Schumania | 06.07.2014 02:15 | Code:
Malwarebytes Anti-Malware
www.malwarebytes.org
Suchlauf Datum: 06.07.2014
Suchlauf-Zeit: 00:55:43
Logdatei: mbam.txt
Administrator: Ja
Version: 2.00.2.1012
Malware Datenbank: v2014.07.05.10
Rootkit Datenbank: v2014.07.03.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Self-protection: Deaktiviert
Betriebssystem: Windows 7 Service Pack 1
CPU: x86
Dateisystem: NTFS
Benutzer: user
Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 366612
Verstrichene Zeit: 24 Min, 20 Sek
Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Deaktiviert
Heuristics: Aktiviert
PUP: Aktiviert
PUM: Aktiviert
Prozesse: 0
(No malicious items detected)
Module: 0
(No malicious items detected)
Registrierungsschlüssel: 1
PUP.Optional.PriceGong.A, HKU\S-1-5-21-1806344340-3721178228-3502498018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong, In Quarantäne, [d01e02993b404fe755ee884b6c96bc44],
Registrierungswerte: 0
(No malicious items detected)
Registrierungsdaten: 16
PUP.Optional.SnapDo.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}),Ersetzt,[e10da6f57b00d1659ed071192cd89c64]
PUP.Optional.SnapDo.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRaxo67ounJhqib0rXFhtLLIHmXcfrN_YrlKmIMMmL36uP71ylMOLLFSRijAADIFooWZGvDFWAYiDsOvKHqY_2c8_8CIkC4P4gzJISJv-Z4Y6eAz-Ys-P6VImAbP_BCTYcM53mA,,&q={searchTerms}),Ersetzt,[16d8e9b2f685c86eaac5e4a68c7804fc]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[816d534835464de93e98a9ea08fc21df]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[9c52fe9dc2b979bdd007b8db0cf840c0]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1806344340-3721178228-3502498018-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[11dd4a5176053600e28d1c6e32d25ca4]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[6a84f0abe299fb3b11c3355e54b0ef11]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[4ca24e4da6d523136073a6ed7a8a9c64]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[d915ddbe2754c373fadc11820bf9926e]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[8b63d6c5aad120165c7beba858aca15f]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1806344340-3721178228-3502498018-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[32bc45563b40b97dd19e107ac14313ed]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Hl-ZCujvH1WoKfjHXgpQ-ZKB639XT_r4RUsNdIqBgEjvpOc3Mylqcw7XcNgzVPM,, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Hl-ZCujvH1WoKfjHXgpQ-ZKB639XT_r4RUsNdIqBgEjvpOc3Mylqcw7XcNgzVPM,),Ersetzt,[d41a217ae893ac8a6c69068dce364db3]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[d21cbbe06e0d53e34a89fe95dd27fa06]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[5599b0eba0db42f428ac791a17ed9d63]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[e20cfd9ebfbcc5716274f69d0400fa06]
PUP.Optional.Snapdo, HKU\S-1-5-21-1806344340-3721178228-3502498018-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (hxxp://www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[e00e6d2e493271c555827a1956aeab55]
PUP.Optional.SnapDo.A, HKU\S-1-5-21-1806344340-3721178228-3502498018-1006-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHURL|Default, hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}, Gut: (www.google.com), Schlecht: (hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q={searchTerms}),Ersetzt,[eb03514a0c6f270f2946afdb63a128d8]
Ordner: 1
PUP.Optional.Conduit.A, C:\ProgramData\Conduit\IE, In Quarantäne, [12dc3c5f35462f070395b6e3aa58ef11],
Dateien: 11
PUP.Optional.Spigot.A, C:\Users\Andreas\Downloads\camfrog.exe, In Quarantäne, [8b63b5e6e09b86b04bba9794936e34cc],
PUP.Optional.Conduit, C:\Users\Andreas\Downloads\TeamViewer_TSA33QA76.exe, In Quarantäne, [c32b6635bfbc0a2cb7c9e3dbc0443cc4],
PUP.Optional.InstallCore, C:\Users\Andreas\Downloads\UltimateCodec.exe, In Quarantäne, [14dae5b6483385b1ff51123ab84953ad],
PUP.Optional.WebSearch.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2ivn8l1g.default\searchplugins\Web Search.xml, In Quarantäne, [86686a31fa81f244f2fc17b7a45efd03],
PUP.Optional.WebSearch.A, C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\95rx6kfn.default\searchplugins\Web Search.xml, In Quarantäne, [41ad7526a8d3ad891bd3bc12d9297789],
PUP.Optional.SnapDo.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2ivn8l1g.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5GLpt4JYHBoFrDtXteBgXh15cKZbGtHDO8j7gIk2wQbLgNI2mDYIEIaRs6d5WyOw,");), Ersetzt,[bc3253486d0ea88e1bdb92308b79d12f]
PUP.Optional.SnapDo.A, C:\Users\Andreas\AppData\Roaming\Mozilla\Firefox\Profiles\2ivn8l1g.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q=");), Ersetzt,[5698c8d3cead83b3d91e91319074af51]
PUP.Optional.Snapdo.A, C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Preferences, Gut: (), Schlecht: ( "homepage": "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Hl-ZCujvH1WoKfjHXgpQ-ZKB639XT_r4RUsNdIqBgEjvpOc3Mylqcw7XcNgzVPM,",), Ersetzt,[d31ba0fb196282b4b5ef853d50b47f81]
PUP.Optional.SnapDo.A, C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\95rx6kfn.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.newtab.url", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5GLpt4JYHBoFrDtXteBgXh15cKZbGtHDO8j7gIk2wQbLgNI2mDYIEIaRs6d5WyOw,");), Ersetzt,[86685843aecd9c9a4fa706bcbb49857b]
PUP.Optional.SnapDo.A, C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\95rx6kfn.default\prefs.js, Gut: (), Schlecht: (user_pref("keyword.URL", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Et6BspecLnWumbgOWVlmUPxhJEpqLRD1ATDTUXQ3C-HurCbu_wYzOA9jMHp_-80,&q=");), Ersetzt,[9b5352491d5eec4afcfb13afee16c43c]
PUP.Optional.Snapdo.A, C:\Users\Sabine\AppData\Roaming\Mozilla\Firefox\Profiles\95rx6kfn.default\prefs.js, Gut: (), Schlecht: (user_pref("browser.startup.homepage", "hxxp://feed.snapdo.com/?p=mKO_AwFzXIpYRbPGr6JN_C9Okvk3V9BHMT-IkVs3ZQQWnWE23Qik11mFwB7WTYnaVdQO2kd50qAix741KJqWx_35UIjtxv1izJP6vTIcRC1_wLrckH5p2uF9DmfVocHjBVkksZX5Hl-ZCujvH1WoKfjHXgpQ-ZKB639XT_r4RUsNdIqBgEjvpOc3Mylqcw7XcNgzVPM,");), Ersetzt,[48a675261c5f9a9c53f513b0689c55ab]
Physische Sektoren: 0
(No malicious items detected)
(end) Code:
# AdwCleaner v3.214 - Bericht erstellt am 06/07/2014 um 02:14:00
# Aktualisiert 29/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzername : user - SCHUMI-VAIO
# Gestartet von : C:\Users\user\Desktop\adwcleaner_3.214.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Conduit
Ordner Gelöscht : C:\ProgramData\Kaspersky Lab\SafeBrowser
Ordner Gelöscht : C:\Windows\system32\SearchProtect
Ordner Gelöscht : C:\users\user\AppData\Local\NativeMessaging
Ordner Gelöscht : C:\users\user\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\users\user\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Ordner Gelöscht : C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
Ordner Gelöscht : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
Verknüpfung Desinfiziert : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programme\Search.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5DB0A8CD-6B59-4227-97CC-EFEA547A6136}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5DB0A8CD-6B59-4227-97CC-EFEA547A6136}
[#] Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1EC9510D-A439-4950-9399-B6399EDF9EA7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\smartbar_rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3317892
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
-\\ Mozilla Firefox v30.0 (de)
[ Datei : C:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\biqofvfm.default-1400897853959\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Andreas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[ Datei : C:\Users\Sabine\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
Gelöscht [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Gelöscht [Extension] : flpcjncodpafbgdpnkljologafpionhb
[ Datei : C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Extension] : blbkdnmdcafmfhinpmnlhhddbepgkeaa
*************************
AdwCleaner[R0].txt - [4889 octets] - [06/07/2014 02:08:16]
AdwCleaner[S0].txt - [4338 octets] - [06/07/2014 02:14:00]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4398 octets] ########## Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x86
Ran by user on 06.07.2014 at 2:45:08,11
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files\myfree codec"
~~~ FireFox
Emptied folder: C:\Users\user\AppData\Roaming\mozilla\firefox\profiles\biqofvfm.default-1400897853959\minidumps [4 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.07.2014 at 2:50:43,71
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile:
FRST Logfile: Code:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:01-07-2014
Ran by user (administrator) on SCHUMI-VAIO on 06-07-2014 02:51:36
Running from C:\Users\user\Desktop
Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Teruten) C:\Windows\System32\FsUsbExService.Exe
(Garmin Ltd or its subsidiaries) C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(DEVGURU Co., LTD.) C:\Program Files\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [167936 2012-09-03] (Alps Electric Co., Ltd.)
HKLM\...\Run: [vdultimate_firefox] => C:\ProgramData\VideoDownloaderUltimate\Firefox\vdultimate.exe [954368 2014-03-20] (Link64 GmbH)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\System32\LogiLDA.dll [1425208 2012-09-20] (Logitech, Inc.)
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] - rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1806344340-3721178228-3502498018-1000\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-1806344340-3721178228-3502498018-1000\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\Users\Andreas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean.exe
GroupPolicyUsers\S-1-5-21-1806344340-3721178228-3502498018-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-1806344340-3721178228-3502498018-1004\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
ProxyServer: localhost:21320
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF68C6225F388CF01
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {A1BD49DC-EFF7-4B2A-A983-4CEA6A90107D} URL = https://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll No File
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
FireFox:
========
FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\biqofvfm.default-1400897853959
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin: @java.com/DTPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeLive,version=1.5 - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @videolan.org/vlc,version=2.1.0 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\user\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM\...\Firefox\Extensions: [virtualKeyboard@kaspersky.ru] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\FFExt\virtualKeyboard@kaspersky.ru
FF HKLM\...\Firefox\Extensions: - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\url_advisor@kaspersky.com [2013-10-19]
FF HKLM\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2013-10-19]
FF HKLM\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com [2013-10-19]
FF HKLM\...\Firefox\Extensions: [vdultimate@link64] - C:\ProgramData\VideoDownloaderUltimate\Firefox\videodownloaderultimate.xpi
FF Extension: Youtube and more - Video Downloader Ultimate - C:\ProgramData\VideoDownloaderUltimate\Firefox\videodownloaderultimate.xpi [2014-03-20]
Chrome:
=======
CHR HomePage: https://chrome.google.com/webstore/launcher
CHR StartupUrls: "hxxp://www.google.de/"
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.4.600\_platform_specific\win_x86\widevinecdmadapter.dll ()
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\35.0.1916.153\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 7.0.550.14) - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U55) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (NVIDIA 3D Vision) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
CHR Plugin: (NVIDIA 3D VISION) - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Users\user\AppData\Local\Google\Update\1.3.24.7\npGoogleUpdate3.dll No File
CHR Plugin: (Google Talk Plugin) - C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
CHR Plugin: (Google Talk Plugin Video Renderer) - C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (HD for YouTube™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\akjbfncbadcmnkopckegnmjgihagponf [2014-06-19]
CHR Extension: (No Name) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25]
CHR Extension: (Google Cast) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2014-06-19]
CHR Extension: (vGet Cast (DLNA Controller)) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekdjofnchpbfmnfbedalmbdlhbabiapi [2014-06-19]
CHR Extension: (VNC Viewer for Google Chrome™) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\iabmpiboiopbgfabjmgeedhcmjenhbla [2014-06-19]
CHR Extension: (Video-Chat Vanilla Show) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgaehlpildddphihhaghbgijfebbbaeo [2014-06-19]
CHR Extension: (Google Wallet) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-27]
CHR Extension: (Google Chrome to Phone Extension) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco [2014-06-19]
CHR Extension: (Black & Gray) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\opngpggidjbhmmlapgcmcedfgblofagi [2014-06-26]
CHR HKLM\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx [2013-08-14]
CHR HKLM\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2012\ChromeExt\ab.crx [2013-08-14]
========================== Services (Whitelisted) =================
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe [401800 2013-12-21] (Samsung) [File not signed]
S2 avp; C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe [214512 2013-10-19] (Kaspersky Lab ZAO)
R2 FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [233472 2013-07-18] (Teruten) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [310272 2012-06-01] (Microsoft Corporation)
R2 Garmin Core Update Service; C:\Program Files\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [435032 2014-06-09] (Garmin Ltd or its subsidiaries)
R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [573280 2014-05-19] (Copyright 2013 SAMSUNG)
S3 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 ss_conn_service; C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe [741640 2014-05-13] (DEVGURU Co., LTD.)
S2 STacSV; C:\Windows\system32\stacsv.exe [94208 2012-08-25] (SigmaTel, Inc.)
==================== Drivers (Whitelisted) ====================
S3 AF15BDA; C:\Windows\System32\DRIVERS\AF15BDA.sys [300544 2007-03-20] (AfaTech )
R3 FsUsbExDisk; C:\Windows\system32\FsUsbExDisk.SYS [37344 2013-07-18] () [File not signed]
R0 KL1; C:\Windows\System32\DRIVERS\kl1.sys [135776 2013-11-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [94304 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [576608 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [25696 2013-10-19] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [25184 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [25696 2013-10-19] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [14432 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [45024 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [144992 2013-12-19] (Kaspersky Lab ZAO)
S3 ManyCam; C:\Windows\System32\DRIVERS\mcvidrv.sys [40736 2013-11-27] (Visicom Media Inc.)
S3 mcaudrv_simple; C:\Windows\System32\drivers\mcaudrv.sys [29728 2013-12-06] (Visicom Media Inc.)
S3 ss_conn_usb_driver; C:\Windows\System32\Drivers\ss_conn_usb_driver.sys [23296 2014-05-13] (DEVGURU Co., LTD.)
S3 STHDA; C:\Windows\System32\drivers\stwrt.sys [326656 2012-08-25] (SigmaTel, Inc.)
R3 ti21sony; C:\Windows\System32\drivers\ti21sony.sys [812544 2012-08-24] (Texas Instruments)
S3 usbrndis6; C:\Windows\System32\DRIVERS\usb80236.sys [15872 2013-02-12] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [20992 2009-07-14] (Microsoft Corporation)
S3 catchme; \??\C:\Users\user\AppData\Local\Temp\catchme.sys [X]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-06 02:50 - 2014-07-06 02:50 - 00000834 _____ () C:\Users\user\Desktop\JRT.txt
2014-07-06 02:45 - 2014-07-06 02:45 - 00000000 ____D () C:\Windows\ERUNT
2014-07-06 02:43 - 2014-07-06 02:43 - 00004478 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-07-06 02:07 - 2014-07-06 02:14 - 00000000 ___DC () C:\AdwCleaner
2014-07-06 02:05 - 2014-07-06 02:05 - 00016189 _____ () C:\Users\user\Desktop\mbam.txt
2014-07-06 00:54 - 2014-07-06 02:02 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 00:53 - 2014-07-06 00:53 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 00:53 - 2014-07-06 00:53 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2014-07-06 00:53 - 2014-07-06 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 00:53 - 2014-07-06 00:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 00:53 - 2014-05-12 07:26 - 00051928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-07-06 00:53 - 2014-05-12 07:25 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-07-06 00:53 - 2014-05-12 07:25 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-07-06 00:40 - 2014-07-06 00:41 - 00002080 _____ () C:\Users\user\Desktop\Neues Textdokument (2).txt
2014-07-06 00:40 - 2014-07-06 00:40 - 01016261 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2014-07-06 00:39 - 2014-07-06 00:39 - 01346519 _____ () C:\Users\user\Desktop\adwcleaner_3.214.exe
2014-07-06 00:38 - 2014-07-06 00:39 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-06 00:37 - 2014-07-06 00:37 - 00060290 _____ () C:\Users\user\Desktop\Anleitung Malwarebytes Anti-Malware - Trojaner-Board.htm
2014-07-05 12:26 - 2014-07-06 02:40 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-07-05 10:23 - 2014-07-05 10:23 - 00021396 ____C () C:\ComboFix.txt
2014-07-03 23:16 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-07-03 23:16 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-07-03 23:16 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-07-03 23:16 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-07-03 23:16 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-07-03 23:16 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-07-03 23:16 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-07-03 23:16 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-07-03 23:15 - 2014-07-05 10:23 - 00000000 ___DC () C:\Qoobox
2014-07-03 23:14 - 2014-07-05 10:20 - 00000000 ____D () C:\Windows\erdnt
2014-07-03 23:10 - 2014-07-03 23:12 - 05213907 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-07-03 21:02 - 2014-07-03 21:02 - 00006516 _____ () C:\Users\user\Desktop\Gmer.txt
2014-07-03 18:52 - 2014-07-03 18:52 - 300952539 _____ () C:\Windows\MEMORY.DMP
2014-07-03 18:52 - 2014-07-03 18:52 - 00174960 _____ () C:\Windows\Minidump\070314-58968-01.dmp
2014-07-03 18:40 - 2014-07-03 18:40 - 00380416 _____ () C:\Users\user\Desktop\dp6h7y2w.exe
2014-07-03 17:17 - 2014-07-03 17:17 - 00000897 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-07-03 17:11 - 2014-07-03 17:13 - 00042981 _____ () C:\Users\user\Desktop\Addition.txt
2014-07-03 17:09 - 2014-07-06 02:51 - 00018865 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-03 17:08 - 2014-07-06 02:51 - 00000000 ___DC () C:\FRST
2014-07-03 17:07 - 2014-07-03 21:18 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-07-03 17:07 - 2014-07-03 17:07 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-07-03 17:03 - 2014-07-03 17:03 - 00380416 _____ () C:\Users\user\Desktop\Gmer-19357.exe
2014-07-03 17:01 - 2014-07-03 17:01 - 01073664 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-07-03 17:01 - 2014-07-03 17:01 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe
2014-07-03 17:00 - 2014-07-03 17:00 - 00051776 _____ () C:\Users\user\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
2014-07-03 15:42 - 2014-07-03 15:42 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-07-03 14:18 - 2014-07-06 02:39 - 00000594 _____ () C:\Windows\setupact.log
2014-07-03 14:18 - 2014-07-03 14:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-06-26 03:28 - 2014-06-26 03:28 - 00002261 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk
2014-06-26 03:28 - 2014-06-26 03:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 22:44 - 2014-06-25 22:44 - 00002164 _____ () C:\Users\user\Desktop\Samsung Link.lnk
2014-06-24 17:53 - 2014-06-24 17:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-24 17:35 - 2014-06-24 17:37 - 86530912 _____ (Copyright 2013 SAMSUNG) C:\Users\user\Downloads\SamsungLink_Installer32.exe
2014-06-24 16:19 - 2014-07-03 23:09 - 00000000 ___RD () C:\Users\user\Dropbox
2014-06-24 16:19 - 2014-06-24 16:19 - 00001386 _____ () C:\Users\user\Desktop\Dropbox.lnk
2014-06-24 16:16 - 2014-07-03 22:03 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster
2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-24 16:11 - 2014-06-24 16:11 - 00318944 _____ (Dropbox, Inc.) C:\Users\user\Downloads\DropboxInstaller(1).exe
2014-06-20 07:11 - 2014-06-20 07:11 - 00000000 ___DC () C:\Program Files\MSECache
2014-06-20 04:14 - 2014-06-20 04:14 - 00088143 _____ () C:\Users\user\Downloads\collectionCache.bnk
2014-06-20 02:06 - 2014-06-20 02:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dojotech Software
2014-06-20 01:47 - 2014-06-20 01:47 - 00000000 ____H () C:\Users\user\Documents\Default.rdp
2014-06-20 00:25 - 2014-06-20 00:25 - 00002637 _____ () C:\Users\Public\Desktop\Dojotech Spotify Recorder.lnk
2014-06-20 00:25 - 2014-06-20 00:25 - 00000000 ___DC () C:\Program Files\Dojotech Software
2014-06-20 00:25 - 2014-06-20 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dojotech Software
2014-06-20 00:12 - 2014-06-21 18:24 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-20 00:12 - 2014-06-20 02:49 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-06-20 00:12 - 2014-06-20 00:12 - 00001803 _____ () C:\Users\user\Desktop\Spotify.lnk
2014-06-20 00:12 - 2014-06-20 00:12 - 00001789 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-20 00:11 - 2014-06-20 00:11 - 00126112 _____ (Spotify Ltd) C:\Users\user\Downloads\SpotifySetup.exe
2014-06-18 22:19 - 2014-06-18 22:19 - 00001115 _____ () C:\Users\Public\Desktop\SideSync 3.0.lnk
2014-06-18 22:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-06-18 22:13 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-06-18 22:13 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-06-18 22:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-06-18 22:13 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-06-18 22:13 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-06-18 22:13 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-06-18 22:13 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-06-18 22:13 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-06-18 22:13 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-06-18 22:13 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-06-18 22:13 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-06-18 22:13 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-06-18 22:13 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-06-18 22:13 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-06-18 22:13 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-06-18 22:13 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-06-18 22:13 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-06-18 22:13 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-06-18 22:13 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-06-18 22:13 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-06-18 22:13 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-06-18 22:13 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-06-18 22:13 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-06-18 22:13 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-06-18 22:13 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-06-18 22:13 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-06-18 22:13 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-06-18 22:13 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-06-18 22:13 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-06-18 22:13 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-06-18 22:13 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-06-18 22:13 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-06-18 22:13 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-06-18 22:13 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-06-18 22:13 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-06-18 22:13 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-06-18 22:13 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-06-18 22:13 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-06-18 22:13 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-06-18 22:13 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-06-18 22:13 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-06-18 22:13 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-06-18 22:13 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-06-18 22:13 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-06-18 22:13 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-06-18 22:13 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-06-18 22:13 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-06-18 22:13 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-06-18 22:13 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-06-18 22:13 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-06-18 22:13 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-06-18 22:13 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-06-18 22:12 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-06-18 22:12 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-06-18 22:12 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-06-18 22:12 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-06-18 22:12 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-06-18 22:12 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-06-18 22:12 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-06-18 22:12 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-06-18 22:12 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-06-18 22:12 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-06-18 22:12 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-06-18 22:12 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-06-18 22:12 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-06-18 22:12 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-06-18 22:12 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-06-18 22:12 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-06-18 22:12 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-06-18 22:12 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-06-18 22:12 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-06-18 22:12 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-06-18 22:12 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-06-18 22:12 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-06-18 22:12 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-06-18 22:12 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-06-18 22:12 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-06-18 22:12 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-06-18 22:12 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-06-18 22:12 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-06-18 22:12 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-06-18 22:12 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-06-18 22:07 - 2014-06-18 22:13 - 00000000 ____D () C:\Windows\system32\directx
2014-06-18 22:07 - 2014-06-18 22:09 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-18 22:06 - 2014-05-13 06:09 - 00184192 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudmdm.sys
2014-06-18 22:06 - 2014-05-13 06:09 - 00089856 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\Windows\system32\Drivers\ssudbus.sys
2014-06-18 22:06 - 2014-05-13 06:09 - 00023296 _____ (DEVGURU Co., LTD.) C:\Windows\system32\Drivers\ss_conn_usb_driver.sys
2014-06-18 21:42 - 2014-06-18 21:42 - 38300512 _____ (Samsung) C:\Users\Andreas\Downloads\SideSync_3.0.2.546_signed.exe
2014-06-14 06:38 - 2014-06-14 06:38 - 02077392 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\IE11-Windows6.1.exe
2014-06-14 06:14 - 2014-06-14 06:14 - 00985600 _____ () C:\Users\Andreas\Downloads\MicrosoftFixit50123.msi
2014-06-14 06:09 - 2014-06-14 06:09 - 09699328 _____ () C:\Users\Andreas\Downloads\MicrosoftCameraCodecPack-x86.msi
2014-06-14 05:49 - 2014-06-14 05:49 - 01245384 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\wlsetup-web.exe
2014-06-14 03:45 - 2014-06-14 03:45 - 00000000 ____D () C:\Users\Andreas\Documents\Microsoft Hardware
2014-06-14 03:06 - 2014-06-14 03:06 - 09974912 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\FF2014 deDE.exe
2014-06-13 23:40 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-13 23:40 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-13 23:40 - 2014-05-30 11:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-13 23:40 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-13 23:40 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-13 23:40 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-13 23:40 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-13 23:40 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-13 23:40 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-13 23:40 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-13 23:40 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-13 23:40 - 2014-05-30 10:28 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-13 23:40 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-13 23:40 - 2014-05-30 10:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-13 23:40 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-13 23:40 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-13 23:40 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-13 23:40 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-13 23:40 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-13 23:40 - 2014-05-30 09:57 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-13 23:40 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-13 23:40 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-13 23:40 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-13 23:40 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-13 23:40 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-13 23:40 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-13 23:40 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-13 23:40 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-13 23:39 - 2014-06-08 10:48 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-13 23:39 - 2014-06-08 10:43 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-13 23:39 - 2014-04-05 04:25 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-13 23:39 - 2014-04-05 04:24 - 00187840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-13 23:39 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-13 23:39 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-13 23:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-13 23:39 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-13 23:38 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-06-12 23:16 - 2014-06-12 23:16 - 00001870 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-06-12 23:16 - 2014-06-12 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-12 23:12 - 2014-05-08 11:06 - 02742784 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-06-12 23:12 - 2014-05-08 11:06 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-06-06 06:01 - 2014-06-06 06:01 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Logitech® Webcam-Software
2014-06-06 05:30 - 2014-06-06 05:30 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps
2014-06-06 02:16 - 2014-06-06 02:16 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-06 02:14 - 2014-06-06 02:14 - 00002161 _____ () C:\Users\user\Desktop\Avira PC Cleaner.lnk
==================== One Month Modified Files and Folders =======
2014-07-06 02:52 - 2014-07-03 17:09 - 00018865 _____ () C:\Users\user\Desktop\FRST.txt
2014-07-06 02:51 - 2014-07-03 17:08 - 00000000 ___DC () C:\FRST
2014-07-06 02:50 - 2014-07-06 02:50 - 00000834 _____ () C:\Users\user\Desktop\JRT.txt
2014-07-06 02:49 - 2009-07-14 06:34 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-06 02:49 - 2009-07-14 06:34 - 00015152 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-06 02:45 - 2014-07-06 02:45 - 00000000 ____D () C:\Windows\ERUNT
2014-07-06 02:43 - 2014-07-06 02:43 - 00004478 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-07-06 02:40 - 2014-07-05 12:26 - 00000374 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-07-06 02:40 - 2013-07-19 01:22 - 00001090 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-06 02:40 - 2012-08-24 13:12 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-06 02:39 - 2014-07-03 14:18 - 00000594 _____ () C:\Windows\setupact.log
2014-07-06 02:39 - 2013-12-14 21:32 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-06 02:39 - 2012-08-23 20:54 - 00155888 _____ () C:\Windows\PFRO.log
2014-07-06 02:39 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-06 02:37 - 2012-08-22 21:48 - 01606858 _____ () C:\Windows\WindowsUpdate.log
2014-07-06 02:25 - 2013-07-19 01:22 - 00001094 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-06 02:14 - 2014-07-06 02:07 - 00000000 ___DC () C:\AdwCleaner
2014-07-06 02:14 - 2014-04-17 00:21 - 00001250 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-07-06 02:05 - 2014-07-06 02:05 - 00016189 _____ () C:\Users\user\Desktop\mbam.txt
2014-07-06 02:02 - 2014-07-06 00:54 - 00110296 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-07-06 01:58 - 2014-04-09 11:23 - 00001116 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1806344340-3721178228-3502498018-1000UA.job
2014-07-06 01:39 - 2012-08-25 03:38 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-07-06 01:22 - 2009-07-14 06:52 - 00000000 ____D () C:\Windows\Performance
2014-07-06 00:58 - 2014-04-09 11:23 - 00001064 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1806344340-3721178228-3502498018-1000Core.job
2014-07-06 00:53 - 2014-07-06 00:53 - 00001076 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-07-06 00:53 - 2014-07-06 00:53 - 00000000 ___DC () C:\Program Files\Malwarebytes Anti-Malware
2014-07-06 00:53 - 2014-07-06 00:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-06 00:53 - 2014-07-06 00:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-06 00:41 - 2014-07-06 00:40 - 00002080 _____ () C:\Users\user\Desktop\Neues Textdokument (2).txt
2014-07-06 00:40 - 2014-07-06 00:40 - 01016261 _____ (Thisisu) C:\Users\user\Desktop\JRT.exe
2014-07-06 00:40 - 2012-08-25 03:17 - 00000000 ____D () C:\Users\user\Downloads\Andreas
2014-07-06 00:39 - 2014-07-06 00:39 - 01346519 _____ () C:\Users\user\Desktop\adwcleaner_3.214.exe
2014-07-06 00:39 - 2014-07-06 00:38 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Desktop\mbam-setup-2.0.2.1012.exe
2014-07-06 00:37 - 2014-07-06 00:37 - 00060290 _____ () C:\Users\user\Desktop\Anleitung Malwarebytes Anti-Malware - Trojaner-Board.htm
2014-07-05 10:23 - 2014-07-05 10:23 - 00021396 ____C () C:\ComboFix.txt
2014-07-05 10:23 - 2014-07-03 23:15 - 00000000 ___DC () C:\Qoobox
2014-07-05 10:23 - 2009-07-14 04:37 - 00000000 ___RD () C:\Users\Public
2014-07-05 10:20 - 2014-07-03 23:14 - 00000000 ____D () C:\Windows\erdnt
2014-07-05 10:15 - 2009-07-14 04:04 - 00000215 ____C () C:\Windows\system.ini
2014-07-05 09:20 - 2014-01-06 04:21 - 00000000 ____D () C:\ProgramData\Temp
2014-07-03 23:12 - 2014-07-03 23:10 - 05213907 ____R (Swearware) C:\Users\user\Desktop\ComboFix.exe
2014-07-03 23:09 - 2014-06-24 16:19 - 00000000 ___RD () C:\Users\user\Dropbox
2014-07-03 22:03 - 2014-06-24 16:16 - 00000000 ____D () C:\Users\user\AppData\Roaming\DropboxMaster
2014-07-03 22:03 - 2014-03-05 13:34 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dropbox
2014-07-03 21:18 - 2014-07-03 17:07 - 00000470 _____ () C:\Users\user\Desktop\defogger_disable.log
2014-07-03 21:02 - 2014-07-03 21:02 - 00006516 _____ () C:\Users\user\Desktop\Gmer.txt
2014-07-03 18:52 - 2014-07-03 18:52 - 300952539 _____ () C:\Windows\MEMORY.DMP
2014-07-03 18:52 - 2014-07-03 18:52 - 00174960 _____ () C:\Windows\Minidump\070314-58968-01.dmp
2014-07-03 18:52 - 2014-01-06 05:14 - 00000000 ____D () C:\Windows\Minidump
2014-07-03 18:40 - 2014-07-03 18:40 - 00380416 _____ () C:\Users\user\Desktop\dp6h7y2w.exe
2014-07-03 17:17 - 2014-07-03 17:17 - 00000897 _____ () C:\Users\user\Desktop\Neues Textdokument.txt
2014-07-03 17:13 - 2014-07-03 17:11 - 00042981 _____ () C:\Users\user\Desktop\Addition.txt
2014-07-03 17:07 - 2014-07-03 17:07 - 00000000 _____ () C:\Users\user\defogger_reenable
2014-07-03 17:03 - 2014-07-03 17:03 - 00380416 _____ () C:\Users\user\Desktop\Gmer-19357.exe
2014-07-03 17:01 - 2014-07-03 17:01 - 01073664 _____ (Farbar) C:\Users\user\Desktop\FRST.exe
2014-07-03 17:01 - 2014-07-03 17:01 - 00050477 _____ () C:\Users\user\Desktop\Defogger.exe
2014-07-03 17:00 - 2014-07-03 17:00 - 00051776 _____ () C:\Users\user\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.htm
2014-07-03 15:42 - 2014-07-03 15:42 - 00000000 ____D () C:\Users\user\AppData\Local\Adobe
2014-07-03 15:07 - 2014-03-17 05:24 - 00000000 ____D () C:\Users\user\Desktop\The.Wolf.of.Wall.Street.DVDSCR.L
2014-07-03 14:20 - 2012-12-12 01:57 - 00100864 ___SH () C:\Users\user\Desktop\Thumbs.db
2014-07-03 14:18 - 2014-07-03 14:18 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-02 05:23 - 2012-08-22 21:56 - 01628044 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-02 04:03 - 2014-05-09 01:02 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Windows Live
2014-07-02 03:16 - 2014-05-18 02:18 - 00000000 ____D () C:\Users\Andreas\Desktop\Neues Verzeichnis
2014-07-02 02:51 - 2014-05-17 23:39 - 00000000 ____D () C:\Users\Andreas\Desktop\Sicherung Galaxy S3 Gerätespeicher komplett 17.05.20014
2014-07-02 01:25 - 2012-08-25 03:38 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-07-02 01:25 - 2012-08-25 03:38 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-06-26 05:40 - 2012-09-15 01:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\vlc
2014-06-26 03:28 - 2014-06-26 03:28 - 00002261 _____ () C:\Users\user\Desktop\Chrome App Launcher.lnk
2014-06-26 03:28 - 2014-06-26 03:28 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-06-25 22:44 - 2014-06-25 22:44 - 00002164 _____ () C:\Users\user\Desktop\Samsung Link.lnk
2014-06-24 19:14 - 2014-05-24 03:26 - 00006144 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-06-24 17:53 - 2014-06-24 17:53 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-24 17:53 - 2013-02-01 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-06-24 17:37 - 2014-06-24 17:35 - 86530912 _____ (Copyright 2013 SAMSUNG) C:\Users\user\Downloads\SamsungLink_Installer32.exe
2014-06-24 16:19 - 2014-06-24 16:19 - 00001386 _____ () C:\Users\user\Desktop\Dropbox.lnk
2014-06-24 16:15 - 2014-06-24 16:15 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-06-24 16:11 - 2014-06-24 16:11 - 00318944 _____ (Dropbox, Inc.) C:\Users\user\Downloads\DropboxInstaller(1).exe
2014-06-21 18:24 - 2014-06-20 00:12 - 00000000 ____D () C:\Users\user\AppData\Roaming\Spotify
2014-06-21 08:22 - 2012-09-22 00:36 - 00007643 _____ () C:\Users\user\AppData\Local\resmon.resmoncfg
2014-06-21 06:24 - 2013-07-17 09:49 - 00000000 ____D () C:\Users\user\AppData\Local\Windows Live
2014-06-21 05:57 - 2013-06-27 02:55 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-06-20 07:55 - 2014-02-24 04:07 - 00301056 ___SH () C:\Users\Andreas\Downloads\Thumbs.db
2014-06-20 07:50 - 2013-02-01 15:11 - 00000000 ____D () C:\Users\user\AppData\Roaming\Samsung
2014-06-20 07:11 - 2014-06-20 07:11 - 00000000 ___DC () C:\Program Files\MSECache
2014-06-20 04:14 - 2014-06-20 04:14 - 00088143 _____ () C:\Users\user\Downloads\collectionCache.bnk
2014-06-20 02:49 - 2014-06-20 00:12 - 00000000 ____D () C:\Users\user\AppData\Local\Spotify
2014-06-20 02:06 - 2014-06-20 02:06 - 00000000 ____D () C:\Users\user\AppData\Roaming\Dojotech Software
2014-06-20 01:47 - 2014-06-20 01:47 - 00000000 ____H () C:\Users\user\Documents\Default.rdp
2014-06-20 01:36 - 2014-01-07 19:19 - 00000000 ___RD () C:\Users\Andreas\Desktop\Bilder Canon aktuell
2014-06-20 00:25 - 2014-06-20 00:25 - 00002637 _____ () C:\Users\Public\Desktop\Dojotech Spotify Recorder.lnk
2014-06-20 00:25 - 2014-06-20 00:25 - 00000000 ___DC () C:\Program Files\Dojotech Software
2014-06-20 00:25 - 2014-06-20 00:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dojotech Software
2014-06-20 00:12 - 2014-06-20 00:12 - 00001803 _____ () C:\Users\user\Desktop\Spotify.lnk
2014-06-20 00:12 - 2014-06-20 00:12 - 00001789 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-06-20 00:11 - 2014-06-20 00:11 - 00126112 _____ (Spotify Ltd) C:\Users\user\Downloads\SpotifySetup.exe
2014-06-19 21:20 - 2014-06-04 02:45 - 00008652 _____ () C:\Windows\system32\lvcoinst.log
2014-06-19 21:19 - 2012-08-22 21:51 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-06-19 06:52 - 2013-07-18 01:26 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Skype
2014-06-18 22:20 - 2014-03-07 19:29 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\SAMSUNG
2014-06-18 22:19 - 2014-06-18 22:19 - 00001115 _____ () C:\Users\Public\Desktop\SideSync 3.0.lnk
2014-06-18 22:13 - 2014-06-18 22:07 - 00000000 ____D () C:\Windows\system32\directx
2014-06-18 22:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-06-18 22:09 - 2014-06-18 22:07 - 00000000 ___HD () C:\Windows\msdownld.tmp
2014-06-18 22:07 - 2013-02-01 15:44 - 00000000 ____D () C:\temp
2014-06-18 21:51 - 2014-03-31 17:41 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-06-18 21:51 - 2013-10-25 11:07 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-06-18 21:45 - 2014-02-08 15:54 - 00000000 ____D () C:\ProgramData\Package Cache
2014-06-18 21:45 - 2013-02-01 15:02 - 00000000 ____D () C:\Program Files\Samsung
2014-06-18 21:43 - 2014-03-05 13:36 - 00000000 ___RD () C:\Users\Andreas\Dropbox
2014-06-18 21:42 - 2014-06-18 21:42 - 38300512 _____ (Samsung) C:\Users\Andreas\Downloads\SideSync_3.0.2.546_signed.exe
2014-06-18 21:18 - 2014-04-16 23:59 - 00040960 ___SH () C:\Users\Andreas\Desktop\Thumbs.db
2014-06-18 20:24 - 2014-03-05 13:31 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\Dropbox
2014-06-18 19:40 - 2014-03-05 13:34 - 00000000 ____D () C:\Users\Andreas\AppData\Roaming\DropboxMaster
2014-06-16 01:22 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-15 14:13 - 2014-02-07 17:28 - 00000000 ____D () C:\Users\Andreas\Desktop\Kontoauszüge DiBa 2014
2014-06-15 01:05 - 2014-05-09 14:23 - 00000000 ____D () C:\Users\Andreas\Desktop\Kreditanträge 2014
2014-06-14 20:52 - 2013-08-07 18:46 - 00000000 ____D () C:\Users\user\AppData\Roaming\Mozilla
2014-06-14 20:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-06-14 08:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-06-14 07:30 - 2014-05-08 01:19 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-06-14 06:38 - 2014-06-14 06:38 - 02077392 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\IE11-Windows6.1.exe
2014-06-14 06:14 - 2014-06-14 06:14 - 00985600 _____ () C:\Users\Andreas\Downloads\MicrosoftFixit50123.msi
2014-06-14 06:09 - 2014-06-14 06:09 - 09699328 _____ () C:\Users\Andreas\Downloads\MicrosoftCameraCodecPack-x86.msi
2014-06-14 05:49 - 2014-06-14 05:49 - 01245384 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\wlsetup-web.exe
2014-06-14 03:45 - 2014-06-14 03:45 - 00000000 ____D () C:\Users\Andreas\Documents\Microsoft Hardware
2014-06-14 03:06 - 2014-06-14 03:06 - 09974912 _____ (Microsoft Corporation) C:\Users\Andreas\Downloads\FF2014 deDE.exe
2014-06-13 05:46 - 2012-08-24 11:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-06-13 05:45 - 2013-07-17 08:18 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-13 05:40 - 2012-08-23 21:46 - 92708840 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-13 04:21 - 2013-07-19 01:23 - 00002133 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Garmin
2014-06-12 23:17 - 2014-06-12 23:17 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Garmin
2014-06-12 23:16 - 2014-06-12 23:16 - 00001870 _____ () C:\Users\Public\Desktop\Garmin Express.lnk
2014-06-12 23:16 - 2014-06-12 23:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2014-06-12 23:16 - 2014-02-08 15:55 - 00000000 ____D () C:\ProgramData\Garmin
2014-06-12 23:16 - 2014-02-08 15:54 - 00000000 ____D () C:\Program Files\Garmin
2014-06-08 10:48 - 2014-06-13 23:39 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-06-08 10:43 - 2014-06-13 23:39 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-06-06 06:01 - 2014-06-06 06:01 - 00000000 ____D () C:\Users\Andreas\AppData\Local\Logitech® Webcam-Software
2014-06-06 05:30 - 2014-06-06 05:30 - 00000000 ____D () C:\Users\user\Documents\ProcAlyzer Dumps
2014-06-06 05:29 - 2014-04-08 07:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-06-06 02:16 - 2014-06-06 02:16 - 00000000 ____D () C:\Program Files\Common Files\Skype
2014-06-06 02:16 - 2014-04-21 12:14 - 00000000 ___RD () C:\Program Files\Skype
2014-06-06 02:16 - 2013-06-27 02:55 - 00000000 ____D () C:\ProgramData\Skype
2014-06-06 02:14 - 2014-06-06 02:14 - 00002161 _____ () C:\Users\user\Desktop\Avira PC Cleaner.lnk
2014-06-06 01:52 - 2014-04-08 07:36 - 00002161 _____ () C:\Users\Andreas\Desktop\Avira PC Cleaner.lnk
2014-06-06 01:52 - 2014-04-08 06:58 - 00002217 _____ () C:\Users\Andreas\Desktop\Entfernen des Avira PC Cleaners.lnk
Some content of TEMP:
====================
C:\Users\user\AppData\Local\temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-06-20 13:13
==================== End Of Log ============================ --- --- ---
--- --- --- |