Vielen Dank!
Hier die Log-Files:
mbamb.txt Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 01.06.2014
Suchlauf-Zeit: 15:29:09
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.06.01.04
Rootkit Datenbank: v2014.05.21.01
Lizenz: Testversion
Malware Schutz: Aktiviert
Bösartiger Webseiten Schutz: Aktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: *******
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 277646
Verstrichene Zeit: 10 Min, 32 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 3
Trojan.Agent.ED, C:\ProgramData\cgkag\eflfjcg.exe, 3176, Löschen bei Neustart, [0543d59ed7a4cb6b8ccf3f40887946ba]
Trojan.Agent.ED, C:\ProgramData\kwxrc\qtfhsic.exe, 3596, Löschen bei Neustart, [c97f4033c3b8b97d90cb344b7c85f10f]
Trojan.Agent.ED, C:\ProgramData\kwxrc\qtfhsic.exe, 5100, Löschen bei Neustart, [c97f4033c3b8b97d90cb344b7c85f10f]
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
PUP.Optional.Softonic.A, HKU\S-1-5-21-1003290865-3347948734-3860767711-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SOFTONIC\Universal Downloader, In Quarantäne, [ef59f67dde9d75c1389305960af84cb4],
Registrierungswerte: 3
Trojan.Agent.ED, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|h4yde5, C:\ProgramData\kwxrc\qtfhsic.exe, In Quarantäne, [c97f4033c3b8b97d90cb344b7c85f10f]
Trojan.Agent.ED, HKU\S-1-5-21-1003290865-3347948734-3860767711-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|h4yde5, C:\ProgramData\kwxrc\qtfhsic.exe, In Quarantäne, [c97f4033c3b8b97d90cb344b7c85f10f]
Trojan.Agent.ED, HKU\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|h4yde5, C:\ProgramData\kwxrc\qtfhsic.exe, In Quarantäne, [c97f4033c3b8b97d90cb344b7c85f10f]
Registrierungsdaten: 0
(No malicious items detected)
Ordner: 0
(No malicious items detected)
Dateien: 18
Trojan.Agent.ED, C:\ProgramData\cgkag\eflfjcg.exe, Löschen bei Neustart, [0543d59ed7a4cb6b8ccf3f40887946ba],
Trojan.Agent.ED, C:\ProgramData\kwxrc\qtfhsic.exe, Löschen bei Neustart, [c97f4033c3b8b97d90cb344b7c85f10f],
Trojan.Agent.ED, C:\ProgramData\bxw\alda.exe, In Quarantäne, [f5536310bcbf47efbd9e7d0248b956aa],
Trojan.Agent.ED, C:\ProgramData\djirpqp\rpgfa.exe, In Quarantäne, [5eea2e451e5dbd79b4a7c8b724dd649c],
Trojan.Agent.ED, C:\ProgramData\omuglfe\qorfukx.exe, In Quarantäne, [cc7cee854b30112543185e21e81914ec],
Trojan.Agent.ED, C:\ProgramData\opvu\ttqrhqs.exe, In Quarantäne, [ec5c3c37c5b623130f4cbec16f925ca4],
Trojan.Agent.ED, C:\ProgramData\fubiles\ykoqtwi.exe, In Quarantäne, [ac9c2e45f08b92a40e4dec93a160a957],
Trojan.Agent.ED, C:\ProgramData\hmgtyw\blwdayu.exe, In Quarantäne, [2424551e0a7195a1c99291eeca376d93],
Trojan.Agent.ED, C:\ProgramData\iki\denm.exe, In Quarantäne, [3b0d4d268eedfc3a8dce027d3ac7619f],
Trojan.Agent.ED, C:\ProgramData\uiv\svujif.exe, In Quarantäne, [de6aa9ca5e1d87af91ca700fdb261be5],
Trojan.Ransom.ED, C:\Users\*******\AppData\Roaming\Fbst\kthbemhnwa.exe, In Quarantäne, [8dbbd2a162198aac04125822e021629e],
Trojan.Agent.ED, C:\Users\*******\AppData\Roaming\Gtuhox\gygylshnwa.exe, In Quarantäne, [13355b18dd9e73c3ff3ba8cb50b130d0],
Trojan.Ransom.ED, C:\Users\*******\AppData\Roaming\Rmueinkqdw\skpxdzxhl.exe, In Quarantäne, [0642254e38431026f81e8feb42bf21df],
Trojan.Agent.ED, C:\Users\*******\AppData\Roaming\Sukvf\ivcevfhnwa.exe, In Quarantäne, [64e4274ccead11250931b7bc9c65cd33],
Adware.Funmoods, C:\Users\*******\Downloads\agsetup183se.exe, In Quarantäne, [173160136615c67027b558a0c93a48b8],
Trojan.Ransom.ED, C:\Users\*******\AppData\Local\Dyynp\xtydrcehnwa.exe, In Quarantäne, [4305d49f007b4fe7a24784e8936e4ab6],
Trojan.Ransom.ED, C:\Users\*******\AppData\Local\Mqlrqlu\gtvwqklhnwa.exe, In Quarantäne, [bb8dd0a395e6df57c12894d8f9083fc1],
Trojan.Ransom.ED, C:\Users\*******\AppData\Local\Qchmof\pvanpyhnwa.exe, In Quarantäne, [b8901f544f2cb38363866903a35e44bc],
Physische Sektoren: 0
(No malicious items detected)
(end) AdwCleaner
AdwCleaner Logfile: Code:
# AdwCleaner v3.211 - Bericht erstellt am 01/06/2014 um 15:55:45
# Aktualisiert 26/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : ******* - *******-VAIO
# Gestartet von : C:\Users\*******\Downloads\trojaner-board\adwcleaner_3.211.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\*******\AppData\LocalLow\FlagFox
Ordner Gelöscht : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Datei Gelöscht : C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Startfenster.lnk
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{50F7F0BE-31BA-4145-BD8B-6B0DECFED804}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{6DDA37BA-0553-499A-AE0D-BEBA67204548}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BA7B8F39-DF7F-4A98-83E9-57CE6ED9CA24}
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Software
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
-\\ Mozilla Firefox v29.0.1 (de)
[ Datei : C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\prefs.js ]
Zeile gelöscht : user_pref("quickstores.toolbar.affid", "2002");
Zeile gelöscht : user_pref("quickstores.toolbar.guid", "{4274F657-3D79-75CC-66F5-3C7878080B37}");
-\\ Google Chrome v
[ Datei : C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : cfdfamfnacokbbbnmpdfmhonipnhmbid
*************************
AdwCleaner[R0].txt - [3177 octets] - [01/06/2014 15:53:53]
AdwCleaner[S0].txt - [2929 octets] - [01/06/2014 15:55:45]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2989 octets] ########## --- --- ---
[/CODE]
JRT Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by ******* on 01.06.2014 at 16:03:50,48
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02DD8284-A49F-43E5-9D84-CF19DC9AD21D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{27DE7D30-BCCD-44D1-ADCB-A74A4259EBEF}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3A0EFC4E-F167-4D0E-9C24-FC5519237993}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{501F5313-346A-4781-9D75-9A5B354E1E08}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{65DEE40A-3E93-4CAE-9F98-B8E06DCEE2BF}
~~~ Files
Successfully deleted: [File] "C:\Users\*******\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\user pinned\taskbar\startfenster.lnk"
Successfully deleted: [File] "C:\Windows\syswow64\wscm32.dll"
Successfully deleted: [File] "C:\Windows\syswow64\wscm64.dll"
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\k66yqq7l.default\prefs.js
user_pref("extensions.flagfox.TdsUwjE0V3", "<!DOCTYPE html>\r;<html>\r\n<head>\r\n<meta hxxp-equiv=\"Content-Type\" content=\"text/html; charset=UTF-8\">\r\n<meta hxxp-equiv=\
Emptied folder: C:\Users\*******\AppData\Roaming\mozilla\firefox\profiles\k66yqq7l.default\minidumps [106 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.06.2014 at 16:11:54,41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
neues FRST log
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-06-2014 01
Ran by ******* (administrator) on *******-VAIO on 01-06-2014 16:42:57
Running from C:\Users\*******\Downloads\trojaner-board
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Sony Corporation) C:\Program Files (x86)\SONY\PMB\PMBDeviceInfoProvider.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Sony Corporation) C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VAIOCareService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Google) C:\Program Files (x86)\Google\Google Talk\googletalk.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Java\jre6\bin\jusched.exe
(Glarysoft Ltd) C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCsystray.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-10-13] (Intel Corporation)
HKLM\...\Run: [NvCplDaemon] => C:\Windows\system32\NvCpl.dll [16395880 2009-11-02] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8306208 2009-11-02] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1825064 2009-11-11] (Synaptics Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [171520 2012-11-25] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280 2012-11-25] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\VESWinlogon-x32: VESWinlogon.dll [X]
HKU\.DEFAULT\...\Winlogon: [Shell] C:\ProgramData\cgkag\eflfjcg.exe,explorer.exe <==== ATTENTION
HKU\S-1-5-21-1003290865-3347948734-3860767711-1001\...\Run: [googletalk] => C:\Program Files (x86)\Google\Google Talk\googletalk.exe [3293184 2007-11-21] (Google)
HKU\S-1-5-21-1003290865-3347948734-3860767711-1001\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [37152 2014-05-13] (Glarysoft Ltd)
HKU\S-1-5-21-1003290865-3347948734-3860767711-1001\...\Winlogon: [Shell] C:\ProgramData\cgkag\eflfjcg.exe,explorer.exe <==== ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {10E6E96D-6646-4726-8BD8-0E30981BBAF8} URL = hxxp://de.shopping.com/?linkin_id=8056363
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKCU - {F1B2647F-CDCB-43BB-94A6-7A59D9FE5E98} URL = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
SearchScopes: HKCU - {FD594893-4F0B-4EBD-895E-F7655EB47203} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO-x32: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default
FF Homepage: hxxp://www.google.de
FF NetworkProxy: "backup.ftp", "130.92.70.254"
FF NetworkProxy: "backup.ftp_port", 3128
FF NetworkProxy: "backup.gopher", "130.92.70.254"
FF NetworkProxy: "backup.gopher_port", 3128
FF NetworkProxy: "backup.socks", "130.92.70.254"
FF NetworkProxy: "backup.socks_port", 3128
FF NetworkProxy: "backup.ssl", "130.92.70.254"
FF NetworkProxy: "backup.ssl_port", 3128
FF NetworkProxy: "ftp", "84.74.11.149"
FF NetworkProxy: "ftp_port", 3128
FF NetworkProxy: "gopher", "84.74.11.149"
FF NetworkProxy: "gopher_port", 3128
FF NetworkProxy: "http", "84.74.11.149"
FF NetworkProxy: "http_port", 3128
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "84.74.11.149"
FF NetworkProxy: "socks_port", 3128
FF NetworkProxy: "ssl", "84.74.11.149"
FF NetworkProxy: "ssl_port", 3128
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_214.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @sony.com/ReaderDesktop - C:\Program Files (x86)\Sony\ReaderDesktop\npreaderdetectmoz.dll (Sony Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.4 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: HTTPS-Everywhere - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\https-everywhere@eff.org [2014-04-27]
FF Extension: Flagfox - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\info@flagfox.net [2013-05-20]
FF Extension: Youtube MP3 Podcaster - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\youtubemp3podcaster@jeremy.d.gregorio.com [2014-05-09]
FF Extension: Garmin Communicator - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: EPUBReader - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F} [2013-12-01]
FF Extension: CookieSafe - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\{9D23D0AA-D8F5-11DA-B3FC-0928ABF316DD} [2012-11-25]
FF Extension: Ghostery - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\firefox@ghostery.com.xpi [2013-08-19]
FF Extension: Adblock Plus - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012-11-25]
FF Extension: BetterPrivacy - C:\Users\*******\AppData\Roaming\Mozilla\Firefox\Profiles\k66yqq7l.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012-11-25]
FF HKLM-x32\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
FF HKCU\...\Firefox\Extensions: [{8D150B8F-EFE8-45a3-A4A3-053020F48FAC}] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\
FF Extension: Wondershare Video Converter Ultimate - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRFirefoxExt\ []
Chrome:
=======
CHR HomePage:
CHR Extension: (No Name) - C:\Users\*******\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfdfamfnacokbbbnmpdfmhonipnhmbid [2013-05-20]
CHR HKLM-x32\...\Chrome\Extension: [chgdeabpmphfhkoemjjglmilajldekbp] - C:\Program Files (x86)\Wondershare\Video Converter Ultimate\SVRChromePlugin.crx [2014-02-16]
==================== Services (Whitelisted) =================
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 Roxio UPnP Renderer 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [313840 2009-08-31] (Sonic Solutions)
S2 Roxio Upnp Server 10; C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [362992 2009-08-31] (Sonic Solutions)
S3 SampleCollector; C:\Program Files\Sony\VAIO Care\collsvc.exe [167424 2009-09-17] (Intel Corporation)
S3 SOHDBSvr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe [70952 2009-11-25] (Sony Corporation)
S3 SOHPlMgr; C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe [91432 2009-11-25] (Sony Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S3 VAIO Entertainment TV Device Arbitration Service; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe [69632 2009-09-14] (Sony Corporation)
R2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [642416 2009-09-14] (Sony Corporation)
S3 VUAgent; C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [1165680 2009-10-30] (Sony Corporation)
R2 VzCdbSvc; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe [206336 2009-09-14] (Sony Corporation)
==================== Drivers (Whitelisted) ====================
S3 AF9035BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [514856 2012-11-09] (ITETech )
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17600 2014-05-13] (Glarysoft Ltd)
R0 GUBootStartup; C:\Windows\System32\drivers\GUBootStartup.sys [20672 2014-05-26] (Glarysoft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [122584 2014-06-01] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-11-12] ()
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-01 16:11 - 2014-06-01 16:11 - 00002058 _____ () C:\Users\*******\Desktop\JRT.txt
2014-06-01 16:03 - 2014-06-01 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 15:54 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-01 15:53 - 2014-06-01 15:55 - 00000000 ____D () C:\AdwCleaner
2014-06-01 15:51 - 2014-06-01 15:51 - 00000000 __SHD () C:\Users\*******\AppData\Local\EmieUserList
2014-06-01 15:51 - 2014-06-01 15:51 - 00000000 __SHD () C:\Users\*******\AppData\Local\EmieSiteList
2014-06-01 15:26 - 2014-06-01 16:27 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 15:25 - 2014-06-01 15:27 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 15:25 - 2014-06-01 15:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-01 15:25 - 2014-06-01 15:27 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 15:25 - 2014-06-01 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 15:25 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-01 15:25 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-01 15:25 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-01 15:16 - 2014-06-01 15:56 - 00005182 _____ () C:\Windows\PFRO.log
2014-05-31 12:05 - 2014-05-31 12:05 - 00032898 _____ () C:\ComboFix.txt
2014-05-31 12:05 - 2014-05-31 12:05 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-31 12:05 - 2014-05-31 12:05 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-31 12:05 - 2014-05-31 12:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-31 11:32 - 2014-05-31 12:05 - 00000000 ____D () C:\Qoobox
2014-05-31 11:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-31 11:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-31 11:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-31 11:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-31 11:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-31 11:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-31 11:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-31 11:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-31 11:31 - 2014-05-31 11:59 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 11:31 - 2014-05-31 11:31 - 05203398 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe
2014-05-31 11:27 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\lbdrtm
2014-05-31 02:20 - 2014-05-31 02:20 - 549812303 _____ () C:\Windows\MEMORY.DMP
2014-05-31 02:20 - 2014-05-31 02:20 - 00496632 _____ () C:\Windows\Minidump\053114-34538-01.dmp
2014-05-31 02:20 - 2014-05-31 02:20 - 00000000 ____D () C:\Windows\Minidump
2014-05-31 00:02 - 2014-06-01 16:42 - 00000000 ____D () C:\Users\*******\Downloads\trojaner-board
2014-05-30 23:07 - 2014-06-01 16:43 - 00000000 ____D () C:\FRST
2014-05-30 23:04 - 2014-05-30 23:04 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-05-30 23:02 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\uhwxo
2014-05-30 23:02 - 2014-05-30 23:02 - 00000000 ____D () C:\ProgramData\pdh
2014-05-30 23:01 - 2014-05-30 23:02 - 00000000 ____D () C:\ProgramData\yex
2014-05-27 23:03 - 2014-06-01 15:44 - 00000000 ____D () C:\ProgramData\cgkag
2014-05-27 23:02 - 2014-06-01 15:44 - 00000000 ____D () C:\ProgramData\kwxrc
2014-05-27 23:02 - 2014-06-01 15:20 - 00000000 ____D () C:\ProgramData\kqsmn
2014-05-27 23:02 - 2014-05-27 23:02 - 00000000 ____D () C:\ProgramData\ommo
2014-05-27 22:51 - 2014-06-01 15:56 - 00000448 _____ () C:\Windows\setupact.log
2014-05-27 22:51 - 2014-05-27 22:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 21:51 - 2014-05-26 21:51 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-26 21:31 - 2014-06-01 15:58 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-05-26 21:31 - 2014-06-01 15:16 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DiskDefrag
2014-05-26 21:31 - 2014-05-26 21:31 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-26 21:31 - 2014-05-26 21:31 - 00002984 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-05-26 21:31 - 2014-05-26 21:31 - 00002646 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-26 21:31 - 2014-05-26 21:31 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-26 21:31 - 2014-05-26 21:31 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-26 21:31 - 2014-05-26 21:31 - 00000000 ____D () C:\Users\*******\AppData\Roaming\GlarySoft
2014-05-26 21:31 - 2014-05-26 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-26 21:31 - 2014-05-13 08:33 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-05-26 21:31 - 2014-05-13 08:22 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-05-26 21:30 - 2014-06-01 15:59 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-05-26 21:11 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\iki
2014-05-26 21:08 - 2014-05-26 21:09 - 13409904 _____ () C:\Users\*******\Downloads\gusetup_29489.exe
2014-05-26 18:29 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\rxgvvu
2014-05-26 18:28 - 2014-05-26 18:29 - 00000000 ____D () C:\ProgramData\vlix
2014-05-26 18:27 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\fubiles
2014-05-25 16:31 - 2014-05-30 22:29 - 00000000 ____D () C:\ProgramData\twk
2014-05-25 16:31 - 2014-05-25 16:32 - 00000000 ____D () C:\ProgramData\ktw
2014-05-23 17:25 - 2014-05-23 17:25 - 00000000 ____D () C:\Windows\pss
2014-05-23 16:46 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\hmgtyw
2014-05-23 16:46 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\xro
2014-05-23 16:46 - 2014-05-23 16:47 - 00000000 ____D () C:\ProgramData\yvyjqtp
2014-05-23 07:42 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\opvu
2014-05-22 21:06 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\kwp
2014-05-22 21:06 - 2014-05-22 21:06 - 00000000 ____D () C:\ProgramData\rmaeku
2014-05-22 10:58 - 2014-05-24 09:33 - 00000000 ____D () C:\ProgramData\dyphrwy
2014-05-22 10:57 - 2014-05-22 10:58 - 00000000 ____D () C:\ProgramData\rvxlx
2014-05-22 08:38 - 2014-05-22 08:38 - 00001110 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-05-22 08:38 - 2014-05-22 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-05-22 08:35 - 2014-05-22 08:37 - 17529160 _____ (Google Inc.) C:\Users\*******\Downloads\picasa39-setup.exe
2014-05-22 08:30 - 2014-05-22 08:33 - 00000000 ____D () C:\Users\*******\Downloads\ebooks
2014-05-22 08:23 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\uiv
2014-05-21 22:04 - 2014-05-21 22:04 - 00000000 ____D () C:\Users\*******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-21 19:14 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\oqxgd
2014-05-21 19:14 - 2014-05-21 19:15 - 00000000 ____D () C:\ProgramData\dydgoad
2014-05-21 19:13 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\omuglfe
2014-05-20 19:55 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\qxpcplq
2014-05-20 19:55 - 2014-05-20 19:55 - 00000000 ____D () C:\ProgramData\flbl
2014-05-19 23:02 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\djirpqp
2014-05-19 20:44 - 2014-06-01 15:43 - 00000000 ___HD () C:\Users\*******\AppData\Roaming\Rmueinkqdw
2014-05-19 20:35 - 2014-06-01 15:43 - 00000000 ____D () C:\ProgramData\bxw
2014-05-19 20:35 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\lesqxf
2014-05-19 20:35 - 2014-05-19 20:35 - 00000000 ____D () C:\ProgramData\csht
2014-05-19 20:33 - 2014-05-31 11:42 - 00000000 ____D () C:\ProgramData\vpi
2014-05-18 20:42 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\lfhr
2014-05-18 20:42 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\urvn
2014-05-18 20:42 - 2014-05-18 20:43 - 00000000 ____D () C:\ProgramData\rvb
2014-05-18 14:14 - 2014-05-18 14:14 - 00000000 ____D () C:\ProgramData\yriyh
2014-05-18 12:55 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\qbot
2014-05-18 12:55 - 2014-05-18 12:56 - 00000000 ____D () C:\ProgramData\vmocrhv
2014-05-17 16:31 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\lcpbmns
2014-05-17 13:02 - 2014-05-17 13:02 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DropboxMaster
2014-05-17 12:57 - 2014-05-31 11:40 - 00000000 ____D () C:\ProgramData\bwclux
2014-05-17 12:57 - 2014-05-20 19:54 - 00000000 ____D () C:\ProgramData\qejwf
2014-05-17 12:57 - 2014-05-17 12:57 - 00000000 ____D () C:\ProgramData\xruesx
2014-05-17 12:55 - 2014-05-31 11:42 - 00000000 ____D () C:\ProgramData\qgkgilg
2014-05-16 22:12 - 2014-05-16 22:12 - 00000000 ____D () C:\Users\*******\Downloads\AID
2014-05-16 18:31 - 2014-05-17 12:57 - 00000000 ____D () C:\ProgramData\mjbnwg
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\qpmvt
2014-05-15 20:11 - 2014-05-23 16:37 - 00000000 ____D () C:\ProgramData\clqtx
2014-05-15 20:11 - 2014-05-15 20:11 - 00000000 ____D () C:\ProgramData\lad
2014-05-14 23:55 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-14 23:55 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-14 23:55 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-14 23:55 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-14 23:55 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 23:55 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-14 23:47 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 23:47 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 23:47 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 23:47 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 23:47 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 23:47 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 23:47 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 23:47 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 23:47 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 23:47 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-14 23:47 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-14 23:47 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 23:47 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-14 23:47 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 23:47 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 23:47 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 23:47 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 23:47 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 23:47 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 23:47 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 23:47 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 23:47 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 23:47 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-14 23:47 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-14 23:47 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-14 23:47 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-14 23:47 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-14 23:47 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 19:56 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\mmjkpw
2014-05-14 19:56 - 2014-05-14 19:56 - 00000000 ____D () C:\ProgramData\clnibb
2014-05-13 21:58 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\qgvqo
2014-05-13 21:58 - 2014-05-13 21:58 - 00000000 ____D () C:\ProgramData\cqhykt
2014-05-13 21:52 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\jhddieb
2014-05-12 20:41 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\nthojob
2014-05-12 20:41 - 2014-05-18 12:55 - 00000000 ____D () C:\ProgramData\uwhem
2014-05-12 20:41 - 2014-05-12 20:41 - 00000000 ____D () C:\ProgramData\whop
2014-05-12 18:14 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\kvq
2014-05-12 18:14 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\yhl
2014-05-12 18:13 - 2014-05-12 18:14 - 00000000 ____D () C:\ProgramData\bytwfcm
2014-05-11 20:00 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\boehm
2014-05-11 20:00 - 2014-05-11 20:00 - 00000000 ____D () C:\ProgramData\poy
2014-05-11 19:57 - 2014-06-01 15:43 - 00000000 ___HD () C:\Users\*******\AppData\Local\Mqlrqlu
2014-05-11 19:43 - 2014-06-01 15:43 - 00000000 ___HD () C:\Users\*******\AppData\Local\Dyynp
2014-05-11 13:45 - 2014-05-13 21:51 - 00000000 ____D () C:\ProgramData\vjxuo
2014-05-11 13:45 - 2014-05-11 13:45 - 00000000 ____D () C:\ProgramData\qltio
2014-05-10 16:08 - 2014-05-10 16:09 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 13:35 - 2014-05-31 11:42 - 00000000 ____D () C:\ProgramData\vqu
2014-05-10 13:35 - 2014-05-11 13:45 - 00000000 ____D () C:\ProgramData\rqkr
2014-05-10 13:35 - 2014-05-10 13:35 - 00000000 ____D () C:\ProgramData\xghp
2014-05-09 22:16 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\gyr
2014-05-09 22:16 - 2014-05-09 22:16 - 00000000 ____D () C:\ProgramData\nqappww
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Brice_Lambson
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Program Files\Image Resizer for Windows
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Program Files (x86)\Image Resizer for Windows
2014-05-09 20:47 - 2014-05-09 20:47 - 00629584 _____ (Chip Digital GmbH) C:\Users\*******\Downloads\Image Resizer - CHIP-Downloader.exe
2014-05-09 19:30 - 2014-05-31 11:40 - 00000000 ____D () C:\ProgramData\edwskdf
2014-05-09 18:06 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\jxd
2014-05-09 18:06 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\byeinvn
2014-05-09 18:06 - 2014-05-09 18:07 - 00000000 ____D () C:\ProgramData\lrydif
2014-05-09 17:41 - 2014-05-09 17:46 - 71756222 _____ () C:\Users\*******\Downloads\*******_*******.rar
2014-05-09 13:28 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\hbefmtu
2014-05-08 22:29 - 2014-05-12 18:13 - 00000000 ____D () C:\ProgramData\drttm
2014-05-08 22:29 - 2014-05-08 22:29 - 00000000 ____D () C:\ProgramData\jrcpru
2014-05-08 19:33 - 2014-05-15 20:11 - 00000000 ____D () C:\ProgramData\kqmopn
2014-05-08 19:33 - 2014-05-08 19:33 - 00000000 ____D () C:\ProgramData\djijq
2014-05-07 17:57 - 2014-05-31 11:42 - 00000000 ____D () C:\ProgramData\sulfk
2014-05-07 17:56 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\msex
2014-05-07 17:56 - 2014-05-07 17:56 - 00000000 ____D () C:\ProgramData\lrj
2014-05-06 22:25 - 2014-05-15 20:07 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-06 19:23 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\frfh
2014-05-06 19:22 - 2014-06-01 15:19 - 00000000 ____D () C:\ProgramData\uxq
2014-05-06 19:22 - 2014-05-31 11:42 - 00000000 ____D () C:\ProgramData\yisw
2014-05-06 19:22 - 2014-05-31 11:41 - 00000000 ____D () C:\ProgramData\ghw
2014-05-06 19:22 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\ussu
2014-05-06 19:22 - 2014-05-31 11:28 - 00000000 ____D () C:\ProgramData\isap
2014-05-06 19:22 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\neand
2014-05-06 19:22 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\dsj
2014-05-06 19:16 - 2014-06-01 15:20 - 00000000 ____D () C:\ProgramData\yriyhht
2014-05-04 14:09 - 2014-06-01 15:43 - 00000000 ___HD () C:\Users\*******\AppData\Local\Qchmof
==================== One Month Modified Files and Folders =======
2014-06-01 16:43 - 2014-05-30 23:07 - 00000000 ____D () C:\FRST
2014-06-01 16:43 - 2012-11-25 21:44 - 00000000 ____D () C:\Users\*******\AppData\Local\Temp
2014-06-01 16:42 - 2014-05-31 00:02 - 00000000 ____D () C:\Users\*******\Downloads\trojaner-board
2014-06-01 16:27 - 2014-06-01 15:26 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-01 16:16 - 2012-11-25 20:09 - 01572506 _____ () C:\Windows\WindowsUpdate.log
2014-06-01 16:11 - 2014-06-01 16:11 - 00002058 _____ () C:\Users\*******\Desktop\JRT.txt
2014-06-01 16:06 - 2013-04-07 13:27 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-01 16:04 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-01 16:04 - 2009-07-14 06:45 - 00014144 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-01 16:03 - 2014-06-01 16:03 - 00000000 ____D () C:\Windows\ERUNT
2014-06-01 15:59 - 2014-05-26 21:30 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 5
2014-06-01 15:58 - 2014-05-26 21:31 - 00000338 _____ () C:\Windows\Tasks\GlaryInitialize 5.job
2014-06-01 15:56 - 2014-06-01 15:16 - 00005182 _____ () C:\Windows\PFRO.log
2014-06-01 15:56 - 2014-05-27 22:51 - 00000448 _____ () C:\Windows\setupact.log
2014-06-01 15:56 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-01 15:55 - 2014-06-01 15:53 - 00000000 ____D () C:\AdwCleaner
2014-06-01 15:51 - 2014-06-01 15:51 - 00000000 __SHD () C:\Users\*******\AppData\Local\EmieUserList
2014-06-01 15:51 - 2014-06-01 15:51 - 00000000 __SHD () C:\Users\*******\AppData\Local\EmieSiteList
2014-06-01 15:49 - 2012-11-25 19:56 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-01 15:49 - 2012-11-25 19:56 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-01 15:49 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-01 15:44 - 2014-05-27 23:03 - 00000000 ____D () C:\ProgramData\cgkag
2014-06-01 15:44 - 2014-05-27 23:02 - 00000000 ____D () C:\ProgramData\kwxrc
2014-06-01 15:43 - 2014-05-26 21:11 - 00000000 ____D () C:\ProgramData\iki
2014-06-01 15:43 - 2014-05-26 18:27 - 00000000 ____D () C:\ProgramData\fubiles
2014-06-01 15:43 - 2014-05-23 16:46 - 00000000 ____D () C:\ProgramData\hmgtyw
2014-06-01 15:43 - 2014-05-23 07:42 - 00000000 ____D () C:\ProgramData\opvu
2014-06-01 15:43 - 2014-05-22 08:23 - 00000000 ____D () C:\ProgramData\uiv
2014-06-01 15:43 - 2014-05-21 19:13 - 00000000 ____D () C:\ProgramData\omuglfe
2014-06-01 15:43 - 2014-05-19 23:02 - 00000000 ____D () C:\ProgramData\djirpqp
2014-06-01 15:43 - 2014-05-19 20:44 - 00000000 ___HD () C:\Users\*******\AppData\Roaming\Rmueinkqdw
2014-06-01 15:43 - 2014-05-19 20:35 - 00000000 ____D () C:\ProgramData\bxw
2014-06-01 15:43 - 2014-05-11 19:57 - 00000000 ___HD () C:\Users\*******\AppData\Local\Mqlrqlu
2014-06-01 15:43 - 2014-05-11 19:43 - 00000000 ___HD () C:\Users\*******\AppData\Local\Dyynp
2014-06-01 15:43 - 2014-05-04 14:09 - 00000000 ___HD () C:\Users\*******\AppData\Local\Qchmof
2014-06-01 15:43 - 2014-04-30 21:42 - 00000000 ___HD () C:\Users\*******\AppData\Roaming\Fbst
2014-06-01 15:43 - 2014-04-17 18:42 - 00000000 ___HD () C:\Users\*******\AppData\Roaming\Gtuhox
2014-06-01 15:43 - 2014-04-16 19:20 - 00000000 ___HD () C:\Users\*******\AppData\Roaming\Sukvf
2014-06-01 15:43 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Globalization
2014-06-01 15:27 - 2014-06-01 15:25 - 00001106 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-06-01 15:27 - 2014-06-01 15:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-06-01 15:27 - 2014-06-01 15:25 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-06-01 15:25 - 2014-06-01 15:25 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-01 15:25 - 2012-11-25 22:10 - 00003954 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{B8DD371E-3DCD-4903-8C92-6D8D63096EFF}
2014-06-01 15:20 - 2014-05-27 23:02 - 00000000 ____D () C:\ProgramData\kqsmn
2014-06-01 15:20 - 2014-05-06 19:16 - 00000000 ____D () C:\ProgramData\yriyhht
2014-06-01 15:19 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\uxq
2014-06-01 15:16 - 2014-05-26 21:31 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DiskDefrag
2014-05-31 14:26 - 2012-11-25 23:37 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Macromedia
2014-05-31 12:05 - 2014-05-31 12:05 - 00032898 _____ () C:\ComboFix.txt
2014-05-31 12:05 - 2014-05-31 12:05 - 00000000 ____D () C:\Users\Public\AppData\Local\temp
2014-05-31 12:05 - 2014-05-31 12:05 - 00000000 ____D () C:\Users\Default\AppData\Local\temp
2014-05-31 12:05 - 2014-05-31 12:05 - 00000000 ____D () C:\Users\Default User\AppData\Local\temp
2014-05-31 12:05 - 2014-05-31 11:32 - 00000000 ____D () C:\Qoobox
2014-05-31 12:05 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-05-31 11:59 - 2014-05-31 11:31 - 00000000 ____D () C:\Windows\erdnt
2014-05-31 11:49 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-31 11:42 - 2014-05-19 20:33 - 00000000 ____D () C:\ProgramData\vpi
2014-05-31 11:42 - 2014-05-17 12:55 - 00000000 ____D () C:\ProgramData\qgkgilg
2014-05-31 11:42 - 2014-05-10 13:35 - 00000000 ____D () C:\ProgramData\vqu
2014-05-31 11:42 - 2014-05-07 17:57 - 00000000 ____D () C:\ProgramData\sulfk
2014-05-31 11:42 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\yisw
2014-05-31 11:41 - 2014-05-18 20:42 - 00000000 ____D () C:\ProgramData\lfhr
2014-05-31 11:41 - 2014-05-17 16:31 - 00000000 ____D () C:\ProgramData\lcpbmns
2014-05-31 11:41 - 2014-05-13 21:52 - 00000000 ____D () C:\ProgramData\jhddieb
2014-05-31 11:41 - 2014-05-12 20:41 - 00000000 ____D () C:\ProgramData\nthojob
2014-05-31 11:41 - 2014-05-12 18:14 - 00000000 ____D () C:\ProgramData\kvq
2014-05-31 11:41 - 2014-05-09 18:06 - 00000000 ____D () C:\ProgramData\jxd
2014-05-31 11:41 - 2014-05-09 13:28 - 00000000 ____D () C:\ProgramData\hbefmtu
2014-05-31 11:41 - 2014-05-06 19:23 - 00000000 ____D () C:\ProgramData\frfh
2014-05-31 11:41 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\ghw
2014-05-31 11:40 - 2014-05-17 12:57 - 00000000 ____D () C:\ProgramData\bwclux
2014-05-31 11:40 - 2014-05-09 19:30 - 00000000 ____D () C:\ProgramData\edwskdf
2014-05-31 11:31 - 2014-05-31 11:31 - 05203398 ____R (Swearware) C:\Users\*******\Desktop\ComboFix.exe
2014-05-31 11:28 - 2014-05-23 16:46 - 00000000 ____D () C:\ProgramData\xro
2014-05-31 11:28 - 2014-05-21 19:14 - 00000000 ____D () C:\ProgramData\oqxgd
2014-05-31 11:28 - 2014-05-20 19:55 - 00000000 ____D () C:\ProgramData\qxpcplq
2014-05-31 11:28 - 2014-05-19 20:35 - 00000000 ____D () C:\ProgramData\lesqxf
2014-05-31 11:28 - 2014-05-18 20:42 - 00000000 ____D () C:\ProgramData\urvn
2014-05-31 11:28 - 2014-05-14 19:56 - 00000000 ____D () C:\ProgramData\mmjkpw
2014-05-31 11:28 - 2014-05-13 21:58 - 00000000 ____D () C:\ProgramData\qgvqo
2014-05-31 11:28 - 2014-05-11 20:00 - 00000000 ____D () C:\ProgramData\boehm
2014-05-31 11:28 - 2014-05-09 22:16 - 00000000 ____D () C:\ProgramData\gyr
2014-05-31 11:28 - 2014-05-09 18:06 - 00000000 ____D () C:\ProgramData\byeinvn
2014-05-31 11:28 - 2014-05-07 17:56 - 00000000 ____D () C:\ProgramData\msex
2014-05-31 11:28 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\ussu
2014-05-31 11:28 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\isap
2014-05-31 11:27 - 2014-05-31 11:27 - 00000000 ____D () C:\ProgramData\lbdrtm
2014-05-31 11:27 - 2014-05-30 23:02 - 00000000 ____D () C:\ProgramData\uhwxo
2014-05-31 11:27 - 2014-05-26 18:29 - 00000000 ____D () C:\ProgramData\rxgvvu
2014-05-31 11:27 - 2014-05-22 21:06 - 00000000 ____D () C:\ProgramData\kwp
2014-05-31 11:27 - 2014-05-18 12:55 - 00000000 ____D () C:\ProgramData\qbot
2014-05-31 11:27 - 2014-05-12 18:14 - 00000000 ____D () C:\ProgramData\yhl
2014-05-31 02:20 - 2014-05-31 02:20 - 549812303 _____ () C:\Windows\MEMORY.DMP
2014-05-31 02:20 - 2014-05-31 02:20 - 00496632 _____ () C:\Windows\Minidump\053114-34538-01.dmp
2014-05-31 02:20 - 2014-05-31 02:20 - 00000000 ____D () C:\Windows\Minidump
2014-05-30 23:28 - 2012-11-25 22:28 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Adobe
2014-05-30 23:28 - 2012-11-25 20:05 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-30 23:28 - 2012-11-25 20:05 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-30 23:24 - 2014-02-16 19:28 - 00000000 ____D () C:\Program Files (x86)\DVD Data shrink
2014-05-30 23:19 - 2012-11-26 02:05 - 00000000 ____D () C:\Users\*******\AppData\Local\Adobe
2014-05-30 23:04 - 2014-05-30 23:04 - 00000000 _____ () C:\Users\*******\defogger_reenable
2014-05-30 23:04 - 2012-11-25 21:44 - 00000000 ____D () C:\Users\*******
2014-05-30 23:02 - 2014-05-30 23:02 - 00000000 ____D () C:\ProgramData\pdh
2014-05-30 23:02 - 2014-05-30 23:01 - 00000000 ____D () C:\ProgramData\yex
2014-05-30 22:29 - 2014-05-25 16:31 - 00000000 ____D () C:\ProgramData\twk
2014-05-27 23:02 - 2014-05-27 23:02 - 00000000 ____D () C:\ProgramData\ommo
2014-05-27 22:51 - 2014-05-27 22:51 - 00000000 _____ () C:\Windows\setuperr.log
2014-05-26 22:08 - 2009-11-19 21:47 - 00000000 ____D () C:\Windows\Panther
2014-05-26 21:51 - 2014-05-26 21:51 - 00000000 ____D () C:\ProgramData\GlarySoft
2014-05-26 21:31 - 2014-05-26 21:31 - 00020672 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\GUBootStartup.sys
2014-05-26 21:31 - 2014-05-26 21:31 - 00002984 _____ () C:\Windows\System32\Tasks\GU5SkipUAC
2014-05-26 21:31 - 2014-05-26 21:31 - 00002646 _____ () C:\Windows\System32\Tasks\GlaryInitialize 5
2014-05-26 21:31 - 2014-05-26 21:31 - 00001096 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2014-05-26 21:31 - 2014-05-26 21:31 - 00001084 _____ () C:\Users\Public\Desktop\Glary Utilities 5.lnk
2014-05-26 21:31 - 2014-05-26 21:31 - 00000000 ____D () C:\Users\*******\AppData\Roaming\GlarySoft
2014-05-26 21:31 - 2014-05-26 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5
2014-05-26 21:09 - 2014-05-26 21:08 - 13409904 _____ () C:\Users\*******\Downloads\gusetup_29489.exe
2014-05-26 18:29 - 2014-05-26 18:28 - 00000000 ____D () C:\ProgramData\vlix
2014-05-25 16:32 - 2014-05-25 16:31 - 00000000 ____D () C:\ProgramData\ktw
2014-05-24 09:33 - 2014-05-22 10:58 - 00000000 ____D () C:\ProgramData\dyphrwy
2014-05-23 17:26 - 2013-01-03 20:44 - 00000000 ___RD () C:\Users\*******\Dropbox
2014-05-23 17:25 - 2014-05-23 17:25 - 00000000 ____D () C:\Windows\pss
2014-05-23 17:25 - 2012-11-25 22:10 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 17:25 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-23 16:47 - 2014-05-23 16:46 - 00000000 ____D () C:\ProgramData\yvyjqtp
2014-05-23 16:39 - 2013-01-03 20:41 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Dropbox
2014-05-23 16:37 - 2014-05-15 20:11 - 00000000 ____D () C:\ProgramData\clqtx
2014-05-22 21:06 - 2014-05-22 21:06 - 00000000 ____D () C:\ProgramData\rmaeku
2014-05-22 10:58 - 2014-05-22 10:57 - 00000000 ____D () C:\ProgramData\rvxlx
2014-05-22 08:38 - 2014-05-22 08:38 - 00001110 _____ () C:\Users\Public\Desktop\Picasa 3.lnk
2014-05-22 08:38 - 2014-05-22 08:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2014-05-22 08:38 - 2012-11-25 22:27 - 00000000 ____D () C:\Users\*******\AppData\Local\Google
2014-05-22 08:37 - 2014-05-22 08:35 - 17529160 _____ (Google Inc.) C:\Users\*******\Downloads\picasa39-setup.exe
2014-05-22 08:37 - 2012-11-25 20:06 - 00000000 ____D () C:\Program Files (x86)\Google
2014-05-22 08:33 - 2014-05-22 08:30 - 00000000 ____D () C:\Users\*******\Downloads\ebooks
2014-05-21 22:04 - 2014-05-21 22:04 - 00000000 ____D () C:\Users\*******\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2014-05-21 19:15 - 2014-05-21 19:14 - 00000000 ____D () C:\ProgramData\dydgoad
2014-05-20 19:55 - 2014-05-20 19:55 - 00000000 ____D () C:\ProgramData\flbl
2014-05-20 19:54 - 2014-05-17 12:57 - 00000000 ____D () C:\ProgramData\qejwf
2014-05-19 20:44 - 2014-04-22 18:06 - 00000000 ___HD () C:\Users\*******\AppData\Roaming\Phqq
2014-05-19 20:35 - 2014-05-19 20:35 - 00000000 ____D () C:\ProgramData\csht
2014-05-18 20:43 - 2014-05-18 20:42 - 00000000 ____D () C:\ProgramData\rvb
2014-05-18 14:14 - 2014-05-18 14:14 - 00000000 ____D () C:\ProgramData\yriyh
2014-05-18 12:56 - 2014-05-18 12:55 - 00000000 ____D () C:\ProgramData\vmocrhv
2014-05-18 12:55 - 2014-05-12 20:41 - 00000000 ____D () C:\ProgramData\uwhem
2014-05-17 13:02 - 2014-05-17 13:02 - 00000000 ____D () C:\Users\*******\AppData\Roaming\DropboxMaster
2014-05-17 13:01 - 2013-01-03 20:44 - 00001027 _____ () C:\Users\*******\Desktop\Dropbox.lnk
2014-05-17 13:01 - 2013-01-03 20:41 - 00000000 ____D () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-17 12:57 - 2014-05-17 12:57 - 00000000 ____D () C:\ProgramData\xruesx
2014-05-17 12:57 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\mjbnwg
2014-05-17 12:54 - 2009-07-14 06:45 - 04999672 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-16 22:52 - 2012-11-25 21:44 - 00089544 _____ () C:\Users\*******\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-16 22:30 - 2013-10-13 20:28 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-05-16 22:12 - 2014-05-16 22:12 - 00000000 ____D () C:\Users\*******\Downloads\AID
2014-05-16 18:31 - 2014-05-16 18:31 - 00000000 ____D () C:\ProgramData\qpmvt
2014-05-15 20:11 - 2014-05-15 20:11 - 00000000 ____D () C:\ProgramData\lad
2014-05-15 20:11 - 2014-05-08 19:33 - 00000000 ____D () C:\ProgramData\kqmopn
2014-05-15 20:10 - 2012-11-25 22:10 - 00000000 ___RD () C:\Users\*******\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-15 20:07 - 2014-05-06 22:25 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-14 23:55 - 2013-07-27 10:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-14 23:55 - 2012-11-25 20:12 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-14 23:52 - 2012-11-25 23:27 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-14 19:56 - 2014-05-14 19:56 - 00000000 ____D () C:\ProgramData\clnibb
2014-05-13 23:23 - 2014-01-07 22:16 - 00000000 ____D () C:\Users\*******\ownCloud
2014-05-13 22:07 - 2013-04-07 13:27 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 22:07 - 2013-04-07 13:27 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 22:07 - 2013-04-07 13:27 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 21:58 - 2014-05-13 21:58 - 00000000 ____D () C:\ProgramData\cqhykt
2014-05-13 21:51 - 2014-05-11 13:45 - 00000000 ____D () C:\ProgramData\vjxuo
2014-05-13 08:33 - 2014-05-26 21:31 - 00118048 _____ (Glarysoft Ltd) C:\Windows\system32\BootDefrag.exe
2014-05-13 08:22 - 2014-05-26 21:31 - 00017600 _____ (Glarysoft Ltd) C:\Windows\system32\Drivers\BootDefragDriver.sys
2014-05-12 20:41 - 2014-05-12 20:41 - 00000000 ____D () C:\ProgramData\whop
2014-05-12 18:14 - 2014-05-12 18:13 - 00000000 ____D () C:\ProgramData\bytwfcm
2014-05-12 18:13 - 2014-05-08 22:29 - 00000000 ____D () C:\ProgramData\drttm
2014-05-12 07:26 - 2014-06-01 15:25 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-12 07:26 - 2014-06-01 15:25 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-12 07:25 - 2014-06-01 15:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-11 20:00 - 2014-05-11 20:00 - 00000000 ____D () C:\ProgramData\poy
2014-05-11 19:39 - 2012-11-25 22:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-05-11 13:45 - 2014-05-11 13:45 - 00000000 ____D () C:\ProgramData\qltio
2014-05-11 13:45 - 2014-05-10 13:35 - 00000000 ____D () C:\ProgramData\rqkr
2014-05-10 16:09 - 2014-05-10 16:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-05-10 13:35 - 2014-05-10 13:35 - 00000000 ____D () C:\ProgramData\xghp
2014-05-09 22:16 - 2014-05-09 22:16 - 00000000 ____D () C:\ProgramData\nqappww
2014-05-09 20:50 - 2014-05-09 20:50 - 00000000 ____D () C:\Users\*******\AppData\Local\Brice_Lambson
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\ProgramData\Package Cache
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Image Resizer for Windows
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Program Files\Image Resizer for Windows
2014-05-09 20:49 - 2014-05-09 20:49 - 00000000 ____D () C:\Program Files (x86)\Image Resizer for Windows
2014-05-09 20:47 - 2014-05-09 20:47 - 00629584 _____ (Chip Digital GmbH) C:\Users\*******\Downloads\Image Resizer - CHIP-Downloader.exe
2014-05-09 18:07 - 2014-05-09 18:06 - 00000000 ____D () C:\ProgramData\lrydif
2014-05-09 17:46 - 2014-05-09 17:41 - 71756222 _____ () C:\Users\*******\Downloads\*******_*******.rar
2014-05-09 08:14 - 2014-05-14 23:47 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-14 23:47 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 22:29 - 2014-05-08 22:29 - 00000000 ____D () C:\ProgramData\jrcpru
2014-05-08 19:33 - 2014-05-08 19:33 - 00000000 ____D () C:\ProgramData\djijq
2014-05-07 17:56 - 2014-05-07 17:56 - 00000000 ____D () C:\ProgramData\lrj
2014-05-06 19:22 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\neand
2014-05-06 19:22 - 2014-05-06 19:22 - 00000000 ____D () C:\ProgramData\dsj
2014-05-06 06:40 - 2014-05-14 23:55 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-14 23:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-14 23:55 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-14 23:55 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-14 23:55 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-14 23:55 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-02 20:35 - 2014-05-01 10:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
Some content of TEMP:
====================
C:\Users\*******\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-06-01 16:33
==================== End Of Log ============================ --- --- ---
--- --- --- |