatibility@addons.mozilla.org.xpi [2011-04-14]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-03-01]
FF Extension: Session Manager - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-08-04]
FF Extension: FlashGot - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2011-04-09]
FF Extension: NoScript - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-04]
FF Extension: Adblock Plus - C:\Users\An-D\AppData\Roaming\Mozilla\Firefox\Profiles\xp78hkst.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-03-27]
FF Extension: Skype extension for Firefox - C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013-12-20]
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2013-12-20]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\Alwil Software\Avast5\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\Alwil Software\Avast5\WebRep\FF [2011-05-31]
FF HKCU\...\Firefox\Extensions: [{B64D9B05-48E1-4CEB-BF58-E0643994E900}] - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\
FF Extension: Download videos and MP3s from YouTube - C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ []
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\An-D\AppData\Local\Google\Chrome\Application\34.0.1847.131\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.310.5) - C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U31) - C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll No File
CHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll No File
CHR Plugin: (3DVIA Player) - C:\Program Files\3DVIA\3DVIAStudioPlayer\bin\win32_dynamic\release\npvtmp3dlifeplayer.dll (Dassault Systemes)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll No File
CHR Plugin: (iTunes Application Detector) - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Google Update) - C:\Users\An-D\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-06-10]
CHR Extension: (Google-Suche) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-06-10]
CHR Extension: (Google Wallet) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-28]
CHR Extension: (Google Mail) - C:\Users\An-D\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-06-10]
CHR HKCU\...\Chrome\Extension: [nikpibnbobmbdbheedjfogjlikpgpnhp] - C:\Program Files\Common Files\DVDVideoSoft\plugins\DVDVideoSoftBrowserExtension.crx [2014-04-04]
CHR StartMenuInternet: Google Chrome - C:\Users\An-D\AppData\Local\Google\Chrome\Application\chrome.exe
========================== Services (Whitelisted) =================
S3 Adobe Version Cue CS4; C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [284016 2008-08-15] (Adobe Systems Incorporated)
R2 avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [46808 2014-01-22] (AVAST Software)
S3 CoordinatorServiceHost; C:\Program Files\SolidWorks\swScheduler\DTSCoordinatorService.exe [79144 2008-09-09] (Dassault Systèmes SolidWorks Corp.)
R2 CVPND; C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe [1516584 2007-04-03] (Cisco Systems, Inc.)
R2 FreeAgentGoNext Service; C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe [181544 2009-05-01] (Seagate Technology LLC)
S2 MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
S4 MSSQLServerADHelper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [45272 2005-10-13] (Microsoft Corporation)
S3 SolidWorks Licensing Service; C:\Program Files\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe [79360 2009-01-28] (SolidWorks)
R2 StkSSrv; C:\Windows\System32\StkCSrv.exe [31248 2008-01-16] (Syntek America Inc.)
R2 WTGService; C:\Program Files\Verbindungsassistent\WTGService.exe [296400 2009-03-03] ()
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\system32\Drivers\aswFsBlk.sys [29816 2014-01-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [66336 2014-01-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\Drivers\aswRdr.sys [49760 2014-01-22] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49376 2014-01-22] ()
R1 aswSnx; C:\Windows\system32\Drivers\aswSnx.sys [770344 2014-01-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\Drivers\aswSP.sys [369584 2014-01-22] (AVAST Software)
R1 aswTdi; C:\Windows\system32\Drivers\aswTdi.sys [56080 2014-01-22] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [175176 2014-01-22] ()
S3 CVirtA; C:\Windows\System32\DRIVERS\CVirtA.sys [5275 2007-01-18] (Cisco Systems, Inc.)
R2 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [306295 2007-04-03] (Cisco Systems, Inc.)
R3 DNE; C:\Windows\System32\DRIVERS\dne2000.sys [127376 2007-01-31] (Deterministic Networks, Inc.)
R2 KMDFMEMIO; C:\Windows\System32\DRIVERS\kmdfmemio.sys [13312 2008-06-25] (SAMSUNG ELECTRONICS CO., LTD.)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 StkCMini; C:\Windows\System32\Drivers\StkCMini.sys [1363088 2008-03-28] (Syntek)
S3 ADDMEM; \??\C:\Users\An-D\AppData\Local\Temp\__Samsung_Update\ADDMEM.SYS [X]
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-21] (Microsoft Corporation)
S3 catchme; \??\C:\Users\An-D\AppData\Local\Temp\catchme.sys [X]
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:49 - 2014-05-08 16:50 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2014-05-08 16:33 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:26 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-08 16:25 - 2014-05-08 16:33 - 00000000 ____D () C:\AdwCleaner
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:57 - 2014-05-08 16:37 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-08 14:56 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-08 14:56 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-08 14:54 - 2014-05-08 14:55 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:46 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-08 13:42 - 2014-05-08 13:45 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-04-30 20:52 - 2014-05-07 13:02 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-04-28 17:10 - 2014-05-08 16:34 - 00008086 _____ () C:\Windows\PFRO.log
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 20:32 - 2014-04-27 21:23 - 00000000 ____D () C:\ComboFix
2014-04-27 19:31 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-27 19:31 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-27 19:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-27 19:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-27 19:09 - 2014-04-27 21:23 - 00000000 ____D () C:\Qoobox
2014-04-27 19:09 - 2014-04-27 19:51 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:53 - 2014-04-26 20:54 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:04 - 2014-04-26 01:05 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:58 - 2014-04-26 00:59 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-04-26 00:57 - 2014-05-08 17:02 - 00000000 ____D () C:\FRST
2014-04-26 00:54 - 2014-05-08 17:01 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-22 14:53 - 2014-04-30 07:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:47 - 2014-04-22 14:49 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:24 - 2014-04-13 00:25 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
==================== One Month Modified Files and Folders =======
2014-05-08 17:02 - 2014-05-08 17:02 - 00024301 _____ () C:\Users\An-D\Desktop\FRST.txt
2014-05-08 17:02 - 2014-04-26 00:57 - 00000000 ____D () C:\FRST
2014-05-08 17:01 - 2014-05-08 17:01 - 00000000 ____D () C:\Users\An-D\Desktop\FRST-OlderVersion
2014-05-08 17:01 - 2014-04-26 00:54 - 01053184 _____ (Farbar) C:\Users\An-D\Desktop\FRST.exe
2014-05-08 17:01 - 2008-12-27 17:11 - 00000416 ____H () C:\Windows\Tasks\SupBackGroundTask.job
2014-05-08 16:55 - 2014-05-08 16:55 - 00001166 _____ () C:\Users\An-D\Desktop\JRT.txt
2014-05-08 16:51 - 2013-05-31 15:05 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-08 16:50 - 2014-05-08 16:50 - 00000000 ____D () C:\Windows\ERUNT
2014-05-08 16:50 - 2014-05-08 16:49 - 01016261 _____ (Thisisu) C:\Users\An-D\Downloads\JRT.exe
2014-05-08 16:42 - 2006-11-02 12:33 - 00824910 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-08 16:41 - 2012-06-04 01:20 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Spotify
2014-05-08 16:40 - 2010-04-06 23:58 - 00000000 ____D () C:\Program Files\Steam
2014-05-08 16:39 - 2008-10-24 02:04 - 01311057 _____ () C:\Windows\WindowsUpdate.log
2014-05-08 16:38 - 2012-06-04 01:21 - 00000000 ____D () C:\Users\An-D\AppData\Local\Spotify
2014-05-08 16:38 - 2012-02-14 17:49 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Dropbox
2014-05-08 16:37 - 2014-05-08 14:57 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-08 16:37 - 2009-02-25 19:38 - 00264787 _____ () C:\ProgramData\nvModes.001
2014-05-08 16:37 - 2009-02-25 18:51 - 00264787 _____ () C:\ProgramData\nvModes.dat
2014-05-08 16:35 - 2006-11-02 15:01 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-08 16:35 - 2006-11-02 14:47 - 00004912 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-08 16:34 - 2014-04-28 17:10 - 00008086 _____ () C:\Windows\PFRO.log
2014-05-08 16:34 - 2012-04-25 22:33 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-08 16:33 - 2014-05-08 16:42 - 00005103 _____ () C:\Users\An-D\Desktop\AdwCleaner[S0].txt
2014-05-08 16:33 - 2014-05-08 16:25 - 00000000 ____D () C:\AdwCleaner
2014-05-08 16:33 - 2008-06-25 23:08 - 00000836 _____ () C:\Windows\bthservsdp.dat
2014-05-08 16:33 - 2006-11-02 15:01 - 00032558 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-08 15:35 - 2012-06-10 23:05 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003UA.job
2014-05-08 15:34 - 2014-05-08 15:34 - 00001195 _____ () C:\Users\An-D\Desktop\mbam.txt
2014-05-08 14:56 - 2014-05-08 14:56 - 00000899 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-08 14:56 - 2014-05-08 14:56 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-08 14:55 - 2014-05-08 14:54 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\An-D\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-08 13:46 - 2014-05-08 13:43 - 00069010 _____ () C:\Users\An-D\Desktop\JRT.exe
2014-05-08 13:45 - 2014-05-08 13:42 - 14269225 _____ (Malwarebytes Corporation ) C:\Users\An-D\Desktop\mbam-setup-2.0.1.1004.exe
2014-05-08 13:43 - 2014-05-08 13:43 - 01316991 _____ () C:\Users\An-D\Desktop\adwcleaner.exe
2014-05-07 13:02 - 2014-04-30 20:52 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-05-03 03:35 - 2012-06-10 23:04 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3115540864-2871994801-2538804916-1003Core.job
2014-05-03 02:41 - 2013-12-20 09:15 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-04-30 07:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Local\Thunderbird
2014-04-30 07:51 - 2012-03-31 11:03 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-04-30 07:51 - 2011-05-21 20:08 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-04-29 16:18 - 2008-11-19 00:20 - 00116736 _____ () C:\Users\An-D\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-04-27 21:23 - 2014-04-27 20:32 - 00000000 ____D () C:\ComboFix
2014-04-27 21:23 - 2014-04-27 19:09 - 00000000 ____D () C:\Qoobox
2014-04-27 21:22 - 2014-04-27 21:22 - 00019121 _____ () C:\Users\An-D\Desktop\ComboFix.txt
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 __RHD () C:\Users\Default
2014-04-27 21:22 - 2006-11-02 13:18 - 00000000 ___RD () C:\Users\Public
2014-04-27 20:47 - 2006-11-02 12:23 - 00000259 _____ () C:\Windows\system.ini
2014-04-27 19:51 - 2014-04-27 19:09 - 00000000 ____D () C:\Windows\erdnt
2014-04-27 18:57 - 2014-04-27 18:57 - 00001057 _____ () C:\Users\An-D\Desktop\Revo Uninstaller.lnk
2014-04-27 18:57 - 2014-04-27 18:57 - 00000000 ____D () C:\Program Files\VS Revo Group
2014-04-27 18:54 - 2014-04-27 18:54 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\An-D\Desktop\revosetup95.exe
2014-04-26 20:54 - 2014-04-26 20:53 - 05196309 ____R (Swearware) C:\Users\An-D\Desktop\ComboFix.exe
2014-04-26 03:59 - 2014-04-26 03:59 - 00008153 _____ () C:\Users\An-D\Desktop\Gmer.zip
2014-04-26 03:59 - 2009-02-16 18:42 - 00000000 ____D () C:\Program Files\PowerArchiver
2014-04-26 02:23 - 2014-04-26 02:23 - 00103056 _____ () C:\Users\An-D\Desktop\Gmer.txt
2014-04-26 01:29 - 2014-04-26 01:29 - 00149176 _____ () C:\Windows\Minidump\Mini042614-01.dmp
2014-04-26 01:29 - 2008-12-21 00:04 - 444861160 _____ () C:\Windows\MEMORY.DMP
2014-04-26 01:29 - 2008-12-21 00:04 - 00000000 ____D () C:\Windows\Minidump
2014-04-26 01:05 - 2014-04-26 01:04 - 00380416 _____ () C:\Users\An-D\Desktop\Gmer-19357.exe
2014-04-26 00:59 - 2014-04-26 00:59 - 00040832 _____ () C:\Users\An-D\Desktop\Addition.txt
2014-04-26 00:59 - 2014-04-26 00:58 - 00042375 _____ () C:\Users\An-D\Desktop\FRST old.txt
2014-04-26 00:51 - 2014-04-26 00:51 - 00000470 _____ () C:\Users\An-D\Desktop\defogger_disable.log
2014-04-26 00:51 - 2014-04-26 00:51 - 00000000 _____ () C:\Users\An-D\defogger_reenable
2014-04-26 00:51 - 2008-11-15 16:35 - 00000000 ____D () C:\Users\An-D
2014-04-26 00:48 - 2014-04-26 00:48 - 00050477 _____ () C:\Users\An-D\Desktop\Defogger.exe
2014-04-23 16:41 - 2012-12-09 21:33 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-22 14:53 - 2014-04-22 14:53 - 00001802 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2014-04-22 14:53 - 2014-04-22 14:53 - 00000000 ____D () C:\Users\An-D\AppData\Roaming\Thunderbird
2014-04-22 14:49 - 2014-04-22 14:47 - 21987424 _____ (Mozilla) C:\Users\An-D\Downloads\Thunderbird Setup 24.4.0.exe
2014-04-13 00:25 - 2014-04-13 00:24 - 00000000 ____D () C:\Users\An-D\Desktop\Neuer Ordner
Some content of TEMP:
====================
C:\Users\An-D\AppData\Local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmphwlyzf.dll
C:\Users\An-D\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe => MD5 is legit
C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-08 16:41
==================== End Of Log ============================ --- --- --- |